top of page

Setting Up DVWA : A Comprehensive Installation Guide

Setting Up DVWA : A Comprehensive Installation Guide

DVWA stands for Damn Vulnerable Web Application. It is a web application intentionally designed with vulnerabilities to help security professionals and enthusiasts practice and improve their web application security skills. DVWA is used as a training tool to learn about common web vulnerabilities such as cross-site scripting (XSS), SQL injection, command injection, file inclusion, and more. It provides a safe environment for users to exploit and understand the consequences of these vulnerabilities, allowing them to develop strategies to prevent such attacks in real-world scenarios.


INSTALLATION OF DVWA:


Setting up Vulnerable server DVWA in our kali Linux machine.

First we switch the user to the root user for root privileges using following command:

sudo su

In Linux localhost files are stored in /var/www/html directory, so we change the directory to that directory in terminal using following command:

cd /var/www/html

How to Install DVWA in Ubuntu

Here we clone DVWA from the Github repository using following command:

How to Install DVWA in Ubuntu

After the cloning, we rename the DVWA to dvwa (it is not necessary but it will save our effort)

mv DVWA dvwa
How to Install DVWA in Ubuntu

Change the permissions on dvwa directory using following command:

chmod -R 777 dvwa
How to Install DVWA in Ubuntu

Now we have to setup this web application to run properly for that we have to go config directory using following command:


How to Install DVWA in Ubuntu

Above we seen the config.inc.php.dist file. This file contains default configuration. We need to make a copy of this file with .php extension name, we are copying this file because in future if anything goes wrong then we have the default values. So we copy this file with .php extension name using following command:

How to Install DVWA in Ubuntu

Now edit this config.php file using following command:

How to Install DVWA in Ubuntu

How to Install DVWA in Ubuntu

We will make changes in this part the 'dvwa' to 'user' and 'p@ssw0rd' to 'pass'. See the screenshot below:

How to Install DVWA in Ubuntu

  • The we save and exit by press the ctrl+O, then enter and next ctrl+X.

  • Update the server first using this command:

  • As a recommended practice, we will add the official MariaDB apt repository using the following script.

Here we opening a new terminal window closing the previous one. If we don.t have a mariadb-server in the Linux machine just installing it using the upcoming commands:

apt-get install mariadb-server mariadb-client -y
How to Install DVWA in Ubuntu

After the installation we should start the mysql using following command:

service mysql restart
How to Install DVWA in Ubuntu

Now we Secure MariaDB using following command:

mysql_secure_installation
How to Install DVWA in Ubuntu

You will be prompted with six questions. Choose options as shown below.

  1. Enter current password for root (enter for none): Press enter as there is no password by default.

  2. Set root password? [Y/n]: Select Y and enter a new password.

  3. Remove anonymous users? [Y/n]: Select Y

  4. Disallow root login remotely? [Y/n]: Enter Y

  5. Remove the test database and access to it? [Y/n]: Enter Y

  6. Reload privilege tables now? [Y/n]: Enter Y


Execute the following command to connect to MariaDB. When prompted, enter the root password you setup in the previous setup.


How to Install DVWA in Ubuntu

Now we are going to configure the database, we start with creating a new user called 'user' running server on 127.0.0.1(localhost) and the password is 'pass'. Remember that this username and password should exactly same as the password and username we have entered in the configuration file of dvwa web application.

CREATE DATABASE dvwadb;
USE dvwadb;
CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY 'pass';

How to Install DVWA in Ubuntu

In the above screenshot we can see the query is ok. That means the user is created. then we grant this user all the privileges over the database by using following command:


GRANT ALL PRIVILEGES ON dvwa.* TO 'user'@'127.0.0.1' IDENTIFIED BY 'pass';

How to Install DVWA in Ubuntu

we have finished the work of database, now we configure the server.


INSTALL PHP :

PHP comes installed in kali Linux. If you want to install a particular version, you can do it manually from the terminal. Follow the steps below.


First, update your system and add the SURY PHP PPA repository by executing the commands below.

sudo apt -y install lsb-release apt-transport-https ca-certificates
How to Install DVWA in Ubuntu
sudo wget -o /etc/apt/trusted.gpg.d/php.gps https://packages.sury.org/php/apt.gpg
How to Install DVWA in Ubuntu

After successfully adding the repository. use the command below to install PHP versions you want.

  • For this we need to configure our apache2 server. Let's change our directory to /etc/php/8.2/apache2

How to Install DVWA in Ubuntu


  • Here we configure the php.ini file.

How to Install DVWA in Ubuntu

  • We need to change the allow_url_fopen and allow_url_include values. We set both of them 'On'. In some cases when we are first time configuring it, we might that one of this or both of this configuration is set 'Off'. We have turned both of these configurations to 'On', as the following screenshots:

How to Install DVWA in Ubuntu

  • After the both values are change 'Off' to 'On'.


How to Install DVWA in Ubuntu

Then we save and exit the file(Already I mentioned in above configuration method). Then we start the apache2 server using following command:

    service apache2 start

Now we check the active running status of mysql and apache2 server using following commands:

If the server is on stop stage just start the service using following commands:

service mysql restart
service apache2 start                       

TO LAUNCH DVWA :


Let's open the browser and navigate to 127.0.0.1/dvwa/ first open will open the setup.php as shown in the screen shot.


How to Install DVWA in Ubuntu

Here we click on "Create/Reset Database", Then it will create and configure the database and we redirected to DVWA login page.

How to Install DVWA in Ubuntu

The default login credential are mentioned below

Username : admin
Password  : password

After login we are in Damn Vulnerable Web Application main page. Here is some general information and warnings.


How to Install DVWA in Ubuntu

On the left side we can see lots vulnerable pages are available we can practice here. DVWA have different security levels to change those we navigate to DVWA security. There are some security levels low, medium, high, impossible. We can choose difficulty as we need. Now we can run penetration testing tools and techniques in our localhost.


"If you have any query or problem in the installation process just comment below".





1,024 views0 comments
bottom of page