DVWA
Web application penetration testing
Author: Stefan Waldvogel
Overview
In this article, we will install DVWA. This is a vulnerable webpage with over a hundred vulnerabilities. If you try to get Pentest+, CEH, WAPT, and other certs it is helpful to have this lab at home.
TryHackMe offers a DVWA room for free (tryhackme.com/room/dvwa), so you do not have to set it up.
If you set it up at home, you get a deeper understanding of what is necessary for creating a website.
The commands
sudo su
# apt-get update -y
# apt-get upgrade -y
# apt-get install apache2 mysql-server php php-gd php-mysql -y
# /etc/init.d/apache2 start
# /etc/init.d/mysql start
# update-rc.d apache2 defaults
# update-rc.d mysql defaults
# cd /var/www/html
# apt install git -y
# git clone https://github.com/ethicalhack3r/DVWA
# chmod -R 777 /var/www/html/DVWA
# mv /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
Set up the database
# mysql -u root -p
Enter password: {just hit enter}
mysql> CREATE DATABASE dvwa;
mysql> CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY 'pass';
mysql> GRANT ALL ON dvwa.* TO 'user'@'127.0.0.1';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;
Edit both php.ini files
nano /etc/php/7.4/cli/php.ini
nano /etc/php/7.4/apache2/php.ini
to
allow_url_fopen = On
allow_url_include = On --> the standard is Off
extension=mysqli --> it is under Dynamic Extensions, remove the ;
In this article, we will install DVWA. This is a vulnerable webpage with over a hundred vulnerabilities. If you try to get Pentest+, CEH, WAPT, and other certs it is helpful to have this lab at home.
TryHackMe offers a DVWA room for free (tryhackme.com/room/dvwa), so you do not have to set it up.
If you set it up at home, you get a deeper understanding of what is necessary for creating a website.
The commands
sudo su
# apt-get update -y
# apt-get upgrade -y
# apt-get install apache2 mysql-server php php-gd php-mysql -y
# /etc/init.d/apache2 start
# /etc/init.d/mysql start
# update-rc.d apache2 defaults
# update-rc.d mysql defaults
# cd /var/www/html
# apt install git -y
# git clone https://github.com/ethicalhack3r/DVWA
# chmod -R 777 /var/www/html/DVWA
# mv /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
Set up the database
# mysql -u root -p
Enter password: {just hit enter}
mysql> CREATE DATABASE dvwa;
mysql> CREATE USER 'user'@'127.0.0.1' IDENTIFIED BY 'pass';
mysql> GRANT ALL ON dvwa.* TO 'user'@'127.0.0.1';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;
Edit both php.ini files
nano /etc/php/7.4/cli/php.ini
nano /etc/php/7.4/apache2/php.ini
to
allow_url_fopen = On
allow_url_include = On --> the standard is Off
extension=mysqli --> it is under Dynamic Extensions, remove the ;
Restart the server
/etc/init.d/apache2 restart
Now, we need a reCAPTCHA
Create one here: www.google.com/recaptcha/admin/create
/etc/init.d/apache2 restart
Now, we need a reCAPTCHA
Create one here: www.google.com/recaptcha/admin/create
Update the config file
gedit /var/www/html/DVWA/config/config.inc.php
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'user'; --> change it
$_DVWA[ 'db_password' ] = 'pass'; --> change it
$_DVWA[ 'recaptcha_public_key' ] = 'SITE KEY'; --> change it
$_DVWA[ 'recaptcha_private_key' ] = 'SECRET KEY'; --> change it
click “Create / Reset Database”
Wait some seconds and login via admin/password.
gedit /var/www/html/DVWA/config/config.inc.php
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'user'; --> change it
$_DVWA[ 'db_password' ] = 'pass'; --> change it
$_DVWA[ 'recaptcha_public_key' ] = 'SITE KEY'; --> change it
$_DVWA[ 'recaptcha_private_key' ] = 'SECRET KEY'; --> change it
click “Create / Reset Database”
Wait some seconds and login via admin/password.
If you want to take some lessons, change the setting from Impossible to Low.
Now, you can start with some training. DVWA does not teach you, but you get the links to learn.
One example for SQL Injection. If you enter ' or '1'='1 you get the list of all entries.
One example for SQL Injection. If you enter ' or '1'='1 you get the list of all entries.
© 2021. This work is licensed under a CC BY-SA 4.0 license