Damn Vulnerable Web Application (DVWA)
For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
apk add php-mysql mysql mysql-client
Installing and configuring Piwik
Create the a folder named webapps
mkdir -p /usr/share/webapps/
Download the source archive and unpack it
cd /usr/share/webapps/ wget http://dvwa.googlecode.com/files/DVWA-1.0.7.zip
Unpack the archive and remove it
unzip DVWA-1.0.7.zip rm DVWA-1.0.7.zip
Change the folder permissions
chmod -R 777 /usr/share/webapps/
Create a symlinks to the folder dvwa
ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa
Configuration and start MySql
/usr/bin/mysql_install_db --user=mysql /etc/init.d/mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'
Modify the database credentials within DVWA configuration file /config/config.inc.php
nano -w config/config.inc.php
To complete the setup, browse to the DVWA directory on the webserver.
http://WEBSERVER_IP_ADDRESS/dvwa
Follow the link to setup the database.