AndroidLinuxPenetration TestingTermux

How to Install DVWA in Linux & Android

In this tutorial, I will give you a step-by-step guide on how to set up and install DVWA in your Kali Linux system and termux.

When you start as a login tester, you will need a pentesting lab to test your login skills. One such program is the Damn Vulnerable Web Application (DVWA). DVWA is a vulnerable web application built using PHP and MySQL that allows ethics hackers to test their hacking skills and security tools.

It is also an excellent guide for professional web developers with security in mind. They can use it to learn which features of the web application are easy to use. Some of the most common web threats identified by this application include Cross-Site Request Forgery (CSRF), File Installation, SQL injection, Bruteforce attack, and much more. (how to install dvwa in kali linux)

 

What is DVWA? DVWA, or more fully the Damn Vulnerable Web App is a security risk assessment app. It is intended for people who want to get used to checking the legal entry using a legal item. Getting started with DVWA is one of the best ways to start learning legal hijacking, the app is perfectly suited for a variety of users.

The app is built with PHP and MySQL, an old duet. What does it mean for someone who is willing to study entrance exams? That the app is easy to install on a different OS, as both PHP and MySQL work almost everywhere. Also, the fact that it is built with PHP means that it will be easier to understand fragments of DVWA code. As the app has many examples of different injuries (more on this later) used in PHP. PHP is not a very complex programming language, and there are a variety of resources that can help you understand the PHP code. install DVWA

If we go straight to the point, today we will consider DVWA, we will see how we can stop DVWA, and finally how to use DVWA, Damn Vulnerable Application.

 

Table of Contents

 

 

Introduction :

The Damn Vulnerable Web Application, short for DVWA, is a high-risk PHP / MySQL web application. The main goal of this test venue is to help entry inspectors and security professionals assess their skills and tools. In addition it can help web devs better understand how secure web applications are, but also help students / teachers learn all about web application security and potential vulnerability. (install DVWA)

DVWA: Dangerous Web Application :

DVWA is a high-risk web application that is coded in PHP using the MySQL website. With this amazing web application you can familiarize yourself with standard web crashes (different levels of difficulty) using its very simple GUI. You can play and try to find as many problems as you can to deepen your knowledge / skill.

Install Devices:

  • Linux
  • Android
  • Windows
 

 

DVWA Attacks:


  • Brute-force
  • Command Injection
  • CSRF
  • File Inclusion
  • File Upload
  • Insecure CAPTCHA
  • SQL Injection / SQL Injection (Blind)
  • Weak Session IDs
  • XSS_(DOM)
  • XSS_(Reflected)
  • XSS_(Stored)
  • CSP Bypass

Requirements:

  • web server (XAMPP as an alternative)
  • PHP
  • MySQL
  • Other possible dependencies (depending on the OS)



How to install DVWA

There are a few requirements you may need for DVWA installation. Here is a list of key requirements (some of which there are alternatives):

  • GIT Client (required to install DVWA in Kali Linux installation in particular) – this is required to downIoad the source code of the project. However, you can downIoad ZIP directly from the DVWA GitHub repository. Depending on your habits, you may want to use one method or another. I recommend using GIT as it is the fastest way. However, the wget command is also an option. With wget command you won’t need GIT, that’s up to you. Keep in mind that this is especially true for Linux OS. For Windows and MAC OS, you may want to downIoad the source code directly with your browser.
  • PHP and MySQL – both technologies are required to use DVWA. We will include installation instructions in the latest categories. Both if you are tech savvy you are more likely to have both. If not, packages like XAMPP will make the installation as a breeze.
  • Apache – a web server is required to successfully launch DVWA. Although technically a web server like Nginx can work for the system, Apache is recommended by the project team.

