Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
In this blog, I would explain how to install DVWA to be used on Kali Linux
- Change directory into /var/www/html
2. Download the DVWA installer from https://github.com/ethicalhack3r/DVWA/archive/master.zip
3. After we download the DVWA Installer, we then move the file directory to the web root directory.
4.Start service web server (apache2) and database (mysql)
5. This time, we will securing the installation of mysql
Now, try open the DVWA page. Go to your web browser and go for http://*ip-address*/setup.php
Sometimes, it will be succeed. But, If it gives an error message. Then, just copy confg/confg.inc.php.dist to confg/confg.inc.php
If it succeed, it will gives a DVWA page that looks like this
Now, we would like to get recaptcha from google
Before we going to the next step, It would be better to have no problem on the DVWA. Make sure that you fulfill all requirements by fixing all red notice. Next step is create database of DVWA.
Edit fle confg.inc.php and provide database access and recaptcha key which you get from Google.
After that, back to your DVWA installation in your browser and click “Create/Reset Database”. It will show DVWA Login page. Just fill it with :
Username: admin
Password: password
It will show the page of DVWA. There, you can learn how to go past through system via many ways. SQL Injection, Command Injection and many more!