Damn vulnerable what?!

DVWA (Damn Vulnerable Web App) was made by security professionals, for researchers and enthusiasts to practice and learn different types of vulnerabilities in relation to web applications which can also be used for other things such as software activation keys. Before continuing it must be stressed that the testing of DVWA should be done on an isolated host with either VMware or Virtual Box, separated by a Host-only connection. This is for your safety, not doing so could lead to the compromise of your system. You can store the files on an external hard drive or a USB drive. You can purchase USB drives online from Amazon.

Software:

• Xampp – Download
• DVWA – Download
• VMware Player – Download

Further reading:

• Host-Only Networking
• Difference Between NAT/Bridged/Host-Only
• Understanding NAT

WARNING: THIS IS FOR EDUCATIONAL PURPOSES ONLY!

• Firstly install Xampp for windows. Then continue on by opening up the Xampp Control Panel, either placed on your desktop, Program files or already started on the bottom left of the screen. Lastly, start your MySQL and Apache services.

• Extract the dvwa folder to this location C:\xampp\htdocs\dvwa. We now open our webrowser and enter ‘localhost/dvwa’ (127.0.0.1/dvwa) into the url bar. If we are presented with a mysql.error() that means the database was unable to be created, but easily fixed in step 3.

• Go on over to C:\xampp\htdocs\dvwa\config\config.inc.php and use your favourite editor to open the file, scroll down to line 20. We now enter the default PHPMyAdmin, in the db_password field, replacing the current one with nothing. Leaving it empty (no spaces)

• Jump to your browser and go to 127.0.0.1/dvwa/setup.php, and click ‘create Database’ Then go to localhost/dvwa/login.php and enter your user name ‘admin’ and password ‘password’.

Next Lesson: DVWA Lesson 2: Command execution Low