In this article we are going to learn about DVWA (Damn Vulnerable Web Application), also how to configure the web application in Ubuntu 18 virtual machine.
Before installation and configuration, lets get in what is web application? A web application is a computer program that utilizes web browser and web technology to perform task overs the internet. Web apps can be built for a wider uses which can be used by anyone from an enterprise to an entry for a variety of reasons. Frequently used web applications can include webmail.
DVWA damn vulnerable web application coded in PHP and uses MYSQL database. Its made for security professionals or aspiring security researchers, to find new issues or security flaws in web applications.
For installation of DVWA, first install apache2. Apache2 is a free open-source web server that provide HTTP server to deliver web content through the internet. Follow below commands:
1. First open your terminal in Ubuntu or any Linux distribution, after that apply root privilege's using command:
$ sudo bash
enter your root password
2. Update & Upgrade your system, through below command:
$ apt update
$ apt upgrade
3. Now start installation of apache2, using below command:
apt install apache2
To be ensure that apache2 is installed into system correctly, just you have put your ip address of the ubuntu system into web browser. In my case my ip address is 192.168.29.107, whenever i will put this ip address into web browser then it will show the apache2 official page. This means apache2 installed perfectly.
4. After installation of Apache2, it will build a HTML directory inside of var/www/ , Now we have place our DVWA application into var/www/html/ directory. Use cd command to get inside of the HTML directory.
cd /var/www/html/
git clone https://github.com/ethicalhack3r/DVWA
5. After the installation, go inside of the DVWA and there will you find a config folder, now we will move inside the config folder and there we find the config.inc.php.dist file. Use mv command to move the config.inc.php.dist to config.inc.php
# mv config.inc.php.dist config.inc.php
6. Open the config.inc.php file and you can change the file content or change the database user and password. Using command nano config.inc.php
In my case we have use raj as db user and db password 123.
7. Now we will try to open DVWA lab in the browser by using the following URL and click on Create/Reset Database
http://localhost/DVWA/setup.php
We have successfully configured the DVWA lab setup in ubuntu 18 virtual machine, we can see the welcome login page of DVWA.
Now we can get access of this DVWA from other computer system. Only we have to use the Ubuntu (System where you have installed DVWA) ip address to get the access of DVWA into different system.
In my case the Ubuntu ip address is 192.168.29.107, type this ip address into web browser like this http://192.168.19.107/DVWA/
For login we will use the DVWA default username and password which is admin and password.
Here you can practice different web application attacks and find vulnerabilities. Also you can adjust your difficulty level through setting pf DVWA. There will be three mode of difficulty level i.e, Normal, Medium, Hard & Impossible.
So w have learn how to setup the web application and how to configure web application within the html directory and access using localhost.
Comments
Post a Comment
If you have any doubts. Please let me know.