CentOS 8 — DVWA Vulnerable Web Application Installation
As you know, DVWA is a very useful open-source software for learning web application pentest. Therefore, it is a software preferred by almost all users who want to improve themselves. In this article, I will tell you how we can install the DVWA application on CentOS. If you are researching, they have explained how DVWA can usually be installed on Kali Linux and Windows.
DVWA works with Apache, MariaDB and PHP. First of all, we will install these applications on our operating system. You can use the following commands for installations
Apache Installation >
[root@localhost~]#dnf -y install httpdMariaDB Installation >
[root@localhost~]#dnf -y install mariadb-serverPHP Installation >
[root@localhost~]#dnf -y install php php-mysqli php-gdWe need to permanently enable Apache and MariaDB services and give the firewall permission before proceeding with the installation.
Apache Service start >
[root@localhost~]#systemctl start httpd && systemctl enable httpd
MariaDB Service start and enable auto start after restarting machine>
[root@localhost~]#systemctl start mariadb && systemctl enable mariadb
Firewall Permission >
[root@localhost~]#firewall-cmd --zone=public --permanent --add-service=http
[root@localhost~]#firewall-cmd --zone=public --permanent --add-service=https
[root@localhost~]#firewall-cmd --reloadNow that we have prepared all our environments, we can now proceed to the DVWA installation.
The next step will be to download DVWA to our server, but before downloading, there are two tools we need to download for downloading and unziping, these are wget and unzip, if you know of an alternative way, you can use them.
You can run the following command to install wget and unzip.
[root@localhost~]#dnf -y install wget unzipWe download DVWA and move it to /var/www/html directory.
[root@localhost~]#wget https://github.com/digininja/DVWA/archive/refs/heads/master.zip[root@localhost~]#mv master.zip /var/www/html/
Then we unzip this folder and since the name of the folder will be upper case after unzip, we change it to lower case for convenience.
[root@localhost~]#unzip master.zip
[root@localhost~]#mv DVWA/ dvwa/Now we need to make the dvwa-related settings.
First of all, we create a database named dvwa with the following commands.
We are creating a database, user and gave the permission to user>
[root@localhost~]#mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
[root@localhost~]#mysql> create user dvwa@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.01 sec)
[root@localhost~]#mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
[root@localhost~]#mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)We are going to edit the configuration file of DVWA
First of all we have change the config file name as follows
[root@localhost~]#cp config/config.inc.php.dist config/config.inc.phpThen we open this file with the vi text editor and if we need to make any changes, we make changes here.
- This is DB connection information, In my opinion, do not make any changes here, if you have good system knowledge, you can make custom changes here.
- If you want to test about reCaptcha on DVWA, you need to enable it as in the description next to it. It is not required, you can leave it blank if you want.
- This setting is important. DVWA has 4 different levels, which are already explained in the corresponding line. This is impossible by default. You can adjust here according to your own level.
Everything seems OK right now, so we can restart the apache and mariadb services and visit the DVWA setup page
[root@localhost~]#systemctl restart httpd && systemctl restart mariadb
After making these settings, we are now towards the end. The screen below shows the areas you need to fix in red. For example, if you see not-writable files, they are related to user permission, you can allow them with the “chmod 777 filename” command, some settings are turned off by default in Apache. In order to make these settings on, you need to open the /etc/php.ini file with the vi text editor, find the relevant line and correct it.
Finally, we press the Create/Reset Database button and the DVWA vulnerable web application is ready.
If you come to the setup page again when you break the application, you can restore the application by clicking Create/Reset Database again.
Vulnerable Application is ready for Hack.
