premise
1. After setting up the kali Linux virtual machine, you can read the article I published earlier.
2. There is a DVWA-master compressed package. You can read my previous article, which contains the DVWA-master compressed package.
Table of contents
1. Start Apache and mysql services
1.4 Verify whether the Apache2 service is successfully started
2. Unzip and install the DVWA environment
2.1 Decompress the compressed package
2.2.1 PHP module gd: Missing - Only an issue if you want to play with captchas
2.2.2 PHP function allow_url_include: Disabled
2.3.4 Insufficient permissions
2.3.5 Failed to create database
1. Start Apache and mysql services
1.1 Download Apache2 file
apt intsall apache2 -y
You may encounter this situation when entering the command
At this time you need to run the following command to update the current software package
apt update
After the operation is completed, execute the previous command and it will run successfully. The Apache2 software package is installed successfully.
1.2 Start the Apache2 service
service apache2 start
You can also use the following command to start the Apache2 service. This service enables self-starting Apache.
systemctl start apache2
1.3 Start the mysql service
The mysql service has been installed in kali, so you only need to enable the mysql service
systemctl start mariadb.service
1.4 Verify whether the Apache2 service is successfully started
Enter: 127.0.0.1 in the browser and press Enter
If the following interface is displayed, the apache service is successfully started.
2. Unzip and install the DVWA environment
2.1 Decompress the compressed package
Import the downloaded compressed package into the kali system
Right click and select open terminal here
input the command:
unzip DVWA-master.zip
After decompression, an decompressed folder will be displayed on the desktop.
Move the mv DVWA-master file to /var/www/html/ and rename it to dvwa
mv DVWA-master /var/www/html/dvwa
When accessing dvwa in the browser below, the following interface will be displayed.
The reason is the lack of environment configuration. Please do the following;
Go to /var/www/html/dvwa/config
input the command:
cp config.inc.php.dist config.inc.php
Copy the source file to another file and rename it. Refresh again to enter the following interface.
Click Setup/Reset DB
You will see the following areas marked in red
Below we will solve the problems corresponding to each number one by one.
2.2 Problem solving
2.2.1 PHP module gd: Missing - Only an issue if you want to play with captchas
apt install php-gd
Install php-gd
If the installation fails, try updating the software package, as mentioned above
After that, restart the Apache2 service
systemctl restart apache2
Refresh the interface again and the problem is solved
2.2.2 PHP function allow_url_include: Disabled
Enter the /etc/php/8.2/apache2 directory, edit the php.ini file, and change allow_url_include to On
Restart the Apache2 service and refresh the browser.
problem solved
2.2.3 reCAPTCHA key: Missing
Navigate to the /var/www/html/dvwa/config directory
Edit the config.inc.php file
Enter these two strings of keys
public:
6LdJJlUUAAAAAH1Q6cTpZRQ2Ah8VpyzhnffD0mBb
private:
6LdJJlUUAAAAAM2a3HrgzLczqdYp4g05EqDs-W4K
Restart the Apache2 service
problem solved
2.3.4 Insufficient permissions
[User: root] Writable folder /var/www/html/dvwa/hackable/uploads/: No
[User: root] Writable folder /var/www/html/dvwa/config: No
The solutions to these two problems are the same. The problems are caused by insufficient permissions on the files being located.
chmod 777 uploads
chmod 777 config
refresh page
problem solved
2.3.5 Failed to create database
When you click Create Database below, a blank interface may appear. The reason is that the root user is not supported for login operations. To solve the problem, you need to create a normal user.
Create it below and enter mysql in the command box.
Enter the following three commands;
create user "dvwa"@"localhost" identified by '';
grant all privileges on *.* to "dvwa"@"localhost";
flush privileges;
It is best not to copy. There was a format error when I copied it. It is recommended to type it out manually.
After creation, it still needs to be in the /var/www/html/dvwa/config directory
Edit config.inc.php
Change the database user inside to dvwa user
Save and exit, restart mysql service and Apache service
systemctl restart mariadb.service
systemctl restart apache2.service
Click the button again and Setup successful! will appear.
Some may jump directly to the login page, while others require you to enter /login.php in the URL address yourself.
DVWA default login username: admin, default password: password
Landed successfully!
Summarize
The above installation of the DVWA vulnerability range environment in kali Linux has basically been completed. I am learning the installation by myself and writing a blog at the same time, so there are errors or incorrect operation steps in it. I also hope that the big guys in CSDN can correct me.