Damn Vulnerable Web Application (DVWA) - installation 2018

for anyone trying today to install DVWA, thing changed a little, took me a while to get it working, so here it is:

IMPORTANT - su if you are not root user (i.e. not kali)

1. download the latest version 

to get it working with MariaDB and PHP v7.x

wget https://github.com/ethicalhack3r/DVWA/archive/master.zip && unzip master.zip

unzip under /var/www/html, rename folder to dvwa


2. config file

cd /var/www/html/dvwa/config
cp config.inc.php.dist config.inc.php
gedit config.inc.php

create captcha keys
https://www.google.com/recaptcha/intro/index.html
and set in $_DVWA[ 'recaptcha_public/private_key' ]

start at low difficulty

 $_DVWA[ 'default_security_level' ] = 'low';

you need to clean cookies if the dvwa was running


3. set user in MariaDB

sudo service mysql start
mysql -u root -p

db commands...

mysql > create database dvwa;
mysql > CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd';
mysql > grant all on dvwa.* to dvwa@localhost;
mysql > flush privileges;
mysql > exit


4. enable file inclusion

gedit /etc/php/7.2/apache2/php.ini

find and set
allow_url_fopen = On
allow_url_include = On


5. copy files to "root" folder

cp -a /var/www/html/dvwa/dvwa/. /var/www/html/dvwa/



 the end is just a new beginning


service apache2 restart && service mysql restart

exit if you are in su and

firefox 127.0.0.1/dvwa/setup.php



i added to my .bashrc the following to run dwva from terminal easy

echo "type 'dvwa' to init and open dvwa"
alias dvwa='sudo service apache2 restart && sudo service mysql restart && firefox 127.0.0.1/dvwa'



BONUS

if you are annoyed loke me for the help/source buttons opening in popups and not in new tabs:

sudo gedit /var/www/html/dvwa/js/add_event_listeners.js 

and change (twice)

popUp(url);

to

window.open(url);



Comments

Post a Comment

Popular posts from this blog

OverTheWire[.com] Natas Walkthrough - JUST HINT, NO SPOILERS

game portal: http://overthewire.org/wargames/natas/ PASSWORDS for each level are stored in /etc/natas_webpass/natasX I made this walkthrough for people like me, i needed some help, but didnt want the spoiler, so here i will give you all the information needed to pass each level, yet not the solution. For levels needed custom web request i made a different post for powershell and javascript  with how-to's, since is a piece of learning for itself, and also for those of us that play at work and have only powershell at their hands. Although its not a complete spoiler there, its quite most of the solution so try yourself 1st. Natas The Natas game is from basic to advances web hacking. Every few levels is about whole new exploitation (with some harder ones doing comeback later), so a lot of learning. If you're new, you're the reason i am writing so much even for the 1st level, just please google EVERY topic you see, since in the following levels i assume you know the
Read more

SOLVED The item could not be indexed successfully because the item failed in the indexing subsystem

if you got an error like this The item could not be indexed successfully because the item failed in the indexing subsystem. ( The item could not be indexed successfully because the item failed in the indexing subsystem.; Failed to recover content group; Aborting insert of item in Link Database because it was not inserted to the Search Index.; ; SearchID = 04081656-B51B-4DCD-96D4-6DB2D2CEEEE7 ) as well as these: The item could not be indexed successfully because the item failed in the indexing subsystem. ( The item could not be indexed successfully because the item failed in the indexing subsystem.; Caught exception when preparing generation GID[7]: (Previous generation (last=GID[6], curr=GID[7]) is still active. Cannot open GID[7]); Aborting insert of item in Link Database because it was not inserted to the Search Index.; ; SearchID = 92EB0180-C086-4853-BED8-F4878D9748AD ) the solution for me was to clear configuration cache (PS)  and then restart SP Search Services. THX to m
Read more

Asp.Net Ending Response options, Response.End() vs CompleteRequest()

this blog is for any1 who get the ThreadAbortException when caling Response.End(), and then tried the other options such as HttpContext.Current.ApplicationInstance.CompleteRequest() and found out that there was no replacement. i'll start with the bottom line: if you want to stop right now your response and send it as is you dont have any other option other than Response.End(), period and it's the right thing to throw that EX in that case. the answer is its because there is the "HTTP pipeline" and the "Asp.Net pipeline", and CompleteRequest() cuts the HTTP pipeline but not the Asp.Net one so everything that is from handlers forwars (including all page events) continues but your part, the asp one, stays in your hands so that no information will be lost, so ur suppose to manage your code currectly, since information lost is really a bad thing, although in most cases we use Response.End() we know what we are losing and we want it. see this short article ab
Read more