Hello everyone in this tutorial i will demonstrate how to set up DVWA(Damn Vulnerable Web Application) into your windows machine.
If you are beginner to web hacking field, you will surely benefit from this.
It is always a question for newbies to where to practice and explore vulnerabilities. If you are one of them then DVWA is the answer.
Main goal of DVWA is to provide legal environment to security professional to test their skills and tools, to help web developers to better understand securing web applications process and allowing teachers and students to better understand web security and vulnerabilities.
Attacks Covered In DVWA
- Brute Force
- Command Execution
- CSRF
- File Inclusion
- SQL Injection
- SQL Injection (Blind)
- Shell Uploading
- XSS ( Reflected )
- XSS ( Stored)
Let’s get started
Step 1 :- Downloading and installing XAMPP.
you can download Xampp from here https://www.apachefriends.org/download.html
Now Install xampp.
Now go to xampp control panel and start services apacha2 and Mysql. like this,
Step 2 :- Downloading and Installing DVWA.
You can download DVWA from here http://www.dvwa.co.uk/
After downloading Extract you zip file and you will be presented with a folder like this.
Now you have to copy that folder and paste it to, where you have installed your xampp. Inside that xampp folder you will find a folder name htdocs. paste your DVWA folder inside that htdocs folder and rename your folder to dvwa. Like this,
Now inside that dvwa folder you will find a folder name config. Inside that config folder you will find a file name config.inc.php.dist type file.
You have to convert that file type dist to php like connfig.inc.php. like this,
Now open that config.inc.php file into Notepad. Inside that file you will find something like this, $DVWA[‘db_password’]=’p@ssw0rd’;
You have to remove that password and make it blank like this, $DVWA[‘db_password’]=’’; and save it.
Now go to your web browser and type localhost/dvwa and you will be presented with dvwa default page like this,
Now click on Create/reseat Database and you will be redirect to localhost/dvwa/login.php page like this,
Username: admin
password: password
Once you enter username and password you will be redirected to localhost/dvwa/index.php like this,
IMPORTANT NOTE:- Initially Start with low level and start to hacking!
You can do that by clicking on the “DVWA security” tab. You should select security level to “low” and submit it. like this,
You’re done.
So, we have set up a simple vulnerable web application on localhost. You can now Explore DVWA interface.
If you encounter any errors during the installation or have questions, let me know in the comments below.
