Home / Hacking / Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab

Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab

Fixing problems

If you remember from previous post, we reached this point-
Configure your web application pentesting lab - 14
There’s some stuff in red color.

All the stuff in red needs fixing. If you are lucky, we have the same set of issues which need fixing. Otherwise, you’ll have to do some googling to find out how to fix problems which you are facing and I am not.

Changing mysql username and password

The default credentials are ‘root’ and ‘[email protected]’ in the config.inc.php file. We change it to the correct mysql login credentials, ‘root’ and ”, in my case. You can change depending on your mysql credentials. This gets rid of our biggest worry – Unable to connect to database!
Configure your web application pentesting lab - 15

This is the biggest problem. Solving this means we can create our database, some modules may not work perfectly, but DVWA will run. Without fixing this, we won’t even be able to start. To fix this, open /opt/lamp/htdocs/DVWA-master/config/config.inc.php file in your favorite text editor.

Configure your web application pentesting lab - 16
This password isn’t the password of our mysql database. In my case, password is nothing, i.e. two single quotes (i.e. ”). Update the value here. In case your mysql password is something else, use that. Change the username too is need be.

Configure your web application pentesting lab - 17
This is the corrected password value in my case. After this, refresh the page and click “Create/Reset database”
Configure your web application pentesting lab - 18
Now everything works fine after you click Create/Reset database. We’ll fix the other remaining issues in next section.

Fixing missing recaptcha key

First, we need to solve the recaptcha key missing problem. Go to this URL

Configure your web application pentesting lab - 19

Go to the URL, you’ll see a form like this.

Configure your web application pentesting lab - 20

Fill form, values don’t matter much

Configure your web application pentesting lab - 21

You obtain site key and secret key. Site key = Private key, secret key = private key

Configure your web application pentesting lab - 22

Open the config.ini.php file in your favourite text editor

Configure your web application pentesting lab - 23

Edit the recaptcha public key and private key fields. Here is what I did.
Configure your web application pentesting lab - 24
Now we have a a recaptcha key. One red down, 3 to go.

Fixing disabled allow_url_include

We simply have to locate the configuration file and edit the value of the parameter from Off to On.

Configure your web application pentesting lab - 25

The php configuration file is located at /opt/lampp/etc/php.ini. Edit it with your favourite text editor, you’ll need root privileges (sudo)

Configure your web application pentesting lab - 26

Locate the allow_url_include line by using search feature of your text editor

Configure your web application pentesting lab - 27

Change Off to On.

 

Configure your web application pentesting lab - 28

Restart the lampp service

Configure your web application pentesting lab - 29

Reload page, you’ll see that the issue is fixed

Note: Any other function which is disabled can be enabled in a similar manner. All settings are in the php.ini file. You just need to search for the corresponding line and edit it.

Check Also

A .vimrc config file everyone should use

Ever had that issue when you login to a Linux terminal, editing a file and …

Remove cloud-init from Ubuntu - blackMORE Ops - 2

Remove cloud-init from Ubuntu

Cloud images are operating system templates and every instance starts out as an identical clone …

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.