Damn Vulnerable Web Application (DVWA): Difference between revisions

From Alpine Linux
m (update)
Line 34: Line 34:


{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
/etc/init.d/mysql start && rc-update add mysql default
/etc/init.d/mariadb start && rc-update add mariadb default
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}



Revision as of 08:01, 11 February 2016

For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

... "bin-path" => "/usr/bin/php-cgi82" # php-cgi ...

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client

Installing and configuring DVWA

Create the a folder named webapps

mkdir -p /usr/share/webapps/

Download the source archive and unpack it

cd /usr/share/webapps/ wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip

Unpack the archive and remove it

unzip v1.9.zip rm v1.9.zip

Change the folder permissions

chmod -R 777 /usr/share/webapps/

Create a symlinks to the folder dvwa

ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa

Configuration and start MySql

/usr/bin/mysql_install_db --user=mysql /etc/init.d/mariadb start && rc-update add mariadb default /usr/bin/mysqladmin -u root password 'password'

Modify the database credentials within DVWA configuration file /config/config.inc.php

nano -w /usr/share/webapps/dvwa/config/config.inc.php

To complete the setup, browse to the DVWA directory on the webserver.

http://WEBSERVER_IP_ADDRESS/dvwa

Follow the link to setup the database.