/ Internal Infrastructure

Setting Up DVWA for Kali Linux

2–3 minutes
512 words
, ,
2–3 minutes
512 words
, ,
Table of Contents
  1. Intro
  2. Step 1 – Kali Linux
  3. Step 2 – DVWA Github
  4. Step 3a – Installing DVWA
  5. Step 3b – Installing DVWA
  6. Step 4a – DVWA Setup
  7. Step 4b – DVWA Setup
  8. Step 4c – DVWA Setup
  9. Step 4d – DVWA Setup
  10. Step 5 – Final Check

Intro

Here we’re going to learn how to quickly and safely install Damn Vulnerable Web Application (DVWA) within Kali Linux.

DVWA is an excellent testing and awareness application made by DigiNinja for security practitioners.

Step 1 – Kali Linux

This guide assumes that you’re familiar with Virtual Machines and Installing Kali.

For now, just boot into Kali and open up a terminal.

Step 2 – DVWA Github

The first step is to go to the official DVWA Github. Whenever you’re about to use a Github repo, it’s a good idea to check the stars of the repo. Although it’s not a 100% fool proof method, it’s a good indication that the community approves of and is in favour of the repo.

Go to https://github.com/digininja/DVWA and scroll down to the One-Liner chapter

When you’re at the One-Liner chapter, take a copy of the one-liner and return to your Kali prompt.

The Github One-Liner

Step 3a – Installing DVWA

Within your Kali Terminal, paste the one-liner from Github and press enter, it will run through the installation steps for you. It really is as simple as that. We have been really blessed by the work IamCarron has done to make the installation of DVWA for us.

Running the one-liner installation within Kali

Step 3b – Installing DVWA

You will get prompted to set some credentials for the SQL user. We press enter twice here to set no user or password.

The prompt during the one-liner install

Step 4a – DVWA Setup

The one-liner will only take a few minutes to install and setup. Once it has been setup, we can start DVWA.

Go to localhost/DVWA/login.php and you’ll find a login page. The credentials to log into DVWA are admin:password.

The login page for DVWA

Step 4b – DVWA Setup

Once logged in, you’ll be greeted with some stats and information. Scroll to the bottom of the page and click the Create / Reset Database to start the process.

You’ll then be sent to the login page again.

Step 4c – DVWA Setup

Before logging back in, we will make two small configuration changes.

We will set the default difficulty to Low, that way we don’t have to change the difficulty every time we want to use DVWA.

Additionally, we can turn off authentication to the application, allowing certain attacks to be carried out easier.

Edit the config file and then save it.

sudo nano /var/www/html/DVWA/config/config.inc.php
The config.inc.php before the updates
The config.inc.php after the updates

Step 4d – DVWA Setup

Before using DVWA, we will start the web application to make sure any recent changes have been applied.

sudo systemctl restart apache2

Step 5 – Final Check

Browsing to localhost/DVWA, you will now see the menu panel without having to log into the application.

Now you’re ready to start safely and ethically start testing!

Successfully installing and configuring DWVA
Table of Contents
  1. Intro
  2. Step 1 – Kali Linux
  3. Step 2 – DVWA Github
  4. Step 3a – Installing DVWA
  5. Step 3b – Installing DVWA
  6. Step 4a – DVWA Setup
  7. Step 4b – DVWA Setup
  8. Step 4c – DVWA Setup
  9. Step 4d – DVWA Setup
  10. Step 5 – Final Check

BLOG Categories

Need a Security Assessment?

Our expert team is available to help you plan your next Penetration Test, Cloud Security Audit, or Cyber Essentials Assessment.

View all our security services >

Call our team on 0333 339 7246 >

Start a conversation by email >

Scroll to Top