At the bottom, we see that a couple of folders need to be made writable by the web server.This will keep us from being able to do all of the exercises included with DVWA. You’ll see that a few items on the setup checklist are red. You should now be able to open the browser (IceWeasel) and navigate to Fixing some things nano dvwa/config/ and change the db_password to '' (empty).This will ask you for a password which should be blank. unzip /home//Desktop/DVWA-1.9.zip -d /var/www/html/.Open a terminal window and run the following:.Drag the DVWA-1.9.zip file onto your VM’s desktop (or just open IceWeasel and download it).Logout as root, then login as the new user.chsh -s /bin/bash to set the shell to bash (or another shell if you prefer).usermod -a -G sudo to add the user to the sudo group.Open up a terminal window from the icon with a “$_” on the left of the screen.In VirtualBox Manager, go to File -> Import Appliance.7z files ( 7-Zip on Windows, The Unarchiver on a Mac, or p7zip in Linux) DVWA itself (use the download link there for the latest version).I recommend downloading it via BitTorrent. The prebuilt VirtualBox image of Kali.This may be overkill for DVWA, but anyone looking at DVWA is probably interested in learning more about security anyway.Īnother reason is that the kind people at Offensive Security have created pre-made VirtualBox and VMWare images of Kali, which saves us some time. Kali Linux is a Debian-based distribution that comes with security and penetration testing tools like Burp Suite and Metasploit. Install from the DVWA LiveCD and then update DVWA itself to the newest version (1.9 as of this writing).Use Vagrant and Scotch-Box (see TL DD at the end of this post).The creators of DVWA recommend that you play with it in a VM sandbox. While DVWA uses some pretty unhip technologies (PHP5 and MySQL), most of the vulnerabilities apply to all sorts of Web apps. It’s a useful way to learn about some of the most common security problems that Web application developers face. Damn Vulnerable Web App is exactly what it sounds like.
0 kommentar(er)
