{"id":4882,"date":"2020-01-04T22:38:32","date_gmt":"2020-01-04T19:38:32","guid":{"rendered":"https:\/\/kifarunix.com\/?p=4882"},"modified":"2024-03-13T07:48:08","modified_gmt":"2024-03-13T04:48:08","slug":"install-and-setup-dvwa-on-centos-8","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-dvwa-on-centos-8\/","title":{"rendered":"Install and Setup DVWA on CentOS 8"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install and Setup DVWA on CentOS 8. As you already know, DVWA, an acronym for <a rel=\"noreferrer noopener\" aria-label=\"Damn Vulnerable Web Application (opens in a new tab)\" href=\"http:\/\/www.dvwa.co.uk\/\" target=\"_blank\">Damn Vulnerable Web Application<\/a> is a very vulnerable PHP\/MySQL web application designed to help security professionals, students, web application developers to test their security skills, learn web application security and understand web application security processes respectively.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing DVWA on CentOS 8<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Update system packages<\/h3>\n\n\n\n<p>To begin with, ensure that your system packages are up-to-date<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install LAMP Stack on CentOS 8<\/h3>\n\n\n\n<p>Since DVWA is web application, you basically need to have a LAMP stack installed before setting DVWA. Follow the link below to learn how to install LAMP stack on CentOS 8.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-lamp-stack-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"How to Install LAMP Stack on CentOS 8 (opens in a new tab)\">How to Install LAMP Stack on CentOS 8<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create DVWA Database and Database User<\/h3>\n\n\n\n<p>After you have installed LAMP stack, proceed to create DVWA database and database user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mysql -u root -p<\/code><\/pre>\n\n\n\n<p>Create DVWA database. You can use any database name.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>create database dvwadb;<\/code><\/pre>\n\n\n\n<p>Create DVWA database user with all the privileges assigned on the DVWA db. Again replace the user and the password accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>grant all on dvwadb.* to <strong>dvwamgr<\/strong>@localhost identified by '<strong>mypassword<\/strong>';<\/code><\/pre>\n\n\n\n<p>Reload the privileges table and exit the database.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>flush privileges;<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>quit<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure PHP for DVWA<\/h3>\n\n\n\n<p>Install other required PHP-GD module.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install php-gd<\/code><\/pre>\n\n\n\n<p>PHP 7.2 is used in this demo.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>php -v<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>PHP 7.2.11 (cli) (built: Oct  9 2018 15:09:36) ( NTS )\nCopyright (c) 1997-2018 The PHP Group\nZend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies<\/code><\/pre>\n\n\n\n<p>Proceed to edit&nbsp;<strong><code><strong>php.ini<\/strong><\/code><\/strong>&nbsp;and make the following changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/php.ini<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>allow_url_fopen = On<\/code>&nbsp;\u2013 Allows for Remote File Inclusions (RFI)<\/li>\n\n\n\n<li><code>allow_url_include = On<\/code>&nbsp;\u2013 Allows for Remote File Inclusions (RFI)<\/li>\n\n\n\n<li><code>display_errors = Off<\/code>&nbsp;\u2013 (Optional) Hides PHP warning messages to make it less verbose<\/li>\n<\/ul>\n\n\n\n<p>Save and quit the PHP configuration file<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install DVWA on Debian 10<\/h3>\n\n\n\n<p>In this demo, we will install DVWA on the default Apache web root directory, the <strong><code>\/var\/www\/html<\/code><\/strong>.<\/p>\n\n\n\n<p>Therefore, clone the DVWA github repository to the web root directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install git<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>git clone https:\/\/github.com\/ethicalhack3r\/DVWA \/var\/www\/html\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring DVWA on CentOS 8<\/h3>\n\n\n\n<p>To begin the configuration with, rename the sample configuration file&nbsp;<strong><code>\/var\/www\/html\/config\/config.inc.php.dist<\/code><\/strong>&nbsp;to&nbsp;<strong><code>\/var\/www\/html\/config\/config.inc.php<\/code><\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cp <code>\/var\/www\/html\/config\/config.inc.php{.dist<\/code>,}<\/code><\/pre>\n\n\n\n<p>Edit the configuration file,&nbsp;<strong><code>\/var\/www\/html\/config\/config.inc.php<\/code><\/strong>&nbsp;and configure the database connection details.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/var\/www\/html\/config\/config.inc.php<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>...\n# Database variables\n#   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.\n#   Please use a database dedicated to DVWA.\n#\n# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.\n#   See README.md for more information on this.\n$_DVWA = array();\n$_DVWA[ 'db_server' ]   = '127.0.0.1';\n<strong>$_DVWA[ 'db_database' ] = 'dvwadb';\n$_DVWA[ 'db_user' ]     = 'dvwamgr';\n$_DVWA[ 'db_password' ] = 'mypassword';<\/strong>\n...<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install reCAPTCHA keys<\/h3>\n\n\n\n<p>Generate recapture values from&nbsp;<a href=\"https:\/\/www.google.com\/recaptcha\/admin\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Google service<\/a>.<\/p>\n\n\n\n<p>Once generated, simply copy and paste the&nbsp;<strong>site key<\/strong>&nbsp;and&nbsp;<strong>site secret key<\/strong>&nbsp;to&nbsp;<strong><code>$_DVWA[ 'recaptcha_public_key' ]<\/code><\/strong>&nbsp;and&nbsp;<code><strong>$_DVWA[ 'recaptcha_private_key' ]<\/strong><\/code>&nbsp;respectively.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>...\n# ReCAPTCHA settings\n#   Used for the 'Insecure CAPTCHA' module\n#   You'll need to generate your own keys at: https:\/\/www.google.com\/recaptcha\/admin\n$_DVWA[ 'recaptcha_public_key' ]  = '<strong>6LcWVswUAAAAAHPp-TlOuNcLcrw7iAWVhtOrDYFm<\/strong>';\n$_DVWA[ 'recaptcha_private_key' ] = '<strong>6LcWVswUAAAAABssYEu10VtWinRub6b_D8zn_sSL<\/strong>';\n...<\/code><\/pre>\n\n\n\n<p>Save and exit the configuration file.<\/p>\n\n\n\n<p>Assign the ownership of the DVWA web configuration files to Apache.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R apache:apache \/var\/www\/html<\/code><\/pre>\n\n\n\n<p>Restart the database and Apache<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart mariadb httpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure SELinux<\/h3>\n\n\n\n<p>If SELinux is running, apache user will be denied write access to the file, <code>\/var\/www\/html\/external\/phpids\/0.6\/lib\/IDS\/tmp\/phpids_log.txt<\/code> as well as on the directory, <code>\/var\/www\/html\/config<\/code>. To fix this, simply execute the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>setsebool -P httpd_unified 1<\/code><\/pre>\n\n\n\n<p>Allow HTTPD scripts and modules to connect to the network<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>setsebool -P httpd_can_network_connect 1<\/code><\/pre>\n\n\n\n<p>Allow HTTPD scripts and modules to network connect to databases.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>setsebool -P httpd_can_network_connect_db 1<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Finalize DVWA Setup on Browser<\/h3>\n\n\n\n<p>You can now access DVWA from your preferred browser to finalize the configuration setup. Use the address, <strong><code>http:\/\/server-IP\/setup.php<\/code><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"797\" height=\"666\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-setup-centos8.png\" alt=\"setup DVWA on CentOS 8\" class=\"wp-image-4886\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-setup-centos8.png?v=1578166187 797w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-setup-centos8-768x642.png?v=1578166187 768w\" sizes=\"(max-width: 797px) 100vw, 797px\" \/><\/figure>\n\n\n\n<p>On the setup page, ensure that no setting with status red. If any, ensure you fix the issue before proceeding.<\/p>\n\n\n\n<p>Click <strong>Reset\/Database<\/strong> to configure DVWA database connection settings.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"807\" height=\"686\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-db-settings.png\" alt=\"DVWA database setup on CentOS 8\" class=\"wp-image-4887\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-db-settings.png?v=1578166255 807w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-db-settings-768x653.png?v=1578166255 768w\" sizes=\"(max-width: 807px) 100vw, 807px\" \/><\/figure>\n\n\n\n<p>Since we already done this above, you will be redirected to the DVWA login interface if the DB connection details are correct.<\/p>\n\n\n\n<p>Login using the default credentials; <strong>Username<\/strong>: <code>admin<\/code>, <strong>Password<\/strong>: <code>password<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"369\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-login-centos-8.png\" alt=\"DVWA login page default credentials\" class=\"wp-image-4888\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-login-centos-8.png?v=1578166295 819w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-login-centos-8-768x346.png?v=1578166295 768w\" sizes=\"(max-width: 819px) 100vw, 819px\" \/><\/figure>\n\n\n\n<p>DVWA default dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"847\" height=\"687\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-dashboard-centos-8.png\" alt=\"\" class=\"wp-image-4889\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-dashboard-centos-8.png?v=1578166326 847w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/01\/dvwa-dashboard-centos-8-768x623.png?v=1578166326 768w\" sizes=\"(max-width: 847px) 100vw, 847px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Reference<\/h4>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\"Damn Vulnerable Web Application (opens in a new tab)\" href=\"https:\/\/github.com\/ethicalhack3r\/DVWA\" target=\"_blank\">Damn Vulnerable Web Application<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Related Tutorials<\/h4>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-setup-damn-vulnerable-web-app-lab-on-ubuntu-18-04-server\/\" target=\"_blank\">How to Install and Configure DVWA Lab on Ubuntu 18.04 server<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-dvwa-on-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Install and Setup DVWA on Debian 10<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-install-and-use-nikto-web-scanner-on-ubuntu-18-04\/\" target=\"_blank\">How to Install and Use Nikto Web Scanner on Ubuntu 18.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-openvas-10-gvm-on-debian-10-buster\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install OpenVAS 10 (GVM) on Debian 10 Buster<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install and Setup DVWA on CentOS 8. As you already know, DVWA, an acronym for<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,254,34,150],"tags":[222,1256,1255],"class_list":["post-4882","post","type-post","status-publish","format-standard","hentry","category-howtos","category-apache","category-security","category-vulnerability-scanners","tag-dvwa","tag-dvwa-apache","tag-dvwa-on-centos-8","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4882"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=4882"}],"version-history":[{"count":4,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4882\/revisions"}],"predecessor-version":[{"id":21304,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/4882\/revisions\/21304"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=4882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=4882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=4882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}