Damn Vulnerable Web Application (DVWA)
For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd
service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
apk add php-mysql mysql mysql-client
Installing and configuring DVWA
Create the a folder named webapps
mkdir -p /usr/share/webapps/
Download the source archive and unpack it
cd /usr/share/webapps/ wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
Unpack the archive and remove it
unzip v1.9.zip rm v1.9.zip
Change the folder permissions
chmod -R 777 /usr/share/webapps/
Create a symlinks to the folder dvwa
ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa
Configuration and start MySql
/usr/bin/mysql_install_db --user=mysql /etc/init.d/mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'
Modify the database credentials within DVWA configuration file /config/config.inc.php
nano -w /usr/share/webapps/dvwa/config/config.inc.php
To complete the setup, browse to the DVWA directory on the webserver.
http://WEBSERVER_IP_ADDRESS/dvwa
Follow the link to setup the database.