Did you know that you can navigate the posts by swiping left and right?

Installing DVWA in Kali linux

02 Apr 2017 . category: tech . Comments
#redteam #kali #dvwa

What’s Damn Vulnerable Web Application (DVWA)?

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerability, with various difficultly levels, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerability with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

So let’s set it up in our Kali installation!

DVWA needs apache and mysql, and Kali comes with those two installed. So let’s download the source code, start these two services and start the web application:



# Download and unzip DVWA
wget https://github.com/ethicalhack3r/DVWA/archive/master.zip -O dvwa.zip
unzip dvwa.zip

# start apache and mysql
service apache2 start
service mysql start

# Move dvwa to /var/www/html and setup permissions
mv DVWA-master /var/www/html/dvwa
cd /var/www/html
chmod -R 755 dvwa/

Almost done! Now let’s setup your mysql’s password in the DVWA configuration file, so it can create its ‘dvwa’ database:

setup

Now you should be seeing the login page under http://127.0.0.1/dvwa:

login

In the #redteam series of posts we’ll start with the low-hanging fruits, so don’t forget to set the security level of DVWA to ‘low’, under the ‘DVWA Security’ tab :wink:

Don’t forget to always reset the security level to ‘impossible’ and of course you should never expose this web application in a non-private network.


Me

Panos is a Computer Scientist with scientific publications in top conferences and journals, several patent applications, open-source contributions on privacy preserving products and a proven track record of delivering secure, reliable and fast cloud services. In the past, he worked as a Linux kernel developer at the CERN CERT team, did Machine Learning research at the University of Athens and innovated on Microsoft’s Office 365 cloud services. Currently he is on a mission to contribute to the mass adoption of cryptocurrencies.