DVWA tutorial

In this blog:

• Git clone.

• PHP configuration.

• Start MySQL and create database.

• Apache2 configuration.

• Connecting to the server.

➡️ Click here to see my blog on Cron jobs in your personal Linux environment.

➡️ Find my blog on Suricata for examining logs in your Linux environment.

➡️ Find my blog on file integrity monitoring in Linux with Tripwire.

➡️ Find my blog on scripting your own random password generator in Python.

Git clone

Go to this link ➡️ https://github.com/digininja/DVWA and clone into the DVWA repository using the command ➡️

sudo apt update
sudo git clone https://github.com/digininja/DVWA

The following steps for apache2 should be completed inside the /var/www/html directory, as this should be where apache2 will be downloaded normally, however if it isn’t there, simply install apache2 by typing sudo apt update to rebuild any missing dependencies and packages, and then type sudo apt install apache2 into the correct directory.

Inside the apache2 directory, clone the repo using sudo.

Change DVWA to executable using -R 777.

Cd into the DVWA directory, then cd into the config directory.

Copy the config file into the same place, but replace .dist with .php. Don’t delete the original file, as you may need this later.

PHP configuration

Open the php file with any text editor. I will be using nano.

Type

sudo nano config.in.php.

Change the username and passwords to make it easier for us later, then save and exit the editor.

Start MySQL and create database

Let’s start our mysql database server.

Use the command ➡️

sudo systemctl start mysql

To check if the database is up and running, use the command ➡️

sudo systemctl status mysql

Enter super user mode with sudo su, and type ➡️

mysql -u root -p

-u just means username (root). When it asks for the password, click enter and you will enter the database monitor.

Create a new database. I named it dvwa for simplicity. End with a semicolon ➡️

create database dvwa;

Now create a new user called admin and tell the database to look into the local host when starting up our database. Make sure the username and password are the same as what you set in the apache2 configuration file earlier ➡️

create user 'admin'@'127.0.0.1' identified by 'password';

Now give our new user all privileges. You can now exit the configurator ➡️

grant all privileges on dvwa.* to 'admin'@'127.0.0.1';

Use the command ➡️

SELECT User FROM mysql.user; 

to list the current users in the mysql database.

Apache2 configuration

Next, we need to start the apache2 server. Type ➡️

systemctl start apache2

Check if it is up and running with the status command just like before.  

Run ➡️

netstat -pant 

to see our running services listening.

Now we need to configure the apache2 php file.

Enter /etc/php directory and open the latest php version and using any editor, open the php.ini file.

Find fopen and where the arrows mark, make sure they are both set to On. Save the file and exit.

Connecting to the server

Restart the apache2 connection and go to web browser and search

127.0.0.1/DVWA

Remember to maintain the same uppercase name that we set before, or it won’t work, as I spent about 2 hours trying to fix an issue that I thought was with the install process, but was actually the case sensitivity.

Login with the credentials you set earlier. (admin:password).

Scroll down to the bottom of the webpage and click the Create/Reset Database button.

You will be asked to log in again, then be taken to the DVWA webpage.

Thanks for reading!