Home / Hacking / Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab

Setting up Damn Vulnerable Web Application (DVWA) – Pentesting Lab

Fixing missing modules

If a module is shown as missing , then we need to install it. In my case, everything is installed. Most likely, since you are also using XAMPP, everything would be installed. However, if that is not the case, then you have to figure out how to install the modules. If you aren’t using XAMPP and did everything manually, then apt-get would be the way to go. Otherwise look at XAMPP’s (or whichever bundle you are using) documentation.

Fixing File Ownership

We need to give www-data user write access to two directories. We’ll can use chgrp and chmod commands in unison to give only the privileges that are needed, or we could go the lazy way and use chmod 777 (full read, write and execute privileges to everyone). I’m feeling lazy and I’m just gonna go the chmod way. Run the command below-

chmod 777 <directory> Replace directory with the correct directory.

Configure your web application pentesting lab - 30

This is the last thing that needs to be done

Configure your web application pentesting lab - 31

Everything is green finally! Also, notice the credentials, we’ll need it later.
“admin // password”

Configure your web application pentesting lab - 32

Database created. Populated with tables.

Configure your web application pentesting lab - 33

Finally the damn vulnerable application is running.

The username = “admin” and password is “password” (“admin // password” that we saw three pics ago).

Configure your web application pentesting lab - 34

Everything is running perfectly. This is the page you should see after successful login.

Check Also

How to Prevent DOM-based Cross-site Scripting

How to Prevent DOM-based Cross-site Scripting

There’s no denying the role that JavaScript has played in making web applications the sleek, …

Advanced Persistent Threat Activity Exploiting Managed Service Providers

Side-Channel Vulnerability Variants 3a and 4 – Spectre and Meltdown

On May 21, 2018, new variants of the side-channel central processing unit (CPU) hardware vulnerabilities …

Use WordPress.com, Twitter, Facebook, or Google+ accounts to comment (anonymous comments allowed)

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.