public:dvwa
Table of Contents
Install Damn Vulnerable Web Application under Ubuntu 12.04
This short how-to will guide you through the installation process of DVWA on Ubuntu 12.04 LTS
Prerequisites
Install a Virtual Machine with Ubuntu 12.04 LTS Server. Next install the additional software packages below.
Ubuntu Software Packages:
sudo apt-get install php5 php5-common php5-cli php5-mysql libapache2-mod-php5 mysql-server php5-mysql apache2 libapache2-mod-php5 firefox
Give the mysql superuser root the password: toor
root@stesting:~# dpkg -l | grep php5 ii libapache2-mod-php5 5.3.10-1ubuntu3.6 server-side, HTML-embedded scripting language (Apache 2 module) ii php5 5.3.10-1ubuntu3.6 server-side, HTML-embedded scripting language (metapackage) ii php5-cli 5.3.10-1ubuntu3.6 command-line interpreter for the php5 scripting language ii php5-common 5.3.10-1ubuntu3.6 Common files for packages built from the php5 source ii php5-mysql 5.3.10-1ubuntu3.6 MySQL module for php5 root@stesting:~# dpkg -l | grep mysql ii libdbd-mysql-perl 4.020-1build2 Perl5 database interface to the MySQL database ii libmysqlclient18 5.5.29-0ubuntu0.12.04.2 MySQL database client library ii mysql-client-5.5 5.5.29-0ubuntu0.12.04.2 MySQL database client binaries ii mysql-client-core-5.5 5.5.29-0ubuntu0.12.04.2 MySQL database core client binaries ii mysql-common 5.5.29-0ubuntu0.12.04.2 MySQL database common files, e.g. /etc/mysql/my.cnf ii mysql-server 5.5.29-0ubuntu0.12.04.2 MySQL database server (metapackage depending on the latest version) ii mysql-server-5.5 5.5.29-0ubuntu0.12.04.2 MySQL database server binaries and system database setup ii mysql-server-core-5.5 5.5.29-0ubuntu0.12.04.2 MySQL database server binaries ii php5-mysql 5.3.10-1ubuntu3.6 MySQL module for php5 root@stesting:~# dpkg -l | grep apache2 ii apache2 2.2.22-1ubuntu1.3 Apache HTTP Server metapackage ii apache2-mpm-prefork 2.2.22-1ubuntu1.3 Apache HTTP Server - traditional non-threaded model ii apache2-utils 2.2.22-1ubuntu1.3 utility programs for webservers ii apache2.2-bin 2.2.22-1ubuntu1.3 Apache HTTP Server common binary files ii apache2.2-common 2.2.22-1ubuntu1.3 Apache HTTP Server common files ii libapache2-mod-php5 5.3.10-1ubuntu3.6 server-side, HTML-embedded scripting language (Apache 2 module)
Login into the newly created VM and download this script:
ssh -Y <username>@newly-created-vm.inf.unibz.it
-Y is important to allow for graphical window (firefox) to open
- dvwa-installer.sh
- #/bin/bash echo -e "\n#######################################" echo -e "# Damn Vulnerable Web App Installer Script #" echo -e "#######################################" echo " Coded By: Travis Phillips" echo " Website: http://theunl33t.blogspot.com" echo -e -n "\n[*] Changing directory to /var/www..." cd /var/www > /dev/null echo -e "Done!\n" echo -n "[*] Removing default index.html..." rm index.html > /dev/null echo -e "Done!\n" echo -n "[*] Changing to Temp Directory..." cd /tmp echo -e "Done!\n" echo "[*] Downloading DVWA..." wget http://dvwa.googlecode.com/files/DVWA-1.0.7.zip #wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip echo -e "Done!\n" echo -n "[*] Unzipping DVWA..." unzip DVWA-1.0.7.zip > /dev/null echo -e "Done!\n" echo -n "[*] Deleting the zip file..." rm DVWA-1.0.7.zip > /dev/null echo -e "Done!\n" echo -n "[*] Copying dvwa to root of Web Directory..." cp -R dvwa/* /var/www > /dev/null echo -e "Done!\n" echo -n "[*] Clearing Temp Directory..." rm -R dvwa > /dev/null echo -e "Done!\n" echo -n "[*] Enabling Remote include in php.ini..." cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1 sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini rm /etc/php5/apache2/php.ini1 echo -e "Done!\n" echo -n "[*] Enabling write permissions to /var/www/hackable/upload..." chmod 777 /var/www/hackable/uploads/ echo -e "Done!\n" echo -n "[*] Starting Web Service..." service apache2 start &> /dev/null echo -e "Done!\n" echo -n "[*] Starting MySQL..." service mysql start &> /dev/null sleep 11 echo -e "Done!\n" echo -n "[*] Updating Config File..." cp /var/www/config/config.inc.php /var/www/config/config.inc.php1 sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php rm /var/www/config/config.inc.php1 echo -e "Done!\n" echo -n "[*] Updating Database..." wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";' mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";' mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";' mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";' mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";' echo -e "Done!\n" echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password" firefox http://127.0.0.1/login.php &> /dev/null & echo -e "\nDone!\n" echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n"
- #/bin/bash
- echo -e "\n#######################################"
- echo -e "# Damn Vulnerable Web App Installer Script #"
- echo -e "#######################################"
- echo " Coded By: Travis Phillips"
- echo " Website: http://theunl33t.blogspot.com"
- echo -e -n "\n[*] Changing directory to /var/www..."
- cd /var/www > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Removing default index.html..."
- rm index.html > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Changing to Temp Directory..."
- cd /tmp
- echo -e "Done!\n"
- echo "[*] Downloading DVWA..."
- wget http://dvwa.googlecode.com/files/DVWA-1.0.7.zip
- #wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
- echo -e "Done!\n"
- echo -n "[*] Unzipping DVWA..."
- unzip DVWA-1.0.7.zip > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Deleting the zip file..."
- rm DVWA-1.0.7.zip > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Copying dvwa to root of Web Directory..."
- cp -R dvwa/* /var/www > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Clearing Temp Directory..."
- rm -R dvwa > /dev/null
- echo -e "Done!\n"
- echo -n "[*] Enabling Remote include in php.ini..."
- cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
- sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
- rm /etc/php5/apache2/php.ini1
- echo -e "Done!\n"
- echo -n "[*] Enabling write permissions to /var/www/hackable/upload..."
- chmod 777 /var/www/hackable/uploads/
- echo -e "Done!\n"
- echo -n "[*] Starting Web Service..."
- service apache2 start &> /dev/null
- echo -e "Done!\n"
- echo -n "[*] Starting MySQL..."
- service mysql start &> /dev/null
- sleep 11
- echo -e "Done!\n"
- echo -n "[*] Updating Config File..."
- cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
- sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
- rm /var/www/config/config.inc.php1
- echo -e "Done!\n"
- echo -n "[*] Updating Database..."
- wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null
- mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";'
- mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";'
- mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";'
- mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";'
- mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";'
- echo -e "Done!\n"
- echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password"
- firefox http://127.0.0.1/login.php &> /dev/null &
- echo -e "\nDone!\n"
- echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n"
Now stop the apache2 and mysql service
service apache2 stop service mysql stop
Now you are ready to execute the dvwa-installer.sh script
./dvwa-installer.sh
This will download the DVWA Program, set it up and open firefox to create/reset the Database.
Links
/data/www/wiki.inf.unibz.it/data/pages/public/dvwa.txt · Last modified: 2019/01/16 10:03 by 127.0.0.1