This guide will teach you how to install DVWA (Damn Vulnerable Web App) on Ubuntu Server 14.04.
Before we begin, let me explain what DVWA is. DVWA is a vulnerable-by-design PHP/MySQL web application focused towards security professionals, penetration testers, web developers, teachers, and students. Let’s take a look at how DVWA can be used among these categories.
Security Professionals and Penetration Testers
DVWA provides a test platform for IT professionals to experiment with new penetration testing tools, practice new exploitation techniques, and improve their ability to identify and exploit common vulnerabilities.
Web Developers
DVWA helps web developers understand poor programming practices and common vulnerabilities. In turn, developers are able to improve the security of their projects.
$199 ENROLLS YOU INTO OUR SELF PACED COURSE – LFS264 – OPNFV FUNDAMENTALS!
Teachers and Students
Teachers can use DVWA to create and support lecture material when teaching students about web development, security, system administration, and so on. Additionally, teachers can deploy DVWA as a lab activity, an online assignment, or a group exercise. When applied in an educational environment, DVWA provides students with a more engaging and interactive learning experience.
Installation Guide
Alright, let’s go ahead and get started with the installation process.
Step 1
Log into your Ubuntu server.
Step 2
Install MySQL server by entering the following command:
root@ubuntu:~# apt-get install mysql-server
When prompted, create a password for MySQL.
Note: Don’t forget your MySQL password. We’re going to need it later.
Step 3
Install unzip, Apache web server, PHP5, PEAR, and the PHP5 MySQL module by entering the following command:
root@ubuntu:~# apt-get install unzip apache2 php5 php5-mysql php-pear
Step 4
Move into the /var/www/html directory by entering the following command:
root@ubuntu:~# cd /var/www/html
This is the directory that Apache serves by default.
ENROLL TODAY IN THE SELF PACED COURSE – LFS263 – ONAP FUNDAMENTALS FOR $199!
Step 5
Download and unzip the DVWA package by entering the following commands:
root@ubuntu:/var/www/html# wget https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip
root@ubuntu:/var/www/html# unzip v1.0.8.zip
You should now have a directory titled, “DVWA-1.0.8″
Step 5
Before we continue, we should clean up the mess that we’re making. We can delete the v1.0.8.zip file and rename the DVWA-1.0.8 directory to something more practical by entering the following commands:
root@ubuntu:/var/www/html# rm v1.0.8.zip
root@ubuntu:/var/www/html# mv DVWA-1.0.8 dvwa
The DVWA-1.0.8 directory should now be titled “dvwa”
Step 6
Open the DVWA database connection script by entering the following command:
root@ubuntu:/var/www/html# nano dvwa/config/config.inc.php
Step 7
Now we need to add our MySQL password to the DVWA database connection script. To do this, find the following line:
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
and replace “p@ssw0rd” with your MySQL password.
Example:
$_DVWA[ 'db_password' ] = 'mysqlpassword';
When you’re finished adding your password, press “control” and “x” to end the editing session. Then press “y” to confirm your changes. Then press enter to save the file.
Step 8
I’m going to cd back to my root directory real quick. Join me if you want…
root@ubuntu:/var/www/html# cd
Open the Apache php.ini file by entering the following command:
root@ubuntu:~# nano /etc/php5/apache2/php.ini
Step 9
Find the following line:
allow_url_include = Off
and replace “Off” with “On”
Example:
allow_url_include = On
Tip:
An easy way to find a string of text is to open the search prompt by pressing “control” and “w” Then enter the search term and press enter.
When you’re finished replacing the text, press “control” and “x” to end the editing session. Then press “y” to confirm your changes. Then press enter to save the file.
Step 10
Change the permissions by entering the following command:
root@ubuntu:~# chmod -R 777 /var/www/html/dvwa
Step 11
Log into MySQL and create a database for DVWA by entering the following commands:
root@ubuntu:~# mysql -u root -p
Enter Password: [your mysql password]
root@ubuntu:~# create database dvwa;
root@ubuntu:~# exit
Step 12
Open the apache.conf file by entering the following command:
root@ubuntu:~# nano /etc/apache2/apache2.conf
Step 13
Move to the bottom of the file and add the following line:
ServerName localhost
When you’re finished adding the new line, press “control” and “x” to end the editing session. Then press “y” to confirm your changes. Then press enter to save the file.
Step 14
Start the Apache web server by entering the following command:
root@ubuntu:~# service apache2 start
Step 15
Open a web browser and navigate to:
http://[server IP address]/dvwa/setup.php
Example:
http://192.168.0.20/dvwa/setup.php
and click the button that says “Create / Reset Database”
Step 16
Navigate to:
http://[server IP address]/dvwa
Example:
http://192.168.0.20/dvwa/
and log in with the following credentials:
username: admin
password: password
$299 WILL ENROLL YOU IN OUR SELF PACED COURSE – LFS205 – ADMINISTERING LINUX ON AZURE!
Well done, you have installed DVWA on your AWS instance, now fire up Kali and start the fun, happy hacking!!
in Guides
Full article/blog:
Source: How to install DVWA on Ubuntu Server 14.04 | HackThis
BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!
Linux Security Blog 
2 Comments