Monday, April 2, 2018
Installing XAMPP and DVWA at Linux Ubuntu 17.10.1
INSTALLING XAMPP AND DVWA AT LINUX UBUNTU 17.10.1
- The goal of this exercise is to install the XAMPP web server plaftorm and DVWA web vulnerable application at the Ubuntu 17.10.1 Linux distro.
1 - XAMPP
- XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MySQL/MariaDB database, and interpreters for scripts written in the PHP and Perl programming languages.
- XAMPP stands for Cross-Platform (X), Apache (A), MySQL/MariaDB (M), PHP (P) and Perl (P).
- The version 5.6.34 using MySQL can be downloaded from here:
- Giving executable permissions to the XAMPP installer:
- Running the installation:
- Going to /opt/lampp, where XAMPP has been installed:
- Starting Apache, MySQL and FTP services at XAMPP:
2 - DAMN VULNERABLE WEB APP (DVWA)
- Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is "damn vulnerable".
- Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
- Downloading the application:
- Extracting to the folder webtest:
- Renaming DVWA-master to dvwa, for greater ease of use:
- Now, the whole folder dvwa must be copied to the /opt/lamp/htdocs directory, where web site related content is stored by XAMPP:
- Setting up the DVWA Database:
- However, there is an error because not using the correct credential, so config.inc.php file must be edited:
- Creating a new config.inc.php:
- Editing config.inc.php:
- The line regarding db_password must be altered:
- Also, for future exercises let's establish the security level to "low":
- Resetting the database the installation is now successful:
- Finally, the DVWA login page is available:
- Entering the credentials admin:password: