Setup DVWA on Ubuntu Server

 

Damn Vulnerability Web Application, also named as DVWA is a PHP/MySQL web application which is seriously vulnerable. It assists both the web developer and the professional pentester for testing the web application security through all variant methods of attack.    

We can download it from the official portal, dvwa.co.uk. At this post, we would like to share how to install and setup the DVWA on Ubuntu Server 18.04. 

Nevertheless, we won’t explain how to install Ubuntu Server 18.04, because it is not a difficult issue nowadays. There are several dependencies application which should be prepared and/or installed before setup and install DVWA, such as Mysql and Apache Web Server.

Firstly, after installing the Ubuntu Server, we check the status of mysql and apache service by typing :

$ systemctl status mysql.service 

and for apache service :

$ systemctl status apache2.service 

Then, we setup the database user and create a database for the DVWA. In this case, the database is dbdvwa.

After all prerequisite things has been setup, then we clone the DVWA from the official web link like below:

git clone --recursive https://github.com/ethicalhack3r/DVWA.git

Next, we move the DVWA folder into directory ~/var/www/html by typing :

sudo mv DVWA/  /var/www/html/

Then, we can open the DVWA through web browser like below:

ip-address-host/DVWA

Actually, we cannot use the DVWA yet. We have change the permission some file in the DVWA directory, notably hackable directory. Let’s take a look the permissions whose the DVWA has :

So, we have to change the permission of the uploads directory like below:

Also, we have to change the permission of the phpids.txt like below:

And also the config directory like below:

Finally, we test the service with refreshing the web browser. If all the setup is correct, it should present the log in page like below:

Then login using the default credential like below:

Username : admin

Password : password

 

Refferences:

  • https://www.thomaslaurenson.com/blog/2018/07/12/installing-and-configuring-damn-vulnerable-web-application/
  • https://www.a2hosting.com/kb/developer-corner/mysql/managing-mysql-databases-and-users-from-the-command-line

Leave a Reply

Your email address will not be published. Required fields are marked *