Damn Vulnerable Web Application (DVWA): Difference between revisions
m (→Configuration and start MySql: Removed a hyperlink to a hypothetical URL.) |
(formatting tweaks) |
||
| Line 1: | Line 1: | ||
For testing web security tools a target which has plenty vulnerabilities is needed. The [http://www.dvwa.co.uk Damn Vulnerable Web Application (DVWA)] provides a PHP/MySQL web application that is damn vulnerable. | For testing web security tools a target which has plenty vulnerabilities is needed. The [http://www.dvwa.co.uk Damn Vulnerable Web Application (DVWA)] provides a PHP/MySQL web application that is damn vulnerable. | ||
= Install lighttpd, PHP, and MySql = | == Install lighttpd, PHP, and MySql == | ||
{{:Setting Up Lighttpd With FastCGI}} | {{:Setting Up Lighttpd With FastCGI}} | ||
Install extra packages: | Install extra packages: | ||
= Installing and configuring DVWA = | {{Cmd|# apk add php5-mysql mysql mysql-client}} | ||
== Installing and configuring DVWA == | |||
Create the a folder named {{Path|webapps}} | Create the a folder named {{Path|webapps}} | ||
{{Cmd|mkdir -p /usr/share/webapps/}} | {{Cmd|# mkdir -p /usr/share/webapps/}} | ||
Download the source archive and unpack it | Download the source archive and unpack it: | ||
{{Cmd|cd /usr/share/webapps/ | {{Cmd|$ cd /usr/share/webapps/ | ||
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip}} | # wget <nowiki>https://github.com/RandomStorm/DVWA/archive/v1.9.zip</nowiki>}} | ||
Unpack the archive and remove it | Unpack the archive and remove it: | ||
{{Cmd|unzip v1.9.zip | {{Cmd|# unzip v1.9.zip | ||
rm v1.9.zip}} | # rm v1.9.zip}} | ||
Change the folder permissions | Change the folder permissions: | ||
{{Cmd|chmod -R 777 /usr/share/webapps/}} | {{Cmd|# chmod -R 777 /usr/share/webapps/}} | ||
Create a symlinks to the folder ''dvwa'' | Create a symlinks to the folder ''dvwa'' | ||
{{Cmd|ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} | {{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} | ||
= | == Configure and start MySql == | ||
{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql | {{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql | ||
/etc/init.d/mariadb start && rc-update add mariadb default | # /etc/init.d/mariadb start && rc-update add mariadb default | ||
/usr/bin/mysqladmin -u root password 'password'</nowiki>}} | # /usr/bin/mysqladmin -u root password 'password'</nowiki>}} | ||
Modify the database credentials within DVWA configuration file | Modify the database credentials within DVWA configuration file {{Path|/config/config.inc.php}} | ||
{{Cmd|nano -w /usr/share/webapps/dvwa/config/config.inc.php}} | {{Cmd|# nano -w /usr/share/webapps/dvwa/config/config.inc.php}} | ||
To complete the setup, browse to the DVWA directory on the webserver. | To complete the setup, browse to the DVWA directory on the webserver. | ||
Revision as of 20:26, 30 May 2023
For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
# apk add php5-mysql mysql mysql-client
Installing and configuring DVWA
Create the a folder named webapps
# mkdir -p /usr/share/webapps/
Download the source archive and unpack it:
$ cd /usr/share/webapps/ # wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
Unpack the archive and remove it:
# unzip v1.9.zip # rm v1.9.zip
Change the folder permissions:
# chmod -R 777 /usr/share/webapps/
Create a symlinks to the folder dvwa
# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa
Configure and start MySql
# /usr/bin/mysql_install_db --user=mysql # /etc/init.d/mariadb start && rc-update add mariadb default # /usr/bin/mysqladmin -u root password 'password'
Modify the database credentials within DVWA configuration file /config/config.inc.php
# nano -w /usr/share/webapps/dvwa/config/config.inc.php
To complete the setup, browse to the DVWA directory on the webserver.
http://WEBSERVER_IP_ADDRESS/dvwa
Follow the link to setup the database.