Damn Vulnerable Web Application (DVWA)
For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
# apk add php5-mysql mysql mysql-client
Installing and configuring DVWA
Create the a folder named webapps
# mkdir -p /usr/share/webapps/
Download the source archive and unpack it:
$ cd /usr/share/webapps/ # wget https://github.com/digininja/DVWA/archive/refs/tags/v1.9.zip/nowiki>}} Unpack the archive and remove it: {{Cmd|# unzip v1.9.zip # rm v1.9.zip}} Change the folder permissions: {{Cmd|# chmod -R 777 /usr/share/webapps/}} Create a symlinks to the folder ''dvwa'' {{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} == Configure and start MySql == {{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql # rc-service mariadb start && rc-update add mariadb default # /usr/bin/mysqladmin -u root password 'password'
Modify the database credentials within DVWA configuration file /config/config.inc.php
# nano -w /usr/share/webapps/dvwa/config/config.inc.php
To complete the setup, browse to the DVWA directory on the webserver.
http://WEBSERVER_IP_ADDRESS/dvwa
Follow the link to setup the database.