DVWA Pentest Course: Hacking Web Applications Safely
# DVWA Pentest Course: Hacking Web Applications Safely## Section 5: Mastering DVWA on Kali Linux### Introduction to DVWA
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable, which is designed to be an aid for web application security enthusiasts and pentesters. It provides a platform for testing and learning about the vulnerabilities that can occur in web applications.### Installation and Configuration on Kali Linux
Before diving into the usage of DVWA, let's start by laying down the groundwork through installation and configuration.#### Prerequisites
Ensure you have the following:
– Kali Linux installed
– Apache web server
– MySQL server
– PHP and necessary modules (PHP 7.3 or above recommended)#### Step 1: Update Kali
Begin with updating your existing packages:
sudo apt update && sudo apt upgrade
#### Step 2: Install Apache and MySQL
If you haven’t already, install Apache and MySQL:
sudo apt install apache2
sudo apt install mysql-server
#### Step 3: Install PHP and Required Extensions
Install PHP and the required extensions:
sudo apt install php php-mysqli php-gd php-xml php-mbstring
#### Step 4: Download DVWA
Clone the DVWA repository from GitHub:
git clone https://github.com/digininja/DVWA.git
Move the DVWA directory to the Apache web root:
sudo mv DVWA /var/www/html/
#### Step 5: Configure the Database
1. Start the MySQL service:
2. Enter MySQL:
3. Create a database for DVWA:[/dm_code_snippet]sql
CREATE DATABASE dvwa;
[/dm_code_snippet]4. Create a user and grant permissions:[/dm_code_snippet]sql
CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwauser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
[/dm_code_snippet]#### Step 6: Configure DVWA
Navigate to the DVWA configuration file:
cd /var/www/html/DVWA/config
cp config.inc.php.dist config.inc.php
nano config.inc.php
Update the database settings with the user and database you created:[/dm_code_snippet]php
$_DVWA['db_user'] = 'dvwauser';
$_DVWA['db_password'] = 'password';
$_DVWA['db_database'] = 'dvwa';
[/dm_code_snippet]#### Step 7: Set Permissions
Ensure the web server can write to the DVWA folder:
sudo chown -R www-data:www-data /var/www/html/DVWA
sudo chmod -R 755 /var/www/html/DVWA
#### Step 8: Start Apache Web Server
Start and enable the Apache service:
sudo service apache2 start
#### Step 9: Access DVWA
Open a web browser and navigate to:[/dm_code_snippet]
http://localhost/DVWA/setup.php
[/dm_code_snippet]Click on "Create / Reset Database". Once you see the success message, you can access the DVWA login page at:[/dm_code_snippet]
http://localhost/DVWA/login.php
[/dm_code_snippet]Login with the default credentials:– Username: admin
– Password: password### Step-by-Step Usage and Real-World Use CasesNow that we have DVWA set up, we can explore its different security levels (low, medium, high, and impossible). Let’s look at a few common vulnerabilities you can exploit using DVWA.#### Example 1: SQL Injection
1. **Navigate to SQL Injection** in the DVWA menu on the left.
2. **Set Security Level to Low**.
3. In the input box, you can enter:[/dm_code_snippet]sql
1 OR 1=1
[/dm_code_snippet]4. This command manipulates the SQL query to return all records from the database.#### Code Example in Markdown
To illustrate this vulnerability in WordPress, consider a hypothetical vulnerable page:[/dm_code_snippet]php
[/dm_code_snippet]To secure this, use prepared statements:[/dm_code_snippet]php
prepare("SELECT * FROM users WHERE id = ?");
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
// Process result
}
?>
[/dm_code_snippet]#### Example 2: Cross-Site Scripting (XSS)
1. **Navigate to XSS** in the DVWA interface.
2. **Set Security Level to Low**.
3. In the input box, enter a simple JavaScript payload:[/dm_code_snippet]javascript [/dm_code_snippet]4. Submitting this will execute the JavaScript code in the browser.#### Example 3: Command Injection
1. **Navigate to Command Injection**.
2. Enter a command such as:
3. This command attempts to execute a shell command to list directory contents.### Detailed Technical Explanations#### SQL Injection
SQL Injection occurs when an attacker can manipulate SQL queries by injecting malicious input. This manipulation can lead to unauthorized data access, data modification, or even deletion.1. **Types of SQL Injection**:
– Inband: Data is extracted using the same channel of communication.
– Out-of-band: Data is extracted using a different channel.
– Blind: The attacker does not see the data but can infer.2. **Countermeasures**:
– Use prepared statements.
– Implement input validation and sanitization.
– Employ web application firewalls (WAF).#### Cross-Site Scripting (XSS)
XSS allows attackers to inject client-side scripts into web pages viewed by other users. This can result in session hijacking, redirecting users, or stealing information.1. **Types of XSS**:
– Stored XSS: The payload is stored on the server, e.g., in a database.
– Reflected XSS: The payload is reflected off a web server, e.g., in search results.
– DOM-based XSS: The payload is executed as a result of modifying the DOM.2. **Countermeasures**:
– Use Content Security Policy (CSP).
– Sanitize user inputs.
– Escape outputs properly.### External Reference Links
– [OWASP SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection)
– [OWASP Cross-Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/)
– [OWASP Command Injection](https://owasp.org/www-community/attacks/Command_Injection)### Conclusion
DVWA serves as an excellent platform for testing and learning about web application vulnerabilities. By practicing with DVWA, you can strengthen your understanding of security issues and develop better defensive coding practices.### Next Steps
– Explore other DVWA vulnerabilities.
– Document your tests and findings.
– Share your insights with the community!Made by pablo rotem / פבלו רותם