 

🎥 WATCH VIDEO :

cam



Installation – Android

Installation & Setup Install Ubuntu on Android

Open Termux App , Linux & Run all command step_by_step

Step 1: DownIoad Requirement basic package

Install the DVWA Tool tool. This step is really important if you do not want to make mistakes while using the tool. This will add git, php, mysql to the termux that will be used while using the DVWA tool.

pkg install php -y
pkg install git -y
pkg install mariadb -y



Step 2: DownIoad DVWA Application Tool :

Now everything depends on your termux and we can now install DVWA tool using termux using the command given below. The file size of this tool is very simple, just copy and paste the command below

git clone https://github.com/ethicalhack3r/DVWA 

 

Now we have to stop this web application to work properly because we have to go into /dvwa/config directory.

cd dvwa/config 

In the screenshot above we can see the config.inc.php.dist file. This file contains the default configuration. We need to make a copy of this file with the .php extension name, we are dealing with this file because in the future if something goes wrong we will have default values. So we copy this file with the .php config.inc.php.dist extension name using the following command

cp config.inc.php.dist config.inc.php 
cd ..



Step 3: Database Setup :

Now Open New seesion for Tremux App and Start MySQL Database Services. using the following command

mysqld_safe -u root &

Agaig Now Open New seesion for Tremux App and Login & Open MySQL Database Services. using this command

mysql -h localhost



You must create a new database user. To do this, connect to the database as the root user then use the following commands:

create database dvwa;
create user [email protected] identified by '[email protected]';
grant all on dvwa.* to [email protected];
flush privileges;

Step 4: Start LocalHost Server :

Fast Open 1st seesion ( DVWA File Folder ) and Start localhost server. Then start the localhost server using the following command: –

php -S 127.0.0.1:4444 

 

Step 5: Access DVWA on Your Browser :

 

Let’s open the browser and navigate to 127.0.0.1:4444 first open it to open setup.php as shown in the screenshot.

Open DVWA

That will create and configure the database. After some time, you will be redirected to the DVWA login page. Sign in with the following information:

  • Username – admin
  • Password – password

You may see red spots as in the picture above. Do not be afraid! Scroll down and click the Create / Reset Website button.

Now Login Again : http://127.0.0.1:4444/login.php

Once logged in, you will see the main DVWA page. In the left panel, we have a variety of attacks you can use and the DVWA Security button that lets you choose the level of security you want – Low, Medium, High, or Impossible.

 

 

Installation – Linux

Step 1: DownIoad Damn Vulnerable Web Application (DVWA) :

 

Setting up a compromised server is very easy. Now set up DVWA on our Kali Linux machine.
DVWA stands for Damn Vulnerable Web Application. Oh yes, it is very dangerous. In this web application security researchers, hackers or ethics criminals test their skills and use the tools in a legal environment.

DVWA is designed to adapt to common web vulnerabilities. Made with PHP and mySQL. Let’s get started without wasting time.
Instead of Linux localhost files are stored in the  /var/www/html  /var/www/html directory, so we open a terminal and change our direction in that text using the following command:

cd /var/www/html

Here we include DVWA in the Github storage area. To compile it using the following command:

git clone https://github.com/ethicalhack3r/DVWA 

After cloning is complete, we rename DVWA dvwa. on its own (not necessary but it will save our effort).

mv DVWA dvwa 



 

Step 2: Configure DVWA :

After DownIoading cloning DVWA from our directory / var / www / html, we still need to do a little activation. To get started, let’s plan to read, write, and issue permissions on the DVWA directory.
Then change the permission on the individual directory by using the following command: –

chmod -R 777 dvwa/ 

 

Now we have to stop this web application to work properly because we have to go into /dvwa/config directory.

cd dvwa/config 

In the screenshot above we can see the config.inc.php.dist file. This file contains the default configuration. We need to make a copy of this file with the .php extension name, we are dealing with this file because in the future if something goes wrong we will have default values. So we copy this file with the .php config.inc.php.dist extension name using the following command

cp config.inc.php.dist config.inc.php 

 

Then use the nano editor to make changes to our newly created PHP file. write the newly created file with the  nano  editor and make the necessary changes, as shown in the image below. We will set  db_user as user and  db_password as the default. Feel free to use a different username or password.



nano config.inc.php 

We will make changes in this part the [email protected] to pass and the user from root. Watch the following screenshot:-

Save the file (Ctrl + O, then Enter) and exit (Ctrl + X). That’s all! We have finished setting up the DVWA Web system. Let’s go ahead and configure the database (MySQL).

