What is DVWA?
DVWA is a php mysql-based vulnerable machine that helps us improve ourselves and simulate various web attacks.
DVWA Windows installation
First, we need to install the necessary software, firstly, let's go to the site of our application and download our DVWA program:dvwa.co.uk
While downloading our application, let's download the XAMPP program from its site, which enables us to work in the local network and install mysql DB:apachefriends.org/index.html
After downloaded our XAMPP program, let's run it and complete the installation by saying next next.
then let's come to C disk and throw our DVWA folder we downloaded earlier to xampp / htdocs (do not forget to unzip it)
After copied our file, we are coming to the DVWA-master / config section and we are opening our config.inc.php.dist file with a notepad or similar application, then we are editting thedb_user, db_password and ReCaptcha keys like below.
Code:
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';
Code:
$_DVWA[ 'recaptcha_public_key' ] = 'a';
$_DVWA[ 'recaptcha_private_key' ] = 'a';
After editing the necessary moments, you may have noticed that config.inc.php appears as a dist file like below (Your file extensions are likely to be disabled)
For this, as you can see above, we click on the view tab in the top bar, we are opening the file extensions and we are setting the name of our file as config.inc.php.
Now we are opening the xammp control panel that we downloaded and click on the config section of the apache section in the coming panel and we are clicking on the PHP (php.ini) section.
In the incoming text, we do ctrl-f and look for the url_include ******** and we are checking that the url_fopen and url_include sections are On, if not, we are changing it as On and save and we are exiting.
Our installation is almost finished, now we come back to xampp and we are starting the COLOR="darkorange"] apache[/COLOR] and Mysql sections by saying start. Then we are typing the link below from any web browser.
Code:
localhost/DVWA-master
Now we go down and we are clicking the Create / Reset Database button and the installation is completed.
Immediately After a few seconds, the login section is appearing. We are writing admin in the user section and password in the password section and we are entering.
Linux Installation:
First, we will download some necessary services, we are opening the terminal and run the code below.
Code:
apt-get -y install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php
Then we are writing the below codes in order of do the necessary setup and authorization.
Quotation:
sudo cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git
sudo mv DVWA dvwa
sudo chmod -R 777 dvwa/
Now we will come to our config file and we are converting our dist file to php.
Code:
sudo cd dvwa/config
sudo cp config.inc.php.dist config.inc.php
We will edit our config file with the nano editor. If you do not want to use nano, you can also use a mousepad or similar text editor, whichever are coming to your convenience.
As seen above, we changed the db_user and db_password sections to 'user' 'pass' and We say CTRL-x and save and we are exiting.
Now we are configuring our mysql db by writing the following codes to the terminal respectively.
Code:
sudo service mysql start
sudo mysql -u root -p # will ask for password We are entering the root password we use for linux
In the # from mariadb console, we are writing the following codes in order.
create user 'user'@'127.0.0.1' identified by 'pass';
grant all privileges on dvwa. * to 'user'@'127.0.0.1' identified by 'pass';
Now that we have configured our db, we can move on to the last settings. We are coming to the apache folder.
Code:
sudo cd The version number you see as 7.4 in the /etc/php/7.4/apache2 #apache folder may be different, but enter the apache folder.
Code:
sudo mousepad php.ini
we opened with Mousepad in the folder, we are searching for the 'url_include' section with the CTRL-F combination and change it to On and we are saving.
Let's go back to the terminal and start our apache service.
Code:
sudo service apache2 start
Now that we started our Apache service, you can use any web browser with the help of 127.0.0.1/dwa/
We are coming to the section and we are clicking the Create / Reset Database button, our installation is completing
.
Username and password: admin
password
Source:https://www.turkhackteam.org/siber-guvenlik/1981399-dvwa-kurulumu-nedir-nasil-kurulur.html
DVWA is a php mysql-based vulnerable machine that helps us improve ourselves and simulate various web attacks.
DVWA Windows installation
First, we need to install the necessary software, firstly, let's go to the site of our application and download our DVWA program:dvwa.co.uk
While downloading our application, let's download the XAMPP program from its site, which enables us to work in the local network and install mysql DB:apachefriends.org/index.html
After downloaded our XAMPP program, let's run it and complete the installation by saying next next.
then let's come to C disk and throw our DVWA folder we downloaded earlier to xampp / htdocs (do not forget to unzip it)
After copied our file, we are coming to the DVWA-master / config section and we are opening our config.inc.php.dist file with a notepad or similar application, then we are editting thedb_user, db_password and ReCaptcha keys like below.
Code:
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';
Code:
$_DVWA[ 'recaptcha_public_key' ] = 'a';
$_DVWA[ 'recaptcha_private_key' ] = 'a';
After editing the necessary moments, you may have noticed that config.inc.php appears as a dist file like below (Your file extensions are likely to be disabled)
For this, as you can see above, we click on the view tab in the top bar, we are opening the file extensions and we are setting the name of our file as config.inc.php.
Now we are opening the xammp control panel that we downloaded and click on the config section of the apache section in the coming panel and we are clicking on the PHP (php.ini) section.
In the incoming text, we do ctrl-f and look for the url_include ******** and we are checking that the url_fopen and url_include sections are On, if not, we are changing it as On and save and we are exiting.
Our installation is almost finished, now we come back to xampp and we are starting the COLOR="darkorange"] apache[/COLOR] and Mysql sections by saying start. Then we are typing the link below from any web browser.
Code:
localhost/DVWA-master
Now we go down and we are clicking the Create / Reset Database button and the installation is completed.
Immediately After a few seconds, the login section is appearing. We are writing admin in the user section and password in the password section and we are entering.
Linux Installation:
First, we will download some necessary services, we are opening the terminal and run the code below.
Code:
apt-get -y install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php
Then we are writing the below codes in order of do the necessary setup and authorization.
Quotation:
sudo cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git
sudo mv DVWA dvwa
sudo chmod -R 777 dvwa/
Now we will come to our config file and we are converting our dist file to php.
Code:
sudo cd dvwa/config
sudo cp config.inc.php.dist config.inc.php
We will edit our config file with the nano editor. If you do not want to use nano, you can also use a mousepad or similar text editor, whichever are coming to your convenience.
As seen above, we changed the db_user and db_password sections to 'user' 'pass' and We say CTRL-x and save and we are exiting.
Now we are configuring our mysql db by writing the following codes to the terminal respectively.
Code:
sudo service mysql start
sudo mysql -u root -p # will ask for password We are entering the root password we use for linux
In the # from mariadb console, we are writing the following codes in order.
create user 'user'@'127.0.0.1' identified by 'pass';
grant all privileges on dvwa. * to 'user'@'127.0.0.1' identified by 'pass';
Now that we have configured our db, we can move on to the last settings. We are coming to the apache folder.
Code:
sudo cd The version number you see as 7.4 in the /etc/php/7.4/apache2 #apache folder may be different, but enter the apache folder.
Code:
sudo mousepad php.ini
we opened with Mousepad in the folder, we are searching for the 'url_include' section with the CTRL-F combination and change it to On and we are saving.
Let's go back to the terminal and start our apache service.
Code:
sudo service apache2 start
Now that we started our Apache service, you can use any web browser with the help of 127.0.0.1/dwa/
We are coming to the section and we are clicking the Create / Reset Database button, our installation is completing
Username and password: admin
password
Source:https://www.turkhackteam.org/siber-guvenlik/1981399-dvwa-kurulumu-nedir-nasil-kurulur.html
Son düzenleme: