9 May 2011

Hacking Environment For Newbies==>DVWA

Hacking Environment is used by Hackers to practice the Hacking Style.There are also Some other Testing Environment but DVWA in good for Newbie. Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Vulnerabilities for Practice:-
    SQL Injection
•    XSS (Cross Site Scripting)
•    LFI (Local File Inclusion)
    RFI (Remote File Inclusion)
    Command Execution
•    Upload Script
    Login Brute Force


You can also Increase the practice level as Low,Medium,High .Download it from here
https://sourceforge.net/projects/dvwa/files/DVWA-1.0.7.zip/download  (only 1.29 MB)

INSTALLATION GUIDE:-

The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup.Firstly Install XAMPP.It create a web server on your Computer in which you can Run your DVWA webscript. XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.
You can Download it from here==>
http://www.apachefriends.org/en/xampp-linux.html                 (For Linux)
http://www.apachefriends.org/en/xampp-windows.html           (For Window)

You can also use some other small webserver software like Easy PHP.Download it here==> https://github.com/downloads/easyphp/easyphp/EasyPHP-5.3.6.0-setup.exe  (Only 18.3 MB)
But XAMPP is Good.
After Download,Intsall XAMPP.Now go to Start Menu==>XAMPP==>XAMPP CONTROL and open it.A new XAMPP Control Dialog Box appear.
 
Now Start the Apache and MySql. After Starting the Apache and Mysql Open your Browser and Type this address “http://127.0.0.1” or "http://localhost" .If a XAMPP page is Open then Apache and MySql are Started.
Open MyComputer==>LocalDisk C(or Drive in which you Install XAMPP)==>XAMPP
You See Several files and Folder.Now go to “htdocs” Folder and Unzip/extract your DVWA Application.After extraction you see a new folder “DVWA-1.0.7”.Open it,a DVWA folder is present in which contain all the DVWA script.
Now open your browser and go to http://127.0.0.1/DVWA-1.0.7/dvwa/login.php
If link is not open check,  Apache and MySql Started Succesfully!
Default username = admin
Default password = password
After that you have to setup your Database.To set up the database, simply click on the Setup button in the main menu, then click on the 'Create / Reset Database' button. This will create / reset the database for you with some data in.If you receive an error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php
The variables are set to the following by default:
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';
$_DVWA[ 'db_database' ] = 'dvwa';


An explanation of these variables:
$_DVWA[ 'db_user' ] = 'your_database_username';
$_DVWA[ 'db_password' ] = 'your_database_password';
$_DVWA[ 'db_database' ] = 'your_database_name';


Installation video:-


Now you can practice the XSS,Sql Injection,RFI etc.
WARNING:-
Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.
Don’t Copy My Article











3 comments:

shinej said...

pls explain the procedure 4 performing sql injection....

thank u 4 the information

email: shinejrao@yahoo.in
shinejrao@gmail.com

shinej said...

pls provide a detail step to use "DVWA"

will_throw_nails said...

@shinej Look it up yourself. It's not his/her job to teach you the procedures mentioned, take some initiative and do it yourself, also learn some proper grammar for god's sake.