đŸĨˇHow To Install D*mn Vunerable Web Apps For Ethical Hacking

Introduction

The abbreviation for Damn Vulnerable Web App is a PHP/MySQL web application that is very vulnerable to various cyber security attacks. DVWA is used for training web, pentesters, and Cyber ​​Security professionals. By using DVWA as a learning tool for ethical hackers, penetration testers or Cyber ​​Security Analysts who can practice and improve their abilities in overcoming various security vulnerability problems in web applications.

DVWA or Damn Vulnerable Web Apps is a platform used by cyber security professionals to carry out pentests to test their ability to secure web apps. In simple terms, DVWA is a playground for pentesting. DVWA can be used to test various exploits for cyber security attacks such as brute force, SQL injection, XSS and CSRF, etc.

In this DVWA we can set the security level from the lowest to the highest security level, namely impossible. DVWA is easy to use for someone who is a beginner or interested in web app security, and is very easy to install. Here's how to install DVWA.

The main advantage of DVWA in cyber security is that it helps learning about how to test the security of web apps in an easy and legal manner, so that it can be used by both teachers and students learning in cyber security classes or courses. Following are various other benefits of DVWA.

Configuration

Debian11- Server

Install Package

apt install apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-php docker -y

Setup mysql

mysql_secure_installation is a shell script contained in Unix systems and allows provers to develop MariaDB security in several ways such as: Provers can create a password for the root account. Provers can delete root accounts that can be accessed from outside the local host.

mysql_secure_installation

Create Database & User

mysql -u root -p

CREATE DATABASE dvwa_rizwan;
CREATE USER 'admin'@'127.0.0.1' IDENTIFIED BY '12345678';
GRANT ALL PRIVILEGES ON dvwa_rizwan.* TO 'admin'@'127.0.0.1';
FLUSH PRIVILEGES;
EXIT;

Install DVWA

git clone https://github.com/digininja/DVWA.git /var/www/dvwa

Change Permission

chmod 777 /var/www/dvwa/

Configuration File

cd /var/www/dvwa/config
cp config.inc.php.dist config.inc.php

nano config.inc.php

$_DVWA = array();
$_DVWA[ 'db_server' ]   = getenv('DB_SERVER') ?: '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa_rizwan';
$_DVWA[ 'db_user' ]     = 'admin';
$_DVWA[ 'db_password' ] = '12345678';
$_DVWA[ 'db_port']      = '3306';

Restart Service

systemctl restart apache2 mariadb mysql

Browse to dvwa.rizwanpemula.com

Login using user 'admin' and password '12345678'

Then click setup.php and then log in again

After that we log in with user 'admin' and password 'password'

PreviousStaticWebNextHow To Install Automation With Ansible

Last updated