DVWA_Exploitation

This project features some of my practical web application security testing on Damn Vulnerable Web Application (DVWA)

DVWA is a PHP/MySQL web application specifically designed for learning and practicing web security

DVWA Setup Preview

Requirements

• Kali Linux (or any Linux-based OS, preferably installed on a virtual machine)
• Apache Web Server
• PHP version 7.x or above (with php-mysql, php-gd, php-xml, php-mbstring modules enabled)
• MySQL/ MariaDB Database Server to store DVWA data
• Optional Tools: Burp Suite, sqlmap, Nmap, OWASP ZAP

Installation Steps

1. Install Apache, PHP, Mariadb:

• sudo apt update && sudo apt upgrade -y
• sudo apt install apache2 mariadb-server php php-mysql php-gd php-xml php-mbstring -y

2. Clone the DVWA repository:

• cd /var/www/html
• sudo git clone https://github.com/digininja/DVWA.git
• sudo chmod -R 755 DVWA

3. Configure the Database setting:

• sudo systemctl start mariadb
• sudo systemctl enable mariadb
• sudo mysql -u root -p
• Create the dvwa database and user:
  • CREATE DATABASE dvwa;
  • CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'password';
  • GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwauser'@'localhost';
  • FLUSH PRIVILEGES;
  • EXIT;

4. Configure DVWA:

• cd /var/www/html/DVWA/config
• sudo cp config.inc.php.dist config.inc.php
• sudo nano config.inc.php
• Update the following values:
  • $_DVWA['db_user'] = 'dvwauser';
  • $_DVWA['db_password'] = 'password';
  • $_DVWA['db_database'] = 'dvwa';
• Save and exit the config file:
  • Ctrl + O, Enter
  • Ctrl + X

5. Start Apache Server:

• sudo systemctl start apache2
• sudo systemctl enable apache2

6. Access DVWA in the browser:

• http://localhost/DVWA
• Log in with the default credentials:
  • Username: admin
  • Password: password

Tested Vulnerabilities Preview

• SQL Injection

• Command Injection

• JavaScript Attack

• File Upload Vulnerability

• Weak Session ID

Author

• S. S. Teja Modalavalasa (Myself)