Setup DVWA

25年 1月 29日 Wednesday
300 words
2 minutes

Setup DVWA on arch linux (recommended to tried this in isolated environment, like QEMU)

technical pre-requisite:

  • basic understanding on php programming language
  • understand how to talk to sql database through php code (atleast know how to code koneksi.php)

install necessary arch package:

text
pacman -S php php-fpm php-gd mariadb apache

configure mariadb

initialize mariadb:

text
mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

set mariadb database, user and password

text
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON *.* TO 'dvwa'@'localhost';
CREATE DATABASE dvwa;

optionally, ensure the DB and user is created, or change password:

text
SHOW DATABASES;
SELECT user FROM mysql.user;
ALTER USER 'dvwa'@'localhost' IDENTIFIED BY 'NewPassword';

configure apache, php-fpm and php

enable proxy modules by un-comment line that contain LoadModule rewrite_module modules/mod_rewrite.so, proxy_module modules/mod_proxy.so and proxy_fcgi_module modules/mod_proxy_fcgi.so in file /etc/httpd/conf/httpd.conf

create file /etc/httpd/conf/extra/php-fpm.conf with the following content:

text
DirectoryIndex index.php index.html
<FilesMatch \.php$>
    SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
</FilesMatch>

and include it by append Include conf/extra/php-fpm.conf at the bottom of file /etc/httpd/conf/httpd.conf

configure /etc/php/php.ini:

  • to enable mysqli, gd, and pdo_mysql module extension (and re-start php-fpm services if necessary):
  • and to turn on certain php function such as allow_url_fopen, allow_url_include, display_errors, and display_startup_errors

run systemd services and clone the DVWA project

start necessary systemd services:

text
systemctl enable mariadb php-fpm httpd --now

clone the git repository to /srv/http: git clone https://github.com/digininja/DVWA copy config/config.inc.php.dist to config/config.inc.php and adjust the config if necessary

if on QEMU, create a ssh tunnel first to access the http service, for example: ssh -N -C -L 8080:127.0.0.1:80 user@qemu-machine -p 4444, it will forward localhost:8080 to the guest's port 80, in the example the ssh's port is listening on 4444

optionally, set the files permission (only owner have full permission, rwx, the rest only rx) with chmod: chmod -R 755 DVWA

also, make sure the hackable/uploads/ and config directory is writable for httpd process.

finally, check if everything configured properly by visit the web page on http://localhost:80/DVWA/setup.php.

click the create / reset database button to initialize database's tables and contents, and you're ready to explore ^^

Title:Setup DVWA

Author:ReYuki

Link:https://www.reyuki.site/posts/setup-dvwa [copy]

Last updated:

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. You are free to share and adapt it, as long as you give appropriate credit, don’t use it for commercial purposes, and distribute your contributions under the same license. Provided under license CC BY-NC-SA 4.0