Badblog

welcome to our blog

We are Learncodz.


Posts

Comments

The Team

Blog Codz Author

Connect With Us

Join To Connect With Us

facebook
twitter
google +
youtube
flickr

Portfolio

You are here : Home »

    Posted by: Unknown Posted date: 06:27 / comment : 0

    Backtrack is the best Linux distribution for penetration testing and ethical hacking purposes, backtrack 5 R1 is the latest one and as discussed tutorials about backtrack 5 are also applicable on backtrack 5 R1. So in this tutorial I will tell you how to install damn vulnerable web application on backtrack machine, however you can install damn vulnerable web application on windows, MAC and some other Linux distribution like Ubuntu process is approximately same.

    What Is Damn Vulnerable Web Application?
    Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
    It is a best platform to practice web application hacking and security.
    Damn Vulnerable Web Application Tutorial Backtrack 5 R1
    Generally we need xampp server to setup damn vulnerable web application but xampp server is nothing but a collection of apache, sql, perl, PHP, openssl and other server side software's but backtrack 5 has all of these software's installed. It means there is no need to install xampp on backtrack machine. All you need to do is to get damn vulnerable web app and put it on the root directory of backtrack. We have a wonderful bash that automate all the process.

    #/bin/bash
    echo -e "\n#######################################"
    echo -e "# Damn Vulnerable Web App Installer Script #"
    echo -e "#######################################"
    echo " Coded By: Travis Phillips"
    echo " Website: http://theunl33t.blogspot.com"
    echo -e -n "\n[*] Changing directory to /var/www..."
    cd /var/www > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Removing default index.html..."
    rm index.html > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Changing to Temp Directory..."
    cd /tmp
    echo -e "Done!\n"

    echo "[*] Downloading DVWA..."
    wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
    echo -e "Done!\n"

    echo -n "[*] Unzipping DVWA..."
    unzip DVWA-1.0.7.zip > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Deleting the zip file..."
    rm DVWA-1.0.7.zip > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Copying dvwa to root of Web Directory..."
    cp -R dvwa/* /var/www > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Clearing Temp Directory..."
    rm -R dvwa > /dev/null
    echo -e "Done!\n"

    echo -n "[*] Enabling Remote include in php.ini..."
    cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
    sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
    rm /etc/php5/apache2/php.ini1
    echo -e "Done!\n"

    cho -n "[*] Enabling write permissions to /var/www/hackable/upload..."
    chmod 777 /var/www/hackable/uploads/
    echo -e "Done!\n"

    echo -n "[*] Starting Web Service..."
    service apache2 start &> /dev/null
    echo -e "Done!\n"

    echo -n "[*] Starting MySQL..."
    service mysql start &> /dev/null
    echo -e "Done!\n"

    echo -n "[*] Updating Config File..."
    cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
    sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
    rm /var/www/config/config.inc.php1
    echo -e "Done!\n"

    echo -n "[*] Updating Database..."
    wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";'
    echo -e "Done!\n"

    echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password"
    firefox http://127.0.0.1/login.php &> /dev/null &
    echo -e "\nDone!\n"
    echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n"


    Copy this code open text editor paste and than save it to whatever.sh and than open yout terminal locate the directory where you have saved this file before than use.

    sh whatever.sh

    You are done your damn vulnerable web application are install successfully, all the credit goes to the unl33t for the wonderful script.

    icon allbkg

    Tagged with:

    About Unknown

    This Is a small blog about learning practical coding knowledge and gaining confidence on coding. Here Learning about coding is eassy.
    Next
    Newer Post
    Previous
    Older Post

    No comments:

    Post a Comment

Subscribe to: Post Comments (Atom)

Comments

The Visitors says

Copyright © 2014, Badblog Allrights Reserved

Published By Kaizen Template - Support KaizenThemes
Download Free Software Latest Version