web application – dvwa damn vulnerable web app

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test ...

Install on Windows XP

1. Install xampp on windows http://www.apachefriends.org/en/xampp-windows.html
2. If IIS is installed dissable as will block Apache from running.
3. Using the XAMPP Control Panel start Apache + MySql (Not if the don't start make sure IIS is off)
4. Down load DVWA http://www.dvwa.co.uk/
5. Unzip dvwa
6. Open C:\xampp\htdocs and cut all files in here (Default apache page) And move to a new folder on desk top. (This is so you can place back if ever required?)
7. Place the unziped dvwa folder in to the now empty htdocs folder.
8. Open firefox or IE and point to http://127.0.0.1/dvwa/login.php

If you want to use back track to attack remotely.

9. open C:\xampp\htdocs\dvwa (Make sure you have set Show hidden files and folders) Tools / Folder Options / View
10. open .htaccess and allow from ip you want to allow as seen bellow I added 192.168.1.2

# Only set these if PHP 5 is loaded as an apache module

php_flag magic_quotes_gpc Off
#php_flag allow_url_fopen on
#php_flag allow_url_include on

# Only set these if PHP 4 is loaded as an apache module

php_flag magic_quotes_gpc Off
#php_flag allow_url_fopen on
#php_flag allow_url_include on

# Limit access to localhost

order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.1.2

11. Save
12. Should now be able http://ip-address-of-windows-box/dvwa/login.php from back track. Open your tools have fun!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s