Instructions for setting up XAMPP and DVWA on Linux systems.
- Go to https://www.apachefriends.org/download.html and download the linux installer for XAMPP. Make sure you download the version that uses
PHP 5.6
, otherwise DVWA will not work. - In your terminal,
cd
to the directory where you saved the XAMPP installer. - Run
chmod +x xampp-linux-x64-5.6.31-0-installer.run
. This tells Linux that you give it permission to run the installer.- You need to run
chmod +x
on whatever your installer is called. - You may need
sudo
for this.
- You need to run
- Now run the installer:
sudo ./xampp-linux-x64-5.6.31-0-installer.run
.- You need
sudo
for this because it installs XAMPP in/opt/lampp/
; regular users do not have read/write privileges for/opt/
.
- You need
- Clone DVWA from https://github.com/ethicalhack3r/DVWA:
git clone https://github.com/ethicalhack3r/DVWA.git
- Rename the
DVWA-master/
directory todvwa/
:mv DVWA-master/ dvwa/
- Move this directory to XAMPP's public folder:
sudo mv dvwa/ /opt/lampp/htdocs/
- In your terminal,
cd
to the directory you just placeddvwa/
into:cd /opt/lampp/htdocs/
- Change the permissions to your
dvwa/
directory so that XAMPP can use it:sudo chmod 777 dvwa/ -R
- The
-R
flag tellschmod
to apply the777
permissions recursively.
- The
- Download DVWA from https://github.com/ethicalhack3r/DVWA.
- In your terminal,
cd
to the directory where you savedDVWA-master.zip
. - Run
unzip DVWA-master.zip
to extract DVWA. - Rename the directory you just extracted to
dvwa/
:mv DVWA-master/ dvwa/
- Move this directory to XAMPP's public folder:
sudo mv dvwa/ /opt/lampp/htdocs/
- Change the permissions to your
dvwa/
directory so that XAMPP can use it:sudo chmod 777 dvwa/ -R
- The
-R
flag tellschmod
to apply the777
permissions recursively.
- The
- From the directory
/opt/lampp/htdocs/dvwa/
, rename the DVWA config file:mv /config/config.inc.php.dist /config/config.inc.php
- You probably want to use
cp
instead ofmv
. That way you have a backup ofconfig.inc.php.dist
.
- You probably want to use
- Using your favorite command line editor, open the
config.inc.php
file.- nano:
sudo nano /config/config.inc.php
- vim:
sudo vim /config/config.inc.php
- nano:
- Find the line that looks like
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
and change it to$_DVWA[ 'db_password' ] = '';
- Go to the root directory of the XAMPP installation:
cd /opt/lampp/
- Start XAMPP:
sudo ./xampp start
You might get an error about apache already running. If you do, run sudo ./xampp stop
followed by sudo service apache2 restart
. Now try sudo ./xampp start
again.
- In your browser, navigate to http://127.0.0.1/phpmyadmin/.
- On the left-hand side of the page, click New.
- In the field called Database name, type 'dvwa'.
- You don't need to do anything with the collation dropdown. Click the Create button.
- In your browser, navigate to http://127.0.0.1/dvwa/setup.php.
- If your page looks like this, then you did it! If not, you did something wrong and you will either have to start over or have fun debugging.
- Don't worry about the
reCAPTCHA key: Missing
orPHP function allow_url_include: Disabled
messages. They don't affect us.
- Don't worry about the
- Finally, navigate to http://127.0.0.1/dvwa/login.php in your browser and login with the username admin and the password password.
When you are not using DVWA, make sure you run sudo ./xampp stop
from /opt/lampp/
to shutdown the XAMPP server; if you don't, then you are leaving an intentionally vunerable web application open to the world. If you don't know why that's a bad thing, then you haven't been paying attention in class!