- Installing DVWA
Disclaimer : No cool stuff in this tutorial, just straightforward installation.
You need to have Kali Linux (rolling release) and Ubuntu (I’m using 16.04) up and running. If you aren’t familiar with virtual machines and stuff, then take a break of a few days, get familiar with them, install and run a few Linux (any flavour) VMs, drink some coffee, etc. Once you’re comfortable with virtual machines (and have Kali & Ubuntu up nd running), proceed onward.
Now, you are familiar with web apps, virtual machines, and linux (not networking though). The task above were pretty simple but for now you can move ahead with the tutorial with the given amount of expertise. Also, the pre-reqs listed above are for the entire web pentesting series, and most probably you’ll be able to follow this tutorial without completing some of them, since this is the first and very basic installation tutorial.
Ubuntu Version – 16.04.1 LTS
XAMPP Version – 7.1.1 (you’ll install this later in the tut)
- First we will download DVWA.
- Then we read it’s doc and find out what to do.
- After reading doc, we realize we need to install XAMPP, we do that.
- After installing XAMPP, we test if it works by starting it and opening localhost on our machine.
- Once we’re sure that XAMPP works, we will proceed and copy DVWA files to htdocs folder of XAMPP.
- Now we check if localhost/DVWA-master leads us to the vulnerable app. If it does, then we did everything right.
|Navigate to the extracted archive. Get a lay of the land. You’ll find that there is documentation available in docs folder.|
|Here is the relevant section of the documentation. We need to install XAMPP. You can get it to work
with any other equivalent software bundle, but for ease, let’s stick to the recommended way.
|Proceed to download the XAMPP bundle. I went with the latest version (going with latest version
poses a slight problem for us, while DVWA is flawed, our PHP version is perfectly patched. For now, let’s
ignore this. If this cause hinderance at a later stage, then we’ll deal with it)
|Navigate to downloads directory and run the installer for XAMPP|
|Realise that you forgot to run the installer as root! (kudos if you ran as root and didn’t make the
same mistake as me)
|Run installer as root|
|It’s a simple installer. You’d know what to do.|
|Wait for it to finish.|
|Start the XAMPP server (note that the directory is lampp in linux systems)|
|Check if your server is running by typing 127.0.0.1 or localhost on your browser. XAMPP is now up
and running properly. Let’s run our vulnerable app on XAMPP now.
|As suggested by the documentation, we simply move our folder into the htdocs directory.|
|Open the localhost/DVWA-master URL and you’ll see that everything works as expected. Our initial
setup is successfully done.
There is still further configuration to be done, but I don’t want to extend the tutorial any further. After the next section, there is link to part 2 of this series.
For below commands to work, ensure the following-
- xampp-linux-x64-VERSION-installer.run – this file downloaded and is located in Downloads folder
- DWVA-master directory is located in home folder (the archive to be downloaded and extracted to obtain this directory).
- Replace VERSION with the version you have downloaded (22.214.171.124 in my case)
Here are the commands-
- cd ~/Downloads
- chmod a+x xampp-linux-x64-VERSION-installer.run
- cd ~
- sudo ./xampp-linux-x64-VERSION-installer.run
- sudo mv ~/DWVA-master/ /opt/lampp/htdocs/
Part 2 : fixing the problems and finishing the configuration. Here’s the link –
- Read about localhost (what does this URL signify – 127.0.0.1)
- Commands used – ls, cd, mv, sudo. Use man pages to find out what these mean (eg. type man mv into the terminal)