Setting up DVWA and Introduction - Website Hacking


Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.


Lets Start with Setting up DVWA and Introduction

Step 1 :-Download DVWA from the the official website.

It is also available on Github https://github.com/ethicalhack3r/DVWA. You can clone it using git command.


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 2 :- Use unzip command to extract the folder


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 3 :-Now, extract the application in /var/www/html directory. The command will extract all the DVWA files on DVWA-master folder under /var/www/html directory .Rename the folder from DVWA-master to DVWA.


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 4 :-Change the permissions on folder, so that it could work perfectly.

chmod +x /var/www/html/DVWA
The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 5 :-Before editing the file rename, it to config.inc.php


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 6 :-Now, we need to make some changes to dvwa php configuration file. Put the MySQL database information in configuration file. Note that the information must be same as used in the previous step.


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 7 :- Else the Application will not able to connect to your database or in other words, application will not work. Add username, password and database name to the configuration file.


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 8 :-SQL stands for Structured Query Language and is used to store vast amount of data securely. DVWA also uses SQL database for storage purposes

service apache2 start

service mysql start

mysql -u root -p

The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 9 :-Setup MySQL database , so that SQL database have a way to remotely connect to the database and store the data. First launch sql terminal , configure settings , and at last start and enable the mysql service. Type following :

CREATE DATABASE dvwa;

CREATE USER "user"@@"127.0.0.1"IDENTIFIED BY "password"; Note :-(Use single quotes instead of double quotes)

GRANT ALL ON dvwa.* to "user"@@"127.0.0.1"; Note :- (Use single quotes instead of double quotes)

flush privileges;

exit;

The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 10 :-Now, the application files are already setup. Configuration is also done. Now, Start the Apache2 server.And start and enable the mysql service.

service apache2 restart

service mysql restart

The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 11 :-This will start apache2 service. DVWA application will be available on localhost. Open your Browser and type

127.0.0.1/DVWA/login.php

The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 12 :- It will show you a box showing that, if your application is successful. If everything goes Right and no error has been occur. Click on button Clear/Reset Database as shown in the below screenshot


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


Step 13 :-Now, you will be redirected to login page. Enter the Default credentials which is "admin / password" and press Enter. Now the settings of page will open. Select the suitable settings for you and start hacking the application.


The Best DoS Attack Toolkit - ZAmbIE | Kali Linux


For References :-




I hope you enjoyed this article.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..