Step 3: Install MySQL on Kali Linux :

By default, MySQL will be pre-installed on Kali Linux. If this is not the case with you or perhaps you are experiencing MySQL, we may go ahead and install it ourselves. If you work with Debian-based distribution, MySQL comes with two packages:

  • mysql-server
  • mysql-client

In our case, we will need to install mysql-server. However, there is a catch. If you try to use the apt install mysql-server command you will probably find an error “Mysql-server package is not available, but refers to another package. E: The ‘mysql-server’ package has no installation candidate.” That is because the mysql-server package refers to the default-mysql-server in Kali Linux and in the recent release of Debian (Debian 10). Therefore, use the command below:

sudo apt install default-mysql-server 



Step 4: Configure MySQL Database :

Next is to configuring the database.
Here we have opened a new terminal window that closes the previous one. We start mysql initially using the following command: –

service mysql start 

 

Log in to the MySQL database using the command below as root. If you have another superuser name set in your system, use it instead of root.

mysql -u root -p 

You will see a command to enter a password. Just hit Enter as we have not set any password. MySQL will open, as shown in the image below:

After cloning is complete, we rename DVWA dvwa. on its own (not necessary but it will save our effort).

create user 'user'@'127.0.0.1' identified by 'pass';

Here we use this command we create a user called ‘user’ who runs the server in 127.0.0.1 (localhost) and the password says ‘pass’. Remember that this username and password must be exactly the same as the login and username we entered in the web server configuration file.

In the screenshot we can see that the question is OK. That means the user is created.
Then grant this user all the rights on the site. We therefore write the following command: –

grant all privileges on dvwa.* to 'user'@'127.0.0.1' identified by 'pass';



Step 5: Configure Apache Server :

Yes, we have completed the database task, now we are preparing the server. For this we need to configure our apache2 server. Let’s convert our index to  /etc/php/8.1/apache2,
Here we use version 8.1, if we use another version the method may change.

cd /etc/php/8.1/apache2 

 

Here we prepare the php.ini file using the leafpad of any good text editor. We_used_the_mousepad_editor.

mousepad php.ini 

We need to change the allow_url_fopen and allow_url_include value. We set both ‘On‘. In some cases when we first adjust it, we may find that one or more of these settings are set to ‘Off‘. We’ve changed both of these settings to ‘On‘, as the following screenshot: –

Then we save and close the file.

 

Then start the apache2 server using the following command: –

service apache2 start 

 

Step 6: Access DVWA on Your Browser :

 

Let’s open the browser and navigate to 127.0.0.1/dvwa/ first open it to open setup.php as shown in the screenshot.

Open DVWA

That will open the setup.php web page as shown in the image:

 

You may see red spots as in the picture above. Do not be afraid! Scroll down and click the Create / Reset Website button.

 

That will create and configure the database. After some time, you will be redirected to the DVWA login page. Sign in with the following information:

  • Username – admin
  • Password – password

 

Once logged in, you will see the main DVWA page. In the left panel, we have a variety of attacks you can use and the DVWA Security button that lets you choose the level of security you want – Low, Medium, High, or Impossible.

 

Conclusion :

That’s how we install DVWA in Kali Linux. It’s so easy, isn’t it? DVWA is an excellent resource for both beginners with entry testing and expertise. What you need to do is change the safety levels depending on your skills. Feel free to share the risk you found interesting to use with our readers in the comments section.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button