Damn Vulnerable Web Application (DVWA): Difference between revisions

From Alpine Linux
m (update)
(replace /etc/init.d with rc-service)
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
For testing web security tools a target which has plenty vulnerabilities is needed. The [http://www.dvwa.co.uk Damn Vulnerable Web Application (DVWA)] provides a PHP/MySQL web application that is damn vulnerable.
For testing web security tools a target which has plenty vulnerabilities is needed. The [https://github.com/digininja/DVWA Damn Vulnerable Web Application (DVWA)] provides a PHP/MySQL web application that is damn vulnerable.
 
== Install lighttpd, PHP, and MySql ==


= Install lighttpd, PHP, and MySql =
{{:Setting Up Lighttpd With FastCGI}}
{{:Setting Up Lighttpd With FastCGI}}


Install extra packages:
Install extra packages:
{{Cmd|apk add php-mysql mysql mysql-client}}


= Installing and configuring DVWA =
{{Cmd|# apk add php5-mysql mysql mysql-client}}
 
== Installing and configuring DVWA ==


Create the a folder named {{Path|webapps}}
Create the a folder named {{Path|webapps}}


{{Cmd|mkdir -p /usr/share/webapps/}}
{{Cmd|# mkdir -p /usr/share/webapps/}}
 
Download the source archive and unpack it:


Download the source archive and unpack it
{{Cmd|$ cd /usr/share/webapps/
&#35; wget <nowiki>https://github.com/digininja/DVWA/archive/refs/tags/v1.9.zip/nowiki>}}


{{Cmd|cd /usr/share/webapps/
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip}}


Unpack the archive and remove it
Unpack the archive and remove it:


{{Cmd|unzip v1.9.zip
{{Cmd|# unzip v1.9.zip
rm v1.9.zip}}
&#35; rm v1.9.zip}}


Change the folder permissions
Change the folder permissions:


{{Cmd|chmod -R 777 /usr/share/webapps/}}
{{Cmd|# chmod -R 777 /usr/share/webapps/}}


Create a symlinks to the folder ''dvwa''
Create a symlinks to the folder ''dvwa''


{{Cmd|ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}}
{{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}}


= Configuration and start MySql =
== Configure and start MySql ==


{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
{{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql
/etc/init.d/mysql start && rc-update add mysql default
# rc-service mariadb start && rc-update add mariadb default
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}
# /usr/bin/mysqladmin -u root password 'password'</nowiki>}}


Modify the database credentials within DVWA configuration file ''/config/config.inc.php''
Modify the database credentials within DVWA configuration file {{Path|/config/config.inc.php}}


{{Cmd|nano -w /usr/share/webapps/dvwa/config/config.inc.php}}
{{Cmd|# nano -w /usr/share/webapps/dvwa/config/config.inc.php}}


To complete the setup, browse to the DVWA directory on the webserver.
To complete the setup, browse to the DVWA directory on the webserver.


http://WEBSERVER_IP_ADDRESS/dvwa
<nowiki>http://WEBSERVER_IP_ADDRESS/dvwa</nowiki>


Follow the link to setup the database.
Follow the link to setup the database.


[[Category:PHP]] [[Category:SQL]] [[Category:Security]]
[[Category:PHP]] [[Category:SQL]] [[Category:Security]]

Latest revision as of 10:03, 17 November 2023

For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

... "bin-path" => "/usr/bin/php-cgi82" # php-cgi ...

Start lighttpd service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

# apk add php5-mysql mysql mysql-client

Installing and configuring DVWA

Create the a folder named webapps

# mkdir -p /usr/share/webapps/

Download the source archive and unpack it:

$ cd /usr/share/webapps/ # wget https://github.com/digininja/DVWA/archive/refs/tags/v1.9.zip/nowiki>}} Unpack the archive and remove it: {{Cmd|# unzip v1.9.zip # rm v1.9.zip}} Change the folder permissions: {{Cmd|# chmod -R 777 /usr/share/webapps/}} Create a symlinks to the folder ''dvwa'' {{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} == Configure and start MySql == {{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql # rc-service mariadb start && rc-update add mariadb default # /usr/bin/mysqladmin -u root password 'password'

Modify the database credentials within DVWA configuration file /config/config.inc.php

# nano -w /usr/share/webapps/dvwa/config/config.inc.php

To complete the setup, browse to the DVWA directory on the webserver.

http://WEBSERVER_IP_ADDRESS/dvwa

Follow the link to setup the database.