User Tools

Site Tools


public:dvwa

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
public:dvwa [2013/04/04 14:47] – created KoHofer@unibz.itpublic:dvwa [2019/01/16 10:03] (current) – external edit 127.0.0.1
Line 2: Line 2:
  
 This short how-to will guide you through the installation process of DVWA on Ubuntu 12.04 LTS  This short how-to will guide you through the installation process of DVWA on Ubuntu 12.04 LTS 
 +
  
 ===== Prerequisites ===== ===== Prerequisites =====
 +
 +Install a Virtual Machine with Ubuntu 12.04 LTS Server. Next install the additional
 +software packages below.
  
 Ubuntu Software Packages: Ubuntu Software Packages:
  
-  sudo apt-get install php5 php5-common php5-cli php5-mysql libapache2-mod-php5 mysql-server php5-mysql apache2 libapache2-mod-php5+  sudo apt-get install php5 php5-common php5-cli php5-mysql libapache2-mod-php5 mysql-server php5-mysql apache2 libapache2-mod-php5 firefox 
 + 
 +**Give the mysql superuser root the password: toor**
  
 <code> <code>
Line 35: Line 41:
 </code> </code>
  
 +
 +Login into the newly created VM and download this script:
 +
 +  ssh -Y <username>@newly-created-vm.inf.unibz.it
 +  
 +-Y is important to allow for graphical window (firefox) to open
 +
 +
 +{(xssnipper>,1,sh dvwa-installer.sh slide,
 +#/bin/bash
 +echo -e "\n#######################################"
 +echo -e "# Damn Vulnerable Web App Installer Script #"
 +echo -e "#######################################"
 +echo " Coded By: Travis Phillips"
 +echo " Website: http://theunl33t.blogspot.com"
 +echo -e -n "\n[*] Changing directory to /var/www..."
 +cd /var/www > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Removing default index.html..."
 +rm index.html > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Changing to Temp Directory..."
 +cd /tmp
 +echo -e "Done!\n"
 +
 +echo "[*] Downloading DVWA..."
 +wget http://dvwa.googlecode.com/files/DVWA-1.0.7.zip
 +#wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
 +echo -e "Done!\n"
 +
 +echo -n "[*] Unzipping DVWA..."
 +unzip DVWA-1.0.7.zip > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Deleting the zip file..."
 +rm DVWA-1.0.7.zip > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Copying dvwa to root of Web Directory..."
 +cp -R dvwa/* /var/www > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Clearing Temp Directory..."
 +rm -R dvwa > /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Enabling Remote include in php.ini..."
 +cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
 +sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
 +rm /etc/php5/apache2/php.ini1
 +echo -e "Done!\n"
 +
 +echo -n "[*] Enabling write permissions to /var/www/hackable/upload..."
 +chmod 777 /var/www/hackable/uploads/
 +echo -e "Done!\n"
 +
 +echo -n "[*] Starting Web Service..."
 +service apache2 start &> /dev/null
 +echo -e "Done!\n"
 +
 +echo -n "[*] Starting MySQL..."
 +service mysql start &> /dev/null
 +sleep 11
 +echo -e "Done!\n"
 +
 +echo -n "[*] Updating Config File..."
 +cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
 +sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
 +rm /var/www/config/config.inc.php1
 +echo -e "Done!\n"
 +
 +echo -n "[*] Updating Database..."
 +wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null
 +mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";'
 +mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";'
 +mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";'
 +mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";'
 +mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";'
 +echo -e "Done!\n"
 +
 +echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password"
 +firefox http://127.0.0.1/login.php &> /dev/null &
 +echo -e "\nDone!\n"
 +echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n"
 +)}
 +
 +
 +Now stop the apache2 and mysql service
 +
 +  service apache2 stop
 +  service mysql stop
 +
 +Now you are ready to execute the dvwa-installer.sh script
 +
 +  ./dvwa-installer.sh
 +
 +This will download the DVWA Program, set it up and open firefox to create/reset the Database.
 + 
 +
 +===== Links =====
 +
 +[[http://www.dvwa.co.uk/DVWA]]
  
/data/www/wiki.inf.unibz.it/data/attic/public/dvwa.1365079666.txt.gz · Last modified: 2019/01/16 10:03 (external edit)