Pablo Guides

# DVWA Pentest Course: Hacking Web Applications Safely

## Section 1: Introduction to DVWA

**Damn Vulnerable Web Application (DVWA)** is a PHP/MySQL web application that is damn vulnerable. It's designed to aid security professionals and enthusiasts in their endeavors to learn about web application security vulnerabilities. DVWA is an essential tool for those wishing to practice their penetration testing skills in a legal and safe environment.

The purpose of this section is to guide you through the installation and configuration of DVWA on Kali Linux, provide step-by-step usage instructions, discuss real-world scenarios where DVWA can be applied, and present some practical code examples related to WordPress vulnerabilities.

### 1.1 Installation and Configuration on Kali Linux

Before diving into the usage of DVWA, let's start with the installation process on Kali Linux. Follow these detailed steps to get DVWA up and running.

#### Step 1: Update Your Kali System

Make sure your system is up to date. Open a terminal and run:

"`bash
sudo apt update && sudo apt upgrade -y
"`

#### Step 2: Install Apache, MySQL, and PHP

DVWA relies on a web server, a database server, and a scripting language. You can install the required packages with the following command:

"`bash
sudo apt install apache2 mysql-server php php-mysql php-gd libapache2-mod-php -y
"`

#### Step 3: Start Apache and MySQL Services

To ensure that both services are running, execute:

"`bash
sudo systemctl start apache2
sudo systemctl start mysql
"`

You can also enable these services to start on boot:

"`bash
sudo systemctl enable apache2
sudo systemctl enable mysql
"`

#### Step 4: Download DVWA

Now, we will download DVWA from its GitHub repository. Navigate to the `/var/www/html` directory and clone the repository:

"`bash
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git
"`

#### Step 5: Set Permissions

Change the ownership and permissions of the DVWA directory so that the web server can access it:

"`bash
sudo chown -R www-data:www-data DVWA
sudo chmod -R 755 DVWA
"`

#### Step 6: Configure Database

Now, we need to set up the database for DVWA. First, log into MySQL:

"`bash
sudo mysql -u root -p
"`

Then, execute the following SQL commands to create a new database and user:

"`sql
CREATE DATABASE dvwa;
CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwauser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
"`

**Note:** Replace `your_password` with a strong password of your choice.

#### Step 7: Configure DVWA

Now, navigate to the DVWA configuration file and set the database credentials:

"`bash
cd DVWA/config
sudo cp config.inc.php.dist config.inc.php
sudo nano config.inc.php
"`

Find the section that defines the database parameters and update it to:

"`php
$_DVWA[ 'db_user' ] = 'dvwauser';
$_DVWA[ 'db_password' ] = 'your_password';
"`

#### Step 8: Access DVWA in Your Browser

Open your web browser and navigate to:

"`
http://localhost/DVWA/setup.php
"`

Follow the prompts to set up the database. Click on the **'Create / Reset Database'** button.

#### Step 9: Final Configuration

After successful setup, navigate to the **'Login'** page and log in with the default credentials:

– Username: `admin`
– Password: `password`

### 1.2 Step-by-Step Usage and Real-World Use Cases

DVWA is structured into various sections, each reflecting different vulnerability types. Let's explore how to use DVWA for practical exercises.

#### 1.2.1 SQL Injection Example

**Real-World Use Case:** SQL Injection is one of the most common vulnerabilities. In this use case, an attacker could retrieve sensitive data from the database by manipulating SQL queries.

##### Step-by-Step Guide:

1. **Navigate to SQL Injection Section:**
After logging in, select the "SQL Injection" option from the menu.

2. **Input Vulnerability:**
In the input field, enter a simple SQL injection payload, such as:

[/dm_code_snippet]sql
' OR '1'='1' —
[/dm_code_snippet]

3. **Expected Outcome:**
This would return all users in the database because it alters the SQL query to always be true.

#### Code Example in Markdown:

"`sql
SELECT * FROM users WHERE user='admin' AND password=" OR '1'='1' — ';
"`

This code showcases a basic attack that retrieves data without needing valid credentials.

#### 1.2.2 Cross-Site Scripting (XSS)

**Real-World Use Case:** XSS allows attackers to inject scripts into web pages viewed by other users, potentially leading to data theft, session hijacking, etc.

##### Step-by-Step Guide:

1. **Navigate to XSS Section:**
Click on the "Reflected XSS" section on the DVWA menu.

2. **Insert Malicious Script:**
In the input field, type the following code:

[/dm_code_snippet]javascript

[/dm_code_snippet]

3. **Expected Outcome:**
On execution, this script will pop up an alert box, demonstrating the XSS vulnerability.

#### Code Example in Markdown:

"`html

"`

### 1.3 External Reference Links

To expand your knowledge and understanding of web application security, refer to the following resources:

– [OWASP Top Ten Project](https://owasp.org/www-project-top-ten/)
– [Web Application Security Testing Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Web_Application_Security_Testing_Cheat_Sheet.html)
– [The Web Application Hacker's Handbook](https://www.wiley.com/en-us/The+Web+Application+Hacker%27s+Handbook%3A+Finding+and+Exploiting+Security+Flaws%2C+2nd+Edition-p-9781119626237)

### 1.4 Conclusion

By following the steps outlined in this section, you should now have a fully functional DVWA installation on your Kali Linux system. You can practice various vulnerabilities and understand the underlying mechanics of web application attacks.

As you progress through the course, remember to apply the knowledge responsibly and ethically. Understanding these vulnerabilities is key to becoming a proficient ethical hacker.

—

Made by pablo rotem / פבלו רותם