Using DVWA to Simulate Real-World Attacks: A Guide for Ethical Hackers (set up)
"With great power comes great responsibility"-Uncle ben. As Linux grows in popularity, many new users discovers its usefulness and abilities everyday, some companies have even made it mandatory to learn Linux's environment and master it in order to even apply for a job, but is that truly safe? While most users will go for Ubuntu or Parrot OS, some like me may choose Kali Linux.
In order to clone the github page of DVWA, we need to switch to a special directory.
The result should look something like this:
Now that the files have finished downloading(it's always a good idea to check what you have downloaded), use the command "ls" to see what files are present in the directory.
Yep, DVWA is in the directory, Success!! By default DVWA will have little to no authorization as it is an external file, So we need to grand it permission to run on our system.
Now that we have granted permission to DVWA, we need to configure it.
It is good practice to check what files is already present in the directory.
So far so good. We now have two options we could use the file itself or create a copy. I personally advise you to create a copy so even if you mess up there will always a version for you to revert back to.
Copy created, Its config time.
You should get something similar to this. You may notice 'mysql' is everywhere and yes is it is a web service it does need a database to run, i will show you how to set it up in further steps.For now, change the 'db_user' and 'db_password' to something simpler.
To save your changes press CTRL+O ,press enter and to exit press CTRL+X.
Congratulations that's step 1 complete.
Since the database has just been created its empty and has no users, so we now can go ahead and create a user.
I personally choose 'user'@'127.0.0.1 as 127.0.0.1 designate my machine.
Step 2 is now done. Stick with me we are almost done.
When the above step is done, we need to configure it now.
Using gedit we can modify the contents of php.ini.
Here is the result:
We only care about 2 setting for now 'allow_url_fopen' and 'allow_url_include' depending on what version you are using sometimes both are set to 'off' or just one, so we need to set them to on.
To save press the save button.
Remember to have fun and keep experimenting but in a safe way.
What is Kali Linux?
Kali Linux is a Debian base Linux distribution specifically geared towards Cyber Security and most importantly offensive security. Kali comes with all types of tools to crack any system or network and someone with enough time and experience can use it as a weapon either for good or evil.
After priming my version of Kali Linux all that was left was for me was to find a target. As recommended by Mr Logan Velvindron from Cyberstorm, i looked into "Damn Vulnerable Linux (DVL)" but after looking online one name kept popping up "Damn Vulnerable Web Application (DVWA)", intrigued i dug deeper and liked what i found. Even if you yourself is a veteran in Cyber security or just starting like myself, i truly believe that DVWA will help you in perfecting or advancing your expertise when it comes to offensive security. So, let me guide you on how you can set it up.
Requirements: you will need tor installed and proxychains.
After launching Kali Linux, go onto google and search for "dvwa github".
After Finding the github page, copy the url
In order to clone the github page of DVWA, we need to switch to a special directory.
After switching to that special directory, use teh command cp https://github.com/digininja/DVWA.git
to clone the git hub repository. (Do not forget the .git)
The result should look something like this:
Now that the files have finished downloading(it's always a good idea to check what you have downloaded), use the command "ls" to see what files are present in the directory.
Using nano config.inc.php.
To save your changes press CTRL+O ,press enter and to exit press CTRL+X.
Congratulations that's step 1 complete.
Time for step 2.
After clearing your terminal, start the mysql service.
If there is no errors proceed. You will need to log into the database as follows.
The default username is the name of your super user and there is no password so just press enter.
Welcome to MariaDB, a local database running on your very own Linux machine.
Welcome to MariaDB, a local database running on your very own Linux machine.
I personally choose 'user'@'127.0.0.1 as 127.0.0.1 designate my machine.
NOTE the username and password must be the same to what was specified in the configuration earlier.
Our user is created, but can't use the database as it does not have the privileges required to do so. So lets give them to him!
We are now done with step 2, so go ahead and exit the database.
Step 2 is now done. Stick with me we are almost done.
Now that we have both our DVWA and our database configured. Its finally time to unite everything with a server to run on.
Moving on to step 3.
Lets setup and apache HTTP server!
First start the service apache2
When the above step is done, we need to configure it now.
NOTE: with every subsequent update to php the file path will change. As shown above i was on 8.2.
Using gedit we can modify the contents of php.ini.
To save press the save button.
We are now done.
Go onto your browser and type :127.0.0.1/DVWA/setup.php and you will be greeted with this.
If you see this well congrats you did everything perfectly!!
Scroll down and click the button.
This should appear 
The username is "admin" and the password is "password".
Enjoy the fruits of your labour.
Ending note: I wish to congratulate you for being able to finish this set up or if i managed to catch your interest thank you. I do this stuff for fun and really isn't an expert but i look forward to learn more. Until next time take care, that's all from me.
Comments
Post a Comment