DISCLAIMER: The content of this post/blog is based on opinion on what I have learned and for educational purposes, therefore if there are any mistakes or recommendation for improvement leave a comment 🙂
In this post I will demonstrate how to Install DVWA in Kali Linux, but before that what is DVWA?
DVWA is a vulnerable web application that Penetration Testers can use to practice their Penetration Testing skills which comes with different categories of pentesting such as:
- SQL Injection
- File Upload
- XSS
- Etc.
And each of these categories have their own difficulties starting from easy, normal, hard and impossible.
DVWA: http://www.dvwa.co.uk/
The DVWA web application will require the following software to be installed :
- Apache
- MySQL
- PHP
These applications by default are already installed on Kali Linux but they are turned OFF by default.
You can use the following command to check the services that are ON/OFF in your local computer.
# service –status-all
You will get the following result:
Notice that next apache2 and mysql has [ – ] sign, this mean that these services are currently off. You can turn it on by running the following commands.
These two commands will start these two services.
Next go to apache’s web directory and git clone the DVWA web application.
Repo Link: https://github.com/ethicalhack3r/DVWA.git
Now let us start setting up DVWA
First go to the DVWA directory and go to config folder and copy config.inc.php.dist to the same directory as config.inc.php.
Open the DVWA web application in your browser. (localhost/DVWA) 🙂
Basically what it says is that it requires these settings in the required software to install DVWA so that DVWA can work.
You can change the PHP config in /etc/php/7.2/apache2/php.ini , the use Linux’s easy terminal text editor which is nano.
Hint: You can use CTRL+W, to search a certain text with nano text editor.
Notice on the setup.php, DVWA requires the PHP 7.2 module which is by default not installed by Kali Linux. You can use the following command to install the module.
#sudo apt install php7.2-gd
Note: My current PHP version is 7.2 so change the values of the PHP version according to the version of PHP currently installed.
Next DVWA requires access to write files and folders, use the following command to do so.
#sudo chown -R www-data:www-data /var/www/html
Time to setup MySQL for DVWA, go back to /var/www/html/DVWA/config. Then nano config.inc.php. Change it the following lines to the following:
So with these settings what we are going to do is create a Database named dvwa, create a new user named dvwa with toor as its password.
To do these go to your MySQL CLI(Command Line Interface). You can do so by doing the following command.
#mysql -u root -p
Login Then Enter The following commands which will do the actions respectively mentioned above.
And we are done go back to your browser, go to localhost/DVWA/setup.php. Click create / reset database and it should work then DVWA should bring you to a login page.
Thank you 🙂