Before, installation of DVWA we need to know what is DVWA and why we use DVWA?
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
What We Need For DVWA Installation
we will use database because this application requires a database reason is some of the vulnerability reated to database. so we will use MySQL database and finally like i told you preveiously we will running this application on localserver.
That’s why we need to run a localserver in my system, we use for this Apache server.
the first step to do to install dvwa is to download the files fo that i open a web-browser and type ‘dvwa git’ i will download dvwa from Git, but you also download directly from its official site in download section that is http://www.dvwa.co.uk/
Now, before start download i switch directory to ‘var/www/html/’ because for a web aplication to run all the files should be present in
and then type,
$ git clone https://github.com/digininja/DVWA.git
if it shows permission denied then use ‘sudo’ before the command ,
now run the ‘ls’ command you will see ‘DVWA’ directory here
now run the ‘ls’ command you will see that ‘DVWA’ directory here then give all the permission to this complete directory
use command, if it shows permission denied then use ‘sudo’ before the command
$ chmod -R 777 DVWA/
Now we set this application to run properly go into this directory ‘DVWA/config/’ you will see a file ‘config.inc.php.dist’
this file is the default values or default configuration , i am copying of this file and name ‘config.inc.php’
keep in mind the extension should be php, the reson of copying this file that in future you make then you always copy of default values or files
Now i will use nano editor to make changes in this configuration file, you also use any editor like vim etc ,i am changing the user is ‘user’ and password is ‘pass’ you use any name and any password but make sure same username and password you need to create a database then save and exit for save ‘ctrl+o’ and exit is ‘ctrl+x’
next step is I am configure the database, for configure the database we need start the service
$ sudo service mysql start
if there are no error that means service succesfully started
now login to mysql
$ sudo mysql -u root -p
i will choosing the username root(in your case different name of your super user you use it) , i am not given’t any password therefore we enter
Now, to set up database of dvwa, first thing you do to create a new user
Use this command,
create user ‘YourUsername’@’127.0.0.1’ identified by ‘pass’;
Rembember the username and password is smae as that we enter in configuration file of dvwa application 127.0.0.1 is an loopback address which mean the web application will running on local server,
now user is created,, the next step is grant this user all the preveliges over the database
grant all privileges on dvwa.* to ‘user’@’127.0.0.1’ identified by ‘pass’;
now exit the database and clear the screen
the web application is configured, the database is configured , next step is to do configure the server,
for configure the server we need to start the server
$ server apache2 start
now configure the server, for this you change in their configuration file
first we switch the directoy where is its configuration files
cd /etc//php/7.4/apache2/ (if your apache or php version is differ then it may be cdifferebnt location)
in their , a file
edit it by any, vim, gedit ,nano etc
You will see like this,
change two configuration files that is allow_url_fopen to on and allow_url_include to on
Save the file , exit the file
Now, start the Server
Open your browser and type 127.0.0.1/DVWA it will open setup.php page
Click on ‘Create / Reset Database’
it will show like this
Now it will automatically redirect to login page or you click on login link.
Successfully , you installed DVWA in your kali linux