28

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.It is a best platform to practice web application hacking and security.



This is Our old dvwa tutorial. You can find our New dvwa Tutorial Here

1. Download DVWA : Click Here
                                                                         (click image for large view)

2. Unzip download file

3. Copy dvwa folder into Computer → File system → var → www

4. Set permission of DVWA into 755 for this open Termianl and type
chmod -R 755 /var/www/dvwa and hit enter

5. Run Apache for this go to Application → kali linux → System Service → HTTP → apache2start

6. Apache run successfully

7. Run My SQL  for this go to Application → kali linux → System Service → MySQL → mysql start

8. My SQL run successfully

9. Now Create Database for dvwa
→ Open Terminal  and type
mysql –u root –p  and hit enter
→ when it ask for Password simply hit enter
→ now type create database dvwa; and hit enter (here you can see an error because I have already created my database for dvwa but if you are creating first time than you will see a successful msg)
→ If you want to exit terminal type exit and hit enter


10. Now go to your browser and write http://127.0.0.1/dvwa or http://localhost/dvwa and write your username and password by default it is username – admin and password – password than click in login

11. Are you getting this error Table 'dvwa.users' doesn't exist ?

12. Now time to solve the above error open terminal and type curl --data ‘create db=create+%2F+Reset+Database’ http://127.0.0.1/dvwa/setup.php# --cookie PHPSESSID=1 and hit enter

13. Now again go to your browser and login with default username and password

14. You have successfully logged in.
(click image for large view)

Note - You have to repeat Step 5 - Step 8 each time whenever you will restart your Kali Linux only then 127.0.0.1/dvwa will be work in your browser.

Like it ? Share it.

Post a Comment

  1. The fix on step 12 did not work.
    curl: (6) Couldn't resolve host 'db=create+%2F+Reset+Database’'

    ReplyDelete
    Replies
    1. Seriously this is the easiest method to solve this problem if you still facing this problem there is one other solution but you have to edit the setup.php manually which is really a difficult task. SImply i like to advice you use another alternate options there are other apps like DVWA who can make your test legal thanks for commen.

      Delete
    2. Ash S: rename your DVWA-1.0-* that u copied in to /var/www/
      new folder name should be dvwa

      Delete
    3. curl --data 'create db=create+%2F+Reset+Database' http://127.0.0.1/dvwa/setup.php# --cookie PHPSESSID=1 use this

      Delete
    4. thank jatin , the issue is with single quotes.........

      Delete
  2. after I did the step it won't let me log in with the default user and pass. It just says login failed. Any suggestions?

    ReplyDelete
  3. Try to create once again the database for dvwa... If still facing problem contact me on my mail. Thanks for comment

    ReplyDelete
  4. in step 6 and 8 whenever i start apache or MYSQL from kali tools i get following msg
    "sh: 1: service: not found"

    kindly suggest what to do in this case?

    ReplyDelete
    Replies
    1. The following command will configure service to start at bootup.

      root@kali:~# update-rc.d apache2 enable

      root@kali:~# update-rc.d mysql enable

      i hope this will help u

      Delete
    2. thank you.. it just worked well when i tried this in root.
      but there is 1 more question while using dvwa is it really require to use xampp?

      Delete
    3. You can test it yourself just run dvwa once without xampp and with xampp. and see the result :)
      Thanks for comment

      Delete
    4. step 12 not working

      Delete
  5. admin really thanks.
    becos i done it.
    thank again

    ReplyDelete
  6. Thanks admin.
    bcoz i done it.
    thank again

    ReplyDelete
  7. what is the benefits of this tools ?

    ReplyDelete
    Replies
    1. This tool helps to do penetration without harming anyone. it gives a legal environment for testing your skill

      Delete
  8. Thank you for the tuto! It helped me too mush!

    ReplyDelete
  9. curl --data ‘create db=create+%2F+Reset+Database’ http://127.0.0.1/dvwa/setup.php# --cookie PHPSESSID=1
    when i hit enter it shows the html file in the terminal :( what i do?

    ReplyDelete
    Replies
    1. Our one visitor replied this to above person try his method it can be solve your problem
      rename your DVWA-1.0-* that u copied in to /var/www/
      new folder name should be dvwa

      Delete
    2. already name be correct bro...i need other solution

      Delete
    3. try to edit your config file visit this link https://github.com/RandomStorm/DVWA/blob/master/config/config.inc.php

      Delete
    4. how to find this config file , where it is , and how to edit it

      Delete
    5. this can be find in your dvwa folder

      Delete
  10. Go to http://127.0.0.1/dvwa/setup.php
    and click on Click / Reset database.

    error will be solved. This is for who are facing "Table 'dvwa.users' doesn't exist" :d

    ReplyDelete
  11. im getting stuck at create database dvwa; ...it says command not found

    ReplyDelete
    Replies
    1. Try our New tutorial http://www.geekyshows.com/2014/07/install-dvwa-in-kali-linux.html

      Delete
  12. Tutorials that help explain once for a beginner, to better understand the learning computer. Thank you friend.

    ReplyDelete

Comment Rules :
1. Do not post Adult/illegal Links.
2. Try to comment in only English Language.
3. Do not post other website's links which are useless.
4. Your Comment should be based on the Topic for other queries Kindly Visit our Contact Us Page.
5. Do not use Abusive Language.
6. Respect each other.
Thank You for following the rules. Please Comment....

 
Top