DVWA Installation

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Step 1: Move directory to web root directory

“cd /var/www/html”

You can also create a new folder inside this web directory to store the master file content. In this case, I would just put it directly in the web directory.

Step 2: Download the master file from DVWA GitHub

“wget https://github.com/ethicalhack3r/DVWA/archive/master.zip”

Step 3: Extract the file

“unzip master.zip”

Step 4: Change the owner of /var/www/html

“chown -R www-data:www-data/var/www/html”

You can check the owner status for each file by using

“ls -l”

Step 5: start web server and database in Kali Linux

“service apache2 start; service mysql start”

Step 6: Open in your browser

“http://[your IP address]”

After that, you will see a page like this: