How To Install DVWA On Linux
Learn how to install and set up DVWA (Damn Vulnerable Web App) on Linux (Kali, Ubuntu, Debian, Fedora) using either XAMPP or native Apache and MariaDB web servers.
In this post, I’ll walk you through 2 ways we can install DVWA on Linux:
- Using XAMPP
- Without XAMPP
How to Install DVWA on Linux with XAMPP
- Go to https://www.apachefriends.org/download.html and download the version for Linux.
-
Open your terminal, navigate to your downloads directory and run the installer. You’ll have to make the installer executable before running it with sudo, e.g.:
1 2 3
cd Downloads/ chmod +x ./xampp-linux-x64-8.2.4-0-installer.run sudo ./xampp-linux-x64-8.2.4-0-installer.run
- On the setup window, click Forward until you get to the end of the screen, and wait for the installation to complete.
- Ensure the Launch XAMPP checkbox is checked, then click on Finish.
- Navigate to the Manage Servers tab.
- Click Apache and press Start. Do the same for MySQL Database.
-
Git clone DVWA with depth=1 to reduce repo size and move it to the XAMPP htdocs directory. The total size as of this writing was 3.5MB.
1 2
git clone https://github.com/digininja/DVWA --depth=1 sudo mv DVWA -rv /opt/lampp/htdocs
-
Loosen the permissions for the directory.
1
sudo chmod -Rv 777 /opt/lampp/htdocs/DVWA/
-
Configure your environment by copying config/config.inc.php.dist to config/config.inc.php.
1
cp /opt/lampp/htdocs/DVWA/config/config.inc.php.dist /opt/lampp/htdocs/DVWA/config/config.inc.php -v
If we take a look at the contents of config.inc.php, we’ll see that in the comments we must create a dedicated DVWA user (for those using MariaDB), and XAMPP by default uses MariaDB.
1
cat /opt/lampp/htdocs/DVWA/config/config.inc.php -
To create a dvwa user, we’ll first login as root in MariaDB.
1
/opt/lampp/bin/mysql -u root -p
When prompted for password, just hit enter, as there’s no password by default.
-
In the MariaDB sql shell run:
1
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
-
Grant privileges:
1
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
-
Flush all privileges for the permissions to take place immediately and exit:
1 2
FLUSH PRIVILEGES; exit;
- On your browser, navigate to
localhost/DVWA/setup.phpand clickCreate/Reset Databaseat the bottom of the page. - If all went well, you should now be able to login and start hacking. Username = admin and password = password.
How to Install DVWA on Linux without XAMPP
On Linux distros like Kali, an Apache and MySQL server, and some PHP modules are usually installed by default. Though, to use them, you’ll have to enable/start these servers. So instead of installing XAMPP just to run DVWA, we can just configure the existing (preinstalled) ones. Though it’s not the same with Fedora; on Fedora, you’ll still need to install Apache and MariaDB manually. And should in case you need to install on any distros, here are the commands for Debian-based distros and Fedora.
1
2
3
4
#kali /ubuntu/ debian
sudo apt install apache2 mariadb-server -y
#install php and php modules
sudo apt install php php-mysql php-gd php-cli -y
On Fedora, the Apache binary is named as httpd, so we’ll say:
1
2
3
4
5
sudo dnf install httpd mariadb-server -y
# install php modules
sudo dnf install php php-gd php-mysqlnd
# also turn off SELinux temporarily, as it affects communication to the SQL server
sudo setenforce 0
-
Enabling / starting the web servers Apache / MariaDB.
On Kali / Debian based distros we’ll say:
1 2 3
#to enable and start apache and mariadb sudo systemctl enable apache2 mariadb sudo systemctl start apache2 mariadb
On Fedora we’ll say:
1 2
sudo systemctl enable httpd mariadb sudo systemctl start httpd mariadb
After installing and starting our servers, all we need to do is basically repeat the steps above in a slightly different way:
- Clone DVWA into the webserver’s doc root:
- On Kali it’s
/var/www/html/ - On Fedora it’s also
/var/www/html
1
sudo git clone https://github.com/digininja/DVWA --depth=1 /var/www/html/DVWA
- On Kali it’s
-
Loosen the permissions on the directories so DVWA can write to it.
1
sudo chmod 777 -Rv /var/www/html/DVWA
-
Copy the config template.
1
sudo cp -v /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
-
On your terminal, login to MariaDB as root.
1
sudo mariadb -u root
-
Create DVWA database user, grant privileges and flush. Same as the XAMPP steps above.
1 2 3 4
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd'; GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost'; FLUSH PRIVILEGES; exit;
- Navigate to
http://localhost/DVWA/setup.php, scroll to the bottom and click theCreate / Reset Databasebutton. - After that, you can now login at
http://localhost/DVWA/setup.php.
And that’s all for setting up DVWA on Linux. See you in the next one!