How to Install DVWA

Posted on by

In this post, we will tell you how to install DVWA on your Kali Linux.

Note : the screenshot of the steps was provided by Mr. Kalpin Erlangga

Before we install DVWA we must know what DVWA is. DVWA abbreviation is Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment.

This is the step to install DVWA :

  1. First Open your Kali Linux and run the terminal.
  2. Then, change your directory to /var/www/html
  3. Download the package file using wget command with this link https://github.com/ethicalhack3r/DVWA/archive/master.zip 
  4. After you have successfully download, unzip the master.zip using unzip master.zip command 
  5. After unzipping the file you will found DVWA-Master directory. Move the content of DVWA-Master Directory to web root directory with this command mv DVWA-Master/* /var/www/html and change the owner of directory /var/www/html using Chown -R www-data:www-data /var/www/html.
  6. When you have done moving the content and changing the owner of directory the next step will be starting the services of apache and mysql. use this command to start the apache and mysql service apache2 star; service mysql start.
  7. After that we should secure the mysql installation using this command mysql_secure_installation. Follow the instruction and dont ever forget to fill the password.
  8. next, we will configure our DVWA settings. first open your kali’s IP using browser in Kali Linux: http://your ip or you can use http://localhost/login.php .If you got an error like this, copy config/config.inc.php.dist to config/config.inc.php using this command cp config/config.inc.php.dist config/config.inc.php
  9. After you have done copying, you should get the recaptcha from this link http://www.google.com/recaptcha/admin
  10. After you have login and create a recaptcha, you will be given 2 important keys which are site key and secret key.
  11. Next, we should set up our database. first, type mysql -u root -p and provide the password which you have made earlier.
  12. Then, create a database.
  13. After that, grant the database privileges
  14. Last is to flush the privileges
  15. Edit the config.inc.php by going to the directory that has the file and type nano config.inc.phpthings that you should change is db_database, db_user, and db_password and don’t forget to fill in the recaptcha public key and private key. use site key for public and secret key for private.
  16. go back to http://your ip or http://localhost/login.php and click the create/reset database button.
  17. Then, a login page will appear, the user is admin and the password is admin too
  18. After you login you can use the DVWA as a tool for hacking test

 

 

 

Written by Adrian Alexander and Charottama Oshmar