dvwa-logo

Before, installation of DVWA we need to know what is DVWA and why we use DVWA?

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

What We Need For DVWA Installation 

we will use database because this application requires a database reason  is  some of the vulnerability reated  to database. so we will use MySQL database and finally like i told you preveiously we will running this application on localserver.

That’s why we need to run a localserver in my system, we use for this Apache server.

the first step to do to install dvwa is to download the files fo that i open a web-browser and type ‘dvwa git’ i will download dvwa from Git, but you also download directly from its official site in download section that is http://www.dvwa.co.uk/

Now, before start download i switch directory to ‘var/www/html/’ because for a web aplication to run all the files should be present in 

this directory

and then type, 

$ git clone https://github.com/digininja/DVWA.git

if it shows permission denied then use ‘sudo’ before the command ,

now run the ‘ls’ command you will see ‘DVWA’ directory here 

now run the ‘ls’ command you will see that ‘DVWA’ directory here then give all the permission to this complete directory

use command, if it shows permission denied then use ‘sudo’ before the command

$ chmod -R 777 DVWA/

Now we set this application to run properly go into this directory ‘DVWA/config/’ you will see a file ‘config.inc.php.dist’

this file is the default values or default configuration , i am copying of this file and name ‘config.inc.php’ 

keep in mind  the extension should be php, the reson of copying this file that in future you make then you always copy of default values or files

Now i will use nano editor to make changes in this configuration file, you also use any editor like vim etc ,i am changing the user is ‘user’ and password is ‘pass’ you use any name and any password but make sure same username and password you need to create a database then save and exit for save ‘ctrl+o’ and exit is ‘ctrl+x’

next  step is I am  configure the database,  for configure  the  database we need start the service 

$ sudo service mysql start  

if  there  are no error  that means service succesfully started

now  login to  mysql

$ sudo mysql -u root -p

i  will  choosing the username  root(in your case different name of  your  super user you use it) , i am not given’t any password therefore we enter

Now, to set up database of dvwa, first thing you do to create a new user

Use this command,

create user ‘YourUsername’@’127.0.0.1’ identified by ‘pass’;

Rembember the username  and password is smae as  that  we enter  in configuration  file of dvwa application 127.0.0.1 is an loopback address which mean the web application will  running  on local server,

now user is created,, the next step is grant this  user all the preveliges over the database

grant all privileges on dvwa.* to ‘user’@’127.0.0.1’ identified  by ‘pass’;

now exit the database and clear the screen

the web application is configured, the database is configured , next step is to do configure the server, 

for configure the  server we need to start the  server

$ server  apache2 start

now configure the server, for this  you change  in their configuration file

first  we switch  the directoy  where is  its configuration  files

cd  /etc//php/7.4/apache2/  (if your  apache or php version  is differ then it may be cdifferebnt location)

in  their , a file 

php.ini

edit it by any, vim, gedit ,nano etc

You will see like this,

 change two configuration files that is  allow_url_fopen  to on and  allow_url_include to on

Save the file , exit the file

Now, start the Server

Open your browser and type 127.0.0.1/DVWA it will open setup.php page

Click on ‘Create / Reset Database’

it will show like this

Now it will automatically redirect to login page or you click on login link.

Successfully , you installed DVWA in your kali linux  

Leave a Reply

Your email address will not be published. Required fields are marked *