How To Setup DVWA (Damn Vulnerable Web Application) On Kali Linux

Tushar Makwana
December 02, 2020
How To Setup DVWA (Damn Vulnerable Web Application) On Kali Linux - techfirex

How To Setup DVWA (Damn Vulnerable Web Application) On Kali Linux

Hello Friends in this article we are going to install DVWA (Damn Vulnerable Web Application) on Kali Linux with a few easy steps.
So run commands step by step as I explained.

Download & Configure DVWA:

┌──(tushar㉿techfire)-[~]
└─$ cd /var/www/html
┌──(tushar㉿techfire)-[/var/www/html]
└─$ sudo git clone https://github.com/digininja/DVWA.git
[sudo] password for tushar: 
Cloning into 'DVWA'...
remote: Enumerating objects: 3310, done.
remote: Total 3310 (delta 0), reused 0 (delta 0), pack-reused 3310
Receiving objects: 100% (3310/3310), 1.60 MiB | 1.25 MiB/s, done.
Resolving deltas: 100% (1473/1473), done.
┌──(tushar㉿techfire)-[/var/www/html]
└─$ ls
DVWA index.html
┌──(tushar㉿techfire)-[/var/www/html]
└─$ sudo chmod -R 777 DVWA/
┌──(tushar㉿techfire)-[/var/www/html]
└─$ cd DVWA 
┌──(tushar㉿techfire)-[/var/www/html/DVWA]
└─$ ls
about.php docs hackable login.php README.md tests
CHANGELOG.md dvwa ids_log.php logout.php robots.txt vulnerabilities
config external index.php phpinfo.php security.php
COPYING.txt favicon.ico instructions.php php.ini setup.php
┌──(tushar㉿techfire)-[/var/www/html/DVWA]
└─$ cd config 
┌──(tushar㉿techfire)-[/var/www/html/DVWA/config]
└─$ ls
config.inc.php.dist
┌──(tushar㉿techfire)-[/var/www/html/DVWA/config]
└─$ cp config.inc.php.dist config.inc.php
┌──(tushar㉿techfire)-[/var/www/html/DVWA/config]
└─$ ls
config.inc.php config.inc.php.dist
┌──(tushar㉿techfire)-[/var/www/html/DVWA/config]
└─$ sudo nano config.inc.php
The above command opens config.inc.php file. 
I'm using a nano editor but if you don't know how to use a nano editor then you can use a mousepad or other editor.
Now find below lines.
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
$_DVWA[ 'db_port'] = '3306';
Change it like below.
$_DVWA = array(); 
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'user';
$_DVWA[ 'db_password' ] = 'pass';
$_DVWA[ 'db_port'] = '3306';
┌──(tushar㉿techfire)-[/var/www/html/DVWA/config]
└─$ cd
The above cd command takes you to the root folder.

Create MySQL Database & User:

┌──(tushar㉿techfire)-[~]
└─$ sudo service mysql start
┌──(tushar㉿techfire)-[~]
└─$ sudo mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 51
Server version: 10.3.24-MariaDB-2 Debian buildd-unstable

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create user 'user'@'127.0.0.1' identified by 'pass';
Query OK, 0 rows affected (0.028 sec)

MariaDB [(none)]> grant all privileges on dvwa.* to 'user'@'127.0.0.1' identified by 'pass';
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> exit
Bye
After running the above command it will ask you for a password, but you have to press the enter key without putting any password.
And then follow MariaDB commands as I show you above.
┌──(tushar㉿techfire)-[~]
└─$ sudo service apache2 start

Configure PHP:

┌──(tushar㉿techfire)-[~]
└─$ cd /etc/php/7.4/apache2
┌──(tushar㉿techfire)-[/etc/php/7.4/apache2]
└─$ ls
conf.d php.ini
┌──(tushar㉿techfire)-[/etc/php/7.4/apache2]
└─$ sudo nano php.ini
The above command opens the php.ini file.
Now Find the below lines.
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On

; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = Off
Change the above lines like below.
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On

; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = On
┌──(tushar㉿techfire)-[/etc/php/7.4/apache2]
└─$ sudo service apache2 restart

Open Browser:

After following all the above steps now let's open DVWA.
Open the below link in the browser.
http://127.0.0.1/DVWA/setup.php
Click on "Create/Reset Database"
and now open the below link.
http://127.0.0.1/DVWA/login.php
The default login is
Username:- admin
Password:- password

Now you're done with setting up DVWA on your Kali Linux.
Practice and Grow your hacking skills.