by vault . 05 May 2018
In this tutorial, I'll demonstrate you to setup Damn Vulnerable Web Application (DVWA) along with Apache and MySQL on localhost. We will clone into the project, will deploy it under apache hosting directory and will set up a site storage server. It is coded in PHP with some of the simplest authentication logic.
It's always been a concern for newbies that where they should practice and explore the vulnerabilities they learn and read about and the often question that has been asked a lot of times while having research is what are possible situations and criteria of a vulnerability like SQLi and XSS could be. If you are one of those guys, DVWA would be for you to figure it out youself.
Getting ahead through the application development logics will help you understand the basics. It doesn't mean that you will be mastered within a few successive attempts. Real world problems are quite different from the one presented in this project. In fact, you will have to study more and look more deeply into the application structure and have to be quite familiar with the technologies used in the application. Be sure to have an Internet connection before you get to start.
Apache would already have a default site enabled which must have configured earlier while having the installation. We will remove this default project and will set up a new one for the vulnerable web-application. At first, remove any of these default sites available under the apache enabled sites directory:
Setup a new Apache server configuration.
Copy/Paste the below configuration and press CTRL+X and then y to save the file.
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html/dvwa </VirutalHost>
Then we will enable the site to be hosted by apache by linking to enabled-sites directory:
ln -s /etc/apache2/sites-available/dvwa.conf /etc/apache2/sites-enabled/
Now, when apache will be restarted, it will look for web documents and other site related resources under the /var/www/html/dvwa directory instead of /var/www/html which seems to be a little safer configuration for this project.
The project is available on github. Clone into it with git clone:
git clone https://github.com/ethicalhack3r/DVWA.git
Now, you will have a folder with name DVWA in your current directory. Move all of this folder files to apache hosting directory.
mv DVWA/* /var/www/html/dvwa/
Then verify, if all the required files are moved to the hosting directory:
Now, give the neccessary read, write and execute permissions. So, there could be no error while performing operations on these files.
chmod -R 777 /var/www/html/dvwa/
We will use MySQL for storing whatever data from DVWA. In this step we will setup database first and then define the alotted credentials in the DVWA configuration file. Open the MySQL console and execute the following commands:
mysql -u root
mysql> CREATE DATABASE dvwa; mysql> CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'password'; mysql> GRANT ALL ON dvwa.* TO 'dvwauser'@'localhost'; mysql> flush privileges; mysql> exit;
Make sure you don't include mysql> at the far left of the command. It's just there to indicate that it's a MySQL terminal.
The summary of above steps is:
Now, we will setup the assessment configuration to fulfill all the required components which in short for now are database and Recaptcha. Database has already been created and assigned the necessary privileges. So, open the config file and add the project database information as shown:
After being done with the database settings. We will be required the Google Recaptcha to explore the Insecure Validation vulnerability in web interface. For this to happen, navigate the Google Recaptcha site and get youself a new captcha which will provide you with a private and a public key for data encryption between the server and client. Add both of these keys to the project configuration as given:
Now, save the file and you are done with the DVWA configuration.
As already told, PHP is used in this assessment project to serve the server side implentation logic. Until yet, the latest available PHP version is 7.2. Install PHP-7.2 using Debain or Ubuntu Package utility:
sudo apt-get install php7.2-gd
Then we will need to allow url include to explore the file upload vulnerability along the POST and GET requests. After the successfull installation of PHP7.2, edit the PHP configuration file for apache servers and set the value of allow_url_include to ON.
Now, everything's setup. Start the apache2 web server:
service apache2 start
Navigate to the link 127.0.0.1, you will see the web interface.
Click on button Clear/Reset Database and you will be redirected to login page. The default credentials are admin/password. Now, login, explore the interface and happy hacking
So, we saw how you could setup a simple vulnerable web application on localhost. As for the database, you could also use PostgreSQL. It's just the matter of preference as we have don't have any sort of concern with data integrity or a large audience. Just use what are used to.