Hi Techies, this blog post is very simple and would be very helpful for those who started learning web app security testing.
In this article, I have explained in detail what is DVWA and I have demonstrated step by step how to install DVWA. So let's get started...
What is DVWA in Cyber Security?
DVWA simply stands for Damn Vulnerable Web App, as its name it is a very vulnerable web app whose main goal is to provide aid that is used by security professionals and penetration testers to test their skills and tools in a legal environment. DVWA is PHP/MySQL based web application that helps beginners/students to learn and perform web application security in a legal way.
Let's understand with an example, Suppose you are learning Cyber Security and your trainer started a new topic which is SQL injection and he asked you to create an assignment where you have to demonstrate how databases can be hacked, now you cannot try to hack someone's database because it's not legal, so what will you do?
The simple answer is DVWA that can help you to perform database hacking in your local host and DVWA is not limited to only database hacking it can do various things that we will cover in our upcoming blogs. Now again read the first paragraph, I am damn sure you will understand each and every line.
Now we know what is DVWA so let's see how we can download DVWA on our system.
So simply you can search DVWA download on google and go to the official website and download or you can clock on DVWA download to directly download.
When you click on the above link you will prompt to DVWA official website where you just need to click on the download button, Take reference by viewing the below image.
How to Install DVWA (Damn Vulnerable Web App)
If you have downloaded DVWA then this is the time to install it, Let's see step by step installation of DVWA
Note: The commands I will run below requires grant i.e, root access, I have run by the normal user as root privileges, you can also run commands login as root.
Step 1: So first we will extract the zip file to install the DVWA, Go to your Downloads folder and find the file named DVWA-master.zip. If you found then run the below command to unzip the file
sudo unzip -d /var/www/html DVWA-master.zip
The above command will unzip the DVWA zip at /var.ww.html location. See the below screenshot of the execution of the first step
Step 2: Go to /var/www/html location and check the unzipped file named dvwa-master, This is the file that we unzipped in the previous step so we will now rename this file from dvwa-master to dvwa.
cd /var/www/html [This command will take you to the unzipped path] ls [This command is used to listing the files] sudo mv dvwa-master dvwa [This command will rename the file]
Check the below image to view the execution of the second step.
Step 3: In this step, we are configuring the config.inc.php.dist file so open the file by following the below command.
Note: Here I am using nano editor to open the file, you can choose any of the specific like vim, gedit, nano etc.
sudo nano /var/www/html/dvwa/config/config.inc.php.dist
Step 4: Execution of step 4 will open the configuration file where we need to edit a few fields. If you are doing this first time then make sure your configuration should be the same as the below picture. Write the same code as in the picture.
Step 5: After configure, you can use CTRL + O to save your configuration file and CTRL + X to exit from the file. In this step, we will rename this configuration file config.inc.php.dist to config.inc.php (simply just remove the dist). Use the below command to rename.
sudo mv /var/www/html/dvwa/config/config.inc.php.dist config.inc.php
Step 6: Now we are done with our settings so before installing we will also going to change the permission of our dvwa directory by running the below command.
sudo chmod -R 777 dvwa/ [This command will change the permission of dvwa folder]
Make sure you are at /var/www/html location before running the above command.
Step 7: In this step, we are going to start the MySQL service and Apache service. Use the below commands to do the same
sudo systemctl start mysql [This command will start MySQL database] sudo systemctl start apache2 [This command will start Apache Server]
Step 8: Now we will install DVWA so open any browser you want, I am going to open firefox and then search for localhost/dvwa/
check the below image for more on clarity what I am doing.
Step 9: Completion of step 8 will take you to the setup.php page where we will click on Create/Reset Database You can find this option at the bottom of the page.
In the above picture, you can see a Database has been created message which indicates our installtion is done. You can also see in a few seconds the page will take you to the login screen of DVWA.
Step 10: You can see the login page after the successful completion of step 9.
Step 11: Now we are done with the installation of DVWA. You can log in to DVWA by using the default username and password.
DVWA Default Login Details
So if you installed DVWA successfully in your local machine and you don't know the DVWA default login details such as username and password then you can enter the username as admin and password as the password. After entering credentials just click on the Login button and you will see the home page of DVWA where you can start performing your web testing.
DVWA SQL Injection
As we discussed in the definition that with DVWA you can perform various web app testing like brute force, command injection, SQL injection, XSS Vulnerabilities, Account details etc. If you installed DVWA and want to learn further how to use it and how to perform web testing or attacks then you can visit my free tutorial blog on SQL injection where I have told in detail what is SQL injection and how you can perform it in DVWA. Click on SQL Injection on DVWA to learn more.
DVWA is the best application that every beginner who is learning Cyber Security should use it;'s not only safe also it will help you to give practical exposure to web-based attacks. This blog covers the detailed installation of DVWA from scratch.
I hope you find this blog helpful, if you have found any error or doubt you can ask below on comment
- SQL Injection Attack (SQLi) | SQL Injection Prevention | SQL Injection Cheat Sheet [Practical Demo]
- What is DoS Attack | How to do Denial of Service Attack [Practical Demo]
- How to Become an Ethical Hacker | Techofide
- How to Install Kali Linux Step By Step Guide
- Linux Commands | Linux Commands Cheat Sheet
- What is Metasploit Framework | What is Penetration Testing | How to use Metasploit
- How to Install Metasploit on Windows and Linux | [Step by Step Guide]
- What is Computer Network | Basics of Networking [With Practical Examples]