How to Setup DVWA in kali Linux.
Setup a Vulnerable Web Server DVWA in Kali Linux localhost.
How to Setup
Setting up vulnerable server is very easy. Now we set up DVWA in our kali Linux machine.
DVWA is designed for practice some most common web vulnerability. It is made with PHP and MySQL.
Lets’s Start
In Linux environment localhost files are stored in /var/www/html directory, so we open a terminal and change our directory to that directory using following command:
Here we clone DVWA from it’s Github repository. To clone it we run following command:
After the cloning complete, we rename the DVWA to dvwa (it is not necessary but it will save our effort).
Then we change the permission on dvwa directory by using following command:-
Now we have to setup this web application to run properly for that we have to go into /dvwa/config directory.
In the above screenshot we can see the config.inc.php.dist file. This file contains default configuration. We need to make a copy of this file with .php extension name, we are coping this file because in future if anything goes wrong then we have the default values. So we copy this file with .php extension name using following command:-
Edit this config.php file
The Screenshot is following :-
We will make changes in this part the p@ssw0rd to pass and the user from root. see the following screenshot:-
Then we save and exit.
The next is configuring the database.
Here we have opened a new terminal window closing the previous one. We start the mysql at first using following command:-
If there are no errors that means the service is started.
Now let’s login to mysql using following command:-
Now to setup a database, we start with creating a new user by applying following command.
create user 'user'@'127.0.0.1' identified by 'pass';
Here using this command we are creating a user called ‘user’ running server on 127.0.0.1(localhost) and the password is ‘pass’. Remember that this username and password should exactly same as the password and username we have entered in the configuration file of dvwa web application.
In the screenshot we can see the query is OK. That means the user is created.
Then we grant this user all the privileges over the database. For that we type following command:-
grant all privileges on dvwa.* to 'user'@'127.0.0.1' identified by 'pass';
Yes, we have finished the work of database, now we configure the server. For this we need to configure our apache2 server. Let’s change our directory to /etc/php/7.4/apache2
Here we are using version 7.4, if we use another version then the path might be change.
cd /etc/php/7.4/apache2
Here we configure the php.ini file.
We need to change the allow_url_fopen and allow_url_include values. We set both of them ‘On’. In some cases when we are first time configuring it, we might find that one of this or both of this configuration is set to ‘Off’. We have turned both of these configuration to ‘On’, as the following screenshot:-
Then we save and close the file.
Then we start the apache2 server using following command:-
service apache2 start
Let’s open the browser and navigate to 127.0.0.1/dvwa/ first open will open the setup.php as shown in the screenshot.
Here we scroll down and click on “Create/Reset Database”.
Then it will create and configure the database and we redirected to DVWA login page.
- Username:- admin
- Password:- password
After login we are in Damn Vulnerable Web Applications main page. Here is some general information and warnings.
On the left side we can see lots of vulnerable pages are available we can practice here.
DVWA have different security levels to change those we navigate to DVWA security. There are some security levels low, medium, high, impossible. We can choose difficulty as we need.
Now we can run penetration testing tools and techniques in our localhost.
This is how we can setup DVWA, Damn Vulnerable Web Application in our Kali Linux system.