Differences

This shows you the differences between two versions of the page.

Link to this comparison view

public:dvwa [2013/04/04 15:01]
KoHofer@unibz.it
public:dvwa [2019/01/16 10:03]
Line 1: Line 1:
-====== Install Damn Vulnerable Web Application under Ubuntu 12.04 ====== 
- 
-This short how-to will guide you through the installation process of DVWA on Ubuntu 12.04 LTS  
- 
- 
-===== Prerequisites ===== 
- 
-Install a Virtual Machine with Ubuntu 12.04 LTS Server. Next install the additional 
-software packages below. 
- 
-Ubuntu Software Packages: 
- 
-  sudo apt-get install php5 php5-common php5-cli php5-mysql libapache2-mod-php5 mysql-server php5-mysql apache2 libapache2-mod-php5 firefox 
- 
-<​code>​ 
-root@stesting:​~#​ dpkg -l  | grep php5 
-ii  libapache2-mod-php5 ​             5.3.10-1ubuntu3.6 ​                  ​server-side,​ HTML-embedded scripting language (Apache 2 module) 
-ii  php5                             ​5.3.10-1ubuntu3.6 ​                  ​server-side,​ HTML-embedded scripting language (metapackage) 
-ii  php5-cli ​                        ​5.3.10-1ubuntu3.6 ​                  ​command-line interpreter for the php5 scripting language 
-ii  php5-common ​                     5.3.10-1ubuntu3.6 ​                  ​Common files for packages built from the php5 source 
-ii  php5-mysql ​                      ​5.3.10-1ubuntu3.6 ​                  MySQL module for php5 
-root@stesting:​~#​ dpkg -l  | grep mysql 
-ii  libdbd-mysql-perl ​               4.020-1build2 ​                      Perl5 database interface to the MySQL database 
-ii  libmysqlclient18 ​                ​5.5.29-0ubuntu0.12.04.2 ​            MySQL database client library 
-ii  mysql-client-5.5 ​                ​5.5.29-0ubuntu0.12.04.2 ​            MySQL database client binaries 
-ii  mysql-client-core-5.5 ​           5.5.29-0ubuntu0.12.04.2 ​            MySQL database core client binaries 
-ii  mysql-common ​                    ​5.5.29-0ubuntu0.12.04.2 ​            MySQL database common files, e.g. /​etc/​mysql/​my.cnf 
-ii  mysql-server ​                    ​5.5.29-0ubuntu0.12.04.2 ​            MySQL database server (metapackage depending on the latest version) 
-ii  mysql-server-5.5 ​                ​5.5.29-0ubuntu0.12.04.2 ​            MySQL database server binaries and system database setup 
-ii  mysql-server-core-5.5 ​           5.5.29-0ubuntu0.12.04.2 ​            MySQL database server binaries 
-ii  php5-mysql ​                      ​5.3.10-1ubuntu3.6 ​                  MySQL module for php5 
-root@stesting:​~#​ dpkg -l  | grep apache2 
-ii  apache2 ​                         2.2.22-1ubuntu1.3 ​                  ​Apache HTTP Server metapackage 
-ii  apache2-mpm-prefork ​             2.2.22-1ubuntu1.3 ​                  ​Apache HTTP Server - traditional non-threaded model 
-ii  apache2-utils ​                   2.2.22-1ubuntu1.3 ​                  ​utility programs for webservers 
-ii  apache2.2-bin ​                   2.2.22-1ubuntu1.3 ​                  ​Apache HTTP Server common binary files 
-ii  apache2.2-common ​                ​2.2.22-1ubuntu1.3 ​                  ​Apache HTTP Server common files 
-ii  libapache2-mod-php5 ​             5.3.10-1ubuntu3.6 ​                  ​server-side,​ HTML-embedded scripting language (Apache 2 module) 
-</​code>​ 
- 
- 
-Login into the newly created VM and download this script: 
- 
-  ssh -Y <​username>​@newly-created-vm.inf.unibz.it 
-  ​ 
--Y is important to allow for graphical window (firefox) to open 
- 
- 
-{(xssnipper>,​1,​sh dvwa-installer.sh slide, 
-#/bin/bash 
-echo -e "​\n#######################################"​ 
-echo -e "# Damn Vulnerable Web App Installer Script #" 
-echo -e "#######################################"​ 
-echo " Coded By: Travis Phillips"​ 
-echo " Website: http://​theunl33t.blogspot.com"​ 
-echo -e -n "\n[*] Changing directory to /​var/​www..."​ 
-cd /var/www > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Removing default index.html..."​ 
-rm index.html > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Changing to Temp Directory..."​ 
-cd /tmp 
-echo -e "​Done!\n"​ 
- 
-echo "[*] Downloading DVWA..."​ 
-wget http://​dvwa.googlecode.com/​files/​DVWA-1.0.7.zip 
-#wget http://​voxel.dl.sourceforge.net/​project/​dvwa/​DVWA-1.0.7.zip 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Unzipping DVWA..."​ 
-unzip DVWA-1.0.7.zip > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Deleting the zip file..."​ 
-rm DVWA-1.0.7.zip > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Copying dvwa to root of Web Directory..."​ 
-cp -R dvwa/* /var/www > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Clearing Temp Directory..."​ 
-rm -R dvwa > /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Enabling Remote include in php.ini..."​ 
-cp /​etc/​php5/​apache2/​php.ini /​etc/​php5/​apache2/​php.ini1 
-sed -e '​s/​allow_url_include = Off/​allow_url_include = On/' /​etc/​php5/​apache2/​php.ini1 > /​etc/​php5/​apache2/​php.ini 
-rm /​etc/​php5/​apache2/​php.ini1 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Enabling write permissions to /​var/​www/​hackable/​upload..."​ 
-chmod 777 /​var/​www/​hackable/​uploads/​ 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Starting Web Service..."​ 
-service apache2 start &> /dev/null 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Starting MySQL..."​ 
-service mysql start &> /dev/null 
-sleep 11 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Updating Config File..."​ 
-cp /​var/​www/​config/​config.inc.php /​var/​www/​config/​config.inc.php1 
-sed -e '​s/'​\'​\''/'​\''​mysql'​\''/'​ /​var/​www/​config/​config.inc.php1 > /​var/​www/​config/​config.inc.php 
-rm /​var/​www/​config/​config.inc.php1 
-echo -e "​Done!\n"​ 
- 
-echo -n "[*] Updating Database..."​ 
-wget --post-data "​create_db=Create / Reset Database"​ http://​127.0.0.1/​setup.php &> /dev/null 
-mysql -u root --password='​mysql'​ -e '​update dvwa.users set avatar = "/​hackable/​users/​gordonb.jpg"​ where user = "​gordonb";'​ 
-mysql -u root --password='​mysql'​ -e '​update dvwa.users set avatar = "/​hackable/​users/​smithy.jpg"​ where user = "​smithy";'​ 
-mysql -u root --password='​mysql'​ -e '​update dvwa.users set avatar = "/​hackable/​users/​admin.jpg"​ where user = "​admin";'​ 
-mysql -u root --password='​mysql'​ -e '​update dvwa.users set avatar = "/​hackable/​users/​pablo.jpg"​ where user = "​pablo";'​ 
-mysql -u root --password='​mysql'​ -e '​update dvwa.users set avatar = "/​hackable/​users/​1337.jpg"​ where user = "​1337";'​ 
-echo -e "​Done!\n"​ 
- 
-echo -e -n "[*] Starting Firefox to DVWA\nUserName:​ admin\nPassword:​ password"​ 
-firefox http://​127.0.0.1/​login.php &> /dev/null & 
-echo -e "​\nDone!\n"​ 
-echo -e "​[\033[1;​32m*\033[1;​37m] DVWA Install Finished!\n"​ 
-)} 
- 
- 
-Now stop the apache2 and mysql service 
- 
-  service apache2 stop 
-  service mysql stop 
- 
-Now you are ready to execute the dvwa-installer.sh script 
- 
-  ./​dvwa-installer.sh 
- 
-This will download the DVWA Program, set it up and open firefox to create/​reset the Database. 
-  
- 
-===== Links ===== 
- 
-[[http://​www.dvwa.co.uk/​DVWA]] 
  
/var/www/wiki.inf.unibz.it/data/pages/public/dvwa.txt · Last modified: 2019/01/16 10:03 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0