Install and set up DVWA on CentOS 8

In this guide, we will learn how to install and set up DVWA on CentOS 8. As we all know, DVWA is the abbreviation of DVWA. Damn fragile web application Is a very fragile PHP / MySQL web application designed to help security professionals, students, and web application developers test their security skills, learn web application security, and understand web application security processes, respectively.

Install and set up DVWA on CentOS 8

Update system packages

First, make sure your system packages are up-to-date

dnf update

Install LAMP Stack on CentOS 8

Since DVWA is a web application, you basically need to install the LAMP stack before setting up DVWA. Please click on the link below to learn how to install LAMP stack on CentOS 8.

How to install LAMP Stack on CentOS 8

Create DVWA database and database user

After installing the LAMP stack, continue to create the DVWA database and database users.

mysql -u root -p

Create a DVWA database. You can use any database name.

create database dvwadb;

Create a DVWA database user with all privileges assigned on the DVWA database. Replace the user and password accordingly, again.

grant all on dvwadb.* to dvwamgr@localhost identified by 'mypassword';

Reload the privilege table and exit the database.

flush privileges;
quit

Configure PHP for DVWA

Install other required PHP-GD modules.

dnf install php-gd

This demo uses PHP 7.2.

php -v
PHP 7.2.11 (cli) (built: Oct  9 2018 15:09:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

Continue editing php.ini And make the following changes.

vim /etc/php.ini
  • allow_url_fopen = On – Allow inclusion of remote files (RFI)
  • allow_url_include = On – Allow inclusion of remote files (RFI)
  • display_errors = Off – (Optional) hide PHP warning messages to make them less verbose

Save and exit the PHP configuration file

Install DVWA on Debian 10

In this demo, we install DVWA under the default Apache Web root directory, ie /var/www/html.

So clone the DVWA github repository to the web root directory.

dnf install git
git clone https://github.com/ethicalhack3r/DVWA /var/www/html/

Configure DVWA on CentOS 8

To begin configuration, rename the sample configuration file /var/www/html/config/config.inc.php.dist to /var/www/html/config/config.inc.php

cp /var/www/html/config/config.inc.php{.dist,}

Edit the configuration file, /var/www/html/config/config.inc.php And configure the database connection details.

vim /var/www/html/config/config.inc.php
...
# Database variables
#   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
#   Please use a database dedicated to DVWA.
#
# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
#   See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwadb';
$_DVWA[ 'db_user' ]     = 'dvwamgr';
$_DVWA[ 'db_password' ] = 'mypassword';
...

Install the reCAPTCHA key

Generate recapture values ​​from Google services.

Once generated, just copy and paste Site key with Website key to $_DVWA[ 'recaptcha_public_key' ] with $_DVWA[ 'recaptcha_private_key' ] respectively.

...
# ReCAPTCHA settings
#   Used for the 'Insecure CAPTCHA' module
#   You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
$_DVWA[ 'recaptcha_public_key' ]  = '6LcWVswUAAAAAHPp-TlOuNcLcrw7iAWVhtOrDYFm';
$_DVWA[ 'recaptcha_private_key' ] = '6LcWVswUAAAAABssYEu10VtWinRub6b_D8zn_sSL';
...

Save and exit the configuration file.

Assign ownership of the DVWA Web configuration file to Apache.

chown -R apache:apache /var/www/html

Restart the database and Apache

systemctl restart mariadb httpd

Configure SELinux

If SELinux is running, apache user will be denied write access to the file, /var/www/html/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt And on the directory /var/www/html/config. To resolve this issue, simply execute the following command;

setsebool -P httpd_unified 1

Allow HTTPD scripts and modules to connect to the network

setsebool -P httpd_can_network_connect 1

Allow HTTPD scripts and modules to connect to the database over the network.

setsebool -P httpd_can_network_connect_db 1

Complete DVWA settings on your browser

You can now access DVWA from your preferred browser to complete the configuration settings. Using address, http://server-IP/setup.php

On the settings page, make sure that none of the settings status is red. If so, be sure to resolve the issue before proceeding.

Please click Reset / database Configure DVWA database connection settings.

Setting up a DVWA database on CentOS 8

Since we have done this above, you will be redirected to the DVWA login interface if the database connection details are correct.

Login with default credentials; username: admin, password: password.

DVWA login page default credentials

DVWA default dashboard.

Install and set up DVWA on CentOS 8

it is good. Installing and setting up DVWA on CentOS 8 is all there is to it.

reference

Damn fragile web application

Related tutorials

How to install and configure DVWA Lab on Ubuntu 18.04 server

Install and set up DVWA on Debian 10

How to install and use Nikto Web Scanner on Ubuntu 18.04

Install OpenVAS 10 (GVM) on Debian 10 Buster

.

Sidebar