{"id":4634,"date":"2019-11-14T19:26:13","date_gmt":"2019-11-14T16:26:13","guid":{"rendered":"https:\/\/kifarunix.com\/?p=4634"},"modified":"2024-03-12T23:16:45","modified_gmt":"2024-03-12T20:16:45","slug":"install-and-setup-dvwa-on-debian-10","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-dvwa-on-debian-10\/","title":{"rendered":"Install and Setup DVWA on Debian 10"},"content":{"rendered":"\n

Want to shape your skills on web application security? Well how about you play around with Damn Vulnerable Web Application<\/a>? Follow through this guide to learn how to install and setup DVWA on Debian 10 Buster as a legal environment to run your tests.<\/p>\n\n\n\n

Installing DVWA on Debian 10<\/h2>\n\n\n\n

Run System Update<\/h3>\n\n\n\n

To begin with, ensure that your system packages are up-to-date.<\/p>\n\n\n\n

apt update<\/code><\/pre>\n\n\n\n
apt upgrade<\/code><\/pre>\n\n\n\n
Install LAMP Stack on Debian 10<\/h3>\n\n\n\n
One of the major requirements for setting up DVWA lab is to have LAMP Stack up and running. Follow the guides below to learn how to install LAMP stack on Debian 10 Buster.<\/p>\n\n\n\n
Install LAMP Stack with MariaDB 10 on Debian 10<\/a><\/p>\n\n\n\n
Create DVWA Database and Database User<\/h3>\n\n\n\n
Once the LAMP stack installation is done, proceed to create MariaDB DVWA database and database user.<\/p>\n\n\n\n
mysql -u root -p<\/code><\/pre>\n\n\n\n
Create DVWA database. Replace the database name accordingly.<\/p>\n\n\n\n
create database dvwa;<\/code><\/pre>\n\n\n\n
Create DVWA database user and grant all privileges. Replace the database user accordingly.<\/p>\n\n\n\n
grant all on dvwa.* to dvwauser<\/strong>@localhost identified by 'Str0nGp@ssword<\/strong>';<\/code><\/pre>\n\n\n\n
Reload the privileges table and exit the database.<\/p>\n\n\n\n
flush privileges;<\/code><\/pre>\n\n\n\n
quit<\/code><\/pre>\n\n\n\n
Install DVWA on Debian 10<\/h3>\n\n\n\n
Download and  install DVWA on the Apache web root directory,\/var\/www\/html<\/code><\/strong>.<\/p>\n\n\n\n
Remove the default Apache index.html<\/code> file.<\/p>\n\n\n\n
rm -rf \/var\/www\/html\/index.html<\/code><\/pre>\n\n\n\n
Clone the latest version of the DVWA to Apache default web root directory.<\/p>\n\n\n\n
apt install git vim<\/code><\/pre>\n\n\n\n
git clone https:\/\/github.com\/ethicalhack3r\/DVWA \/var\/www\/html\/<\/code><\/pre>\n\n\n\n
Check the contents of \/var\/www\/html\/<\/code>.<\/p>\n\n\n\n
ls \/var\/www\/html\/<\/code><\/pre>\n\n\n\n
about.php     config\t   docs  external     hackable\t   index.php\t     login.php\t phpinfo.php  README.md   security.php\tvulnerabilities\nCHANGELOG.md  COPYING.txt  dvwa  favicon.ico  ids_log.php  instructions.php  logout.php  php.ini      robots.txt  setup.php<\/code><\/pre>\n\n\n\n
Configure DVWA on Debian 10 Buster<\/h3>\n\n\n\n
Configure DVWA database connection details. Begin by renaming the sample configuration file \/var\/www\/html\/config\/config.inc.php.dist<\/code><\/strong> to \/var\/www\/html\/config\/config.inc.php<\/code><\/strong><\/p>\n\n\n\n
cp \/var\/www\/html\/config\/config.inc.php.dist \/var\/www\/html\/config\/config.inc.php<\/code><\/pre>\n\n\n\n
Next, edit the configuration file, \/var\/www\/html\/config\/config.inc.php<\/code><\/strong> and set the database connection details.<\/p>\n\n\n\n
vim \/var\/www\/html\/config\/config.inc.php<\/code><\/pre>\n\n\n\n
Replace the database and database user and the password accordingly.<\/p>\n\n\n\n
...\n# Database variables\n#   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.\n#   Please use a database dedicated to DVWA.\n#\n# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.\n#   See README.md for more information on this.\n$_DVWA = array();\n$_DVWA[ 'db_server' ]   = '127.0.0.1';\n$_DVWA[ 'db_database' ] = 'dvwa';\n$_DVWA[ 'db_user' ]     = 'dvwauser';\n$_DVWA[ 'db_password' ] = 'Str0nGp@ssword';<\/strong>\n...<\/code><\/pre>\n\n\n\n
Install reCAPTCHA keys<\/h3>\n\n\n\n
Generate recapture values from Google service<\/a>.<\/p>\n\n\n\n
Once generated, simply copy and paste the site key<\/strong> and site secret key<\/strong> to $_DVWA[ 'recaptcha_public_key' ]<\/code><\/strong> and $_DVWA[ 'recaptcha_private_key' ]<\/strong><\/code> respectively.<\/p>\n\n\n\n
...\n# ReCAPTCHA settings\n#   Used for the 'Insecure CAPTCHA' module\n#   You'll need to generate your own keys at: https:\/\/www.google.com\/recaptcha\/admin\n$_DVWA[ 'recaptcha_public_key' ]  = '6Lc4BsMUAAAAAKs72dKl4ZTVsA8giXiN7yqQcoVz';\n$_DVWA[ 'recaptcha_private_key' ] = '6Lc4BsMUAAAAAI9v0sd_xvlh_PMXTcgtqRYJ6VEd';<\/strong>\n...<\/code><\/pre>\n\n\n\n
Save and exit the configuration file and restart MariaDB<\/p>\n\n\n\n
systemctl restart mariadb<\/code><\/pre>\n\n\n\n
Configure PHP<\/h3>\n\n\n\n
Install Required PHP-GD module.<\/p>\n\n\n\n
apt install php-gd<\/code><\/pre>\n\n\n\n
The version PHP installed in our case here is 7.3.<\/p>\n\n\n\n
php -v<\/code><\/pre>\n\n\n\n
PHP 7.3.11-1~deb10u1 (cli) (built: Oct 26 2019 14:14:18) ( NTS )\nCopyright (c) 1997-2018 The PHP Group\nZend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologies\n    with Zend OPcache v7.3.11-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies<\/code><\/pre>\n\n\n\n
Proceed to edit \/etc\/php\/7.3\/apache2\/php.ini<\/strong><\/code><\/strong> and make the following changes.<\/p>\n\n\n\n
vim \/etc\/php\/7.3\/apache2\/php.ini<\/code><\/pre>\n\n\n\n