Install and configure Damn vulnerable web app(DVWA).

Damn vulnerable web app(DVWA) is a tool designed for web penetration testing.You can practice your hacking skills in a legal environment on your local computer. As the name suggest DVWA is vulnerable for Sql Injection,xss and remote file inclusion and bruteforce etc.

It gives you a lab on your local computer to practice your hacking skills without having set to up virtual machines.Lets Start the installation process.

Things you need to set Up DVWA

Once you have downloaded DVWA then you have to unzip the file.
Now switch to the directory where you have your downloaded DVWA zipped file.In my case i have placed in the desktop. Open your terminal and type cd Desktop if your file is in Download directory type cd Download.

Type the following command ls

. listing content

Now we need to unzip DVWA file type the following command in your terminal

root@seven:~/Desktop# unzip 

Now type ls again in your terminal and you will see an unzipped directory DVWA-1.9 .

Before going further we need to start 2 necessary services. Apache web server and Mysql server.

Start Apache web server type the following command

root@seven:~# service apache2 start

now check apache2 status whether it is running or not with the following command.

root@seven:~# service apache2 status

check status

As you can see our apache2 is up and running which is highlighted with text (Active and running).

Start Mysql server type the following command in your terminal.

root@seven:~#  service mysql start

Check whether it's running or not.

root@seven:~# service mysql status

checking mysql status

As you can see it's up and running highlighted with green texts.

Now we need to move whole directory (DVWA-1.9) to the /var/www/html because in kali linux 2.0 default server for web pages in apache is /var/www but in this case it is going to be /var/www/html .
So we need to move our extracted directory DVWA-1.9 to /var/www/html directory.

You can do it graphically too just copy the dvwa file and paste to html directory.Or follow the below step.

Type the following command in your terminal.The below coomand willl do 2 things
1-it will move directory to the /var/www/html.
2-it will rename DVWA-1.9 to dvwa reason for renaming is that it is easy to remember.later on we will need to type this on our browser.You must be inside the same directory as DVWA-1.9 to execute below command.

root@seven:~/Desktop# mv DVWA-1.9 /var/www/html/dvwa

Now we need to give read,write and execute permission to dwva directory.Make sure that your present working directory is /var/www/html.So change your directory to html first with following command:

root@seven:~# cd /var/www/html

type the following command to give read , write and execute permission to dvwa.

root@seven:/var/www/html# chmod -R 755 dvwa

Now we need to configure file which is present inside config directory.So change directory to config directory.

root@seven:/var/www/html# cd dvwa/config

Open file in nano editor with the following command:


Remove the default password and leave the password field blank. press ctr+o to Save and ctr+x to exit.

remove password

now we need to create password for root user type the following command.Make sure that you are inside the same directory as me(config).When you are asked to enter password just press enter leave password field blank.

root@seven:/var/www/html/dwva/config# mysql -u root -p

When you execute above command successfully you will be presented with mysql shell. Now we need to create another database.Type the following command.

 create database dvwa1;

Type exit to come out of mysql shell.

Now we need to reset our database on our local server.Be careful here copy and paste this command carefully.

curl --data  'create db=create+%2F+Reset+Database' --cookie PHPESSID=1

Now go to the browser and paste this url: http://localhost/dvwa/login.php

If you are following along correctly then a login page should open.If you are not then i suggest go back do it from the scratch.

Use these credentials to login:
Username: Admin
Password: password

Please do share if it helped you thanks.