DVWA ( http://www.dvwa.co.uk/ ) is a very useful tool for learning about web-based security. This is not just useful for hackers, but also for security engineers to learn the tools and processes used by hackers to attack production systems. This post hopefully covers everything necessary to setup DVWA in a virtual machine.
Configuration
- DVWA: Version 1.10 *Development*
- OS: Ubuntu 19.10 desktop
- Database: MariaDB
Once the OS is installed and setup, the first step is to install and enable the LAMP stack
apt-get -y install apache2 mariadb-server mariadb-client php php-mysqli php-gd libapache2-mod-phpsystemctl enable apache2systemctl enable mariadbsystemctl start apache2systemctl start mariadb
Once the LAMP stack is installed, we can download DVWA to the web server
cd /var/wwwwget https://github.com/ethicalhack3r/DVWA/archive/master.zipunzip master.zip mv html html_oldmv DVWA-master html
Next, we configure DVWA with login credentials for the database (look for the username/password lines)
cp config/config.ini.php.default config/config.ini.phpnano config/config.ini.php
Once DVWA is configured, we setup our database and user
mysql -u rootcreate database dvwa;grant all on dvwa.* to dvwa@localhost identified by 'p@ssw0rd';flush privileges;exit
At this point, open a browser and log into DVWA and review the settings – the goal is to have no RED text
Fix url_include
nano /etc/php/7.3/apache2/php.ini
Fix directory permissions
chmod a+w hackable/uploadschmod a+w external/phpids/0.6/lib/IDS/tmp/phpids_log.txtchmod a+w config
Comments
Post a Comment