What Is DVWA? The Pentesting Environment

DVWA, we all are very familiar with this term. If you all are not then don’t worry, I will tell you about all this thing. We will also do all its configuration for the setup, in our pc.

DVWA stands for Damn Vulnerable Website. This a website made with php. Php is a language in which it is written. In this website the developers have intentionally left the loop holes or we can say the bug for us to practice.

Basically, this website is made only for the testing purpose and that’s why many loop holes are left in this.

This is totally a safe environment to start hacking or penetration testing. If will practice on this site there will be no problem at all, and we will not be in trouble.

Its setup is very easy, we will discuss it further in this article.

Types of attack in DVWA??

We can do all type of attack in this based on the Web Application hacking. Some of these are: -

Brute Force Attack
SQL Injection
Blind SQL Injection
XSS Attack
CROSS-SITE-SCRIPTING Attack

There are many more attacks which you all will come to know when you all will practice.

The best part of this is that we can set the security level in this website, which makes it more comfortable for us to practice at our own pace.

The security levels are from Low-Impossible. But if you are the experts then also you can go for the Impossible ones because they are hackproof. We can’t hack them even if we try hard.

But my recommendation is that if you are the beginners then you should go for the Low level and after that you can move ahead.

Always remember- “Slow and Steady Wins the Race”.

How far we are safe on this??

As I have told in the beginning that we are totally safe while practicing on this. This is because it is hosted upon our LOCAL HOST, that is our own environment. That’s why we are safe to practice it often, without any fear.

But before practicing it you should have to learn all the attacks of the Web Application, then you can easily practice on this. If you don’t know about the attacks then it is useless to do the hard to master it.

Then you can go for the setups and all. For doing the setup you need to know about some of the main things that what is server? And how to do its setup on the local host? . So, learn first then practice too.

You all don’t worry I am here to solve the problem for you all. So first of all, let’s get familiar-

What is Server??

Here many of you must be knowing about the server then you can skip this part.

So, Server is the backend part which controls your site. For, example your WordPress is the server or the control panel which controls your site.

This part is only accessible by the owner and not anyone else until and unless you give them the permission.

Server only controls the site or we can say by which you all can control it.

Hope so now you all are familiar with the term SERVER. Now let’s just jump to its setup part.

DVWA SET-UP/Installation In Windows

source-rubysash.com.

The things that we need for its setup is the sever and DVWA zip file. So, our server will be XAMPP. You can download it from internet or I will give you the links at last. And you will have to download the zip file.

After downloading the server just follow the steps.

Steps to be followed are: -

Step1: Install the XAMPP and run it.

Step2: When it will open then you have to run the “APACHE server and my SQL server” by clicking on the start button just beside it.

Step3: After this you need to unzip the file of Damn Vulnerable Website that you have downloaded to the folder “htdocs”. This folder is present in the XAMPP folder you need to extract the zip file in this folder.

Step4: After doing this you need to launch any browser and type “localhost” in the URL bar.

Step5: Then the XAPP page will be opened. At the top right side, you will see the option “Php Admin” click on that.

Step6: After clicking a page will be opened and there you need to make a database of name “DVWA”.

Step7: After all these steps just come to the “htdocs” folder and click on the file name “DVWA”. When this file will open then you need to go to its configure folder and change the name of the “configure.php.inc” into “configure.php”.

Step8: After renaming, open it and change the name of the user to “root” and delete the password written in the double or single court. And press CTRL+S to save it.

Step9: After you have done this then open the browser and type “localhost/dvwa” the setup page will be opened and at the last you will see the option of “create/reset” click on it. After that it will say you to login press on the login button that will be there only.

Step10: Or to login you can just type in the URL bar “localhost/dvwa” the login page will open. Just type “admin” in the username and “password” in the password field.

Note: The default username and password of its login page is admin and password respectively.

If you have any problem in setting this up, please contact us or watch our video about this on YouTube, click here.

So, now you all are done with it and now you can use to practice it often and can also change its security level according to your experties.

Now I want you all to notice that if you all do any kind of mistake in the configuration file and also in the server that is our XAMPP then you will have to face a very big problem.

So, in order to avoid that error I will recommend you all to watch its practical set-up from my YouTube video and then you will be able to do the set-up very easily.

What is DVWA in Cyber Security??

You need to understand this very carefully. I have done a survey through that I came to know that this site is till now used by the experts in order to improve their Hacking skills.

So, for that reason you need to understand this term.

Cyber Security is a very vast area but I want to tell you all not to worry. In this setup we don’t need this thing but for a better understanding of it you need to have a basic background.

In this only comes the term “Penetration Testing” and the persons who do this type of testing are called “Penetration Testers”. This is the reason why many of the experts till now use this platform.

Now in equivalent to this platform there is one more that is BWAPP also known as Buggy Wapp. This also do the same thing but in this you will get the more Web Application bugs that are not present in the above one. But as a beginner you first need to understand DVWA then you can go to BWAPP.

Now this is also very popular but in this you will not get the security levels which make you demotivate as a beginner. So, in many of the cases this is recommended for the intermediate ones.

Hope so now you can understand better why this is used in Cyber Security.

Which is better BWAPP or DVWA??

In this comparison we can’t say that any one of them is better. It is according to the user or the attacker.

And this is also based on the experties and sharpness of the user/attacker.

So, for the beginner I will say DVWA is the best, as it has the security levels and you can control it according to you.

And for the intermediate ones the BWPP is the best choice, as in that you will get more attacks for your practice. And that type of attacks can be handled only by the intermediate or the expert ones.

So, go for the simple one for the first time then you can move to the best one.

Is DVWA open source??

So, if you all think that you will have to pay money in order to download it. Then I will say that you all are wrong. No, one needs to give a single penny in order to download this application.

And I want to warn you all that if anyone asks for the money for its set-up then it is totally fraud. This Damn Vulnerable Web Application is made by the GNU license.

I want to share something-

“By contrast,

the GNU General Public License is intended to guarantee your freedom to

share and change all versions of a program--to make sure it remains free

software for all its users. We, the Free Software Foundation, use the

GNU General Public License for most of our software;”

So, this is written in the copyright section of this application. And by this you can be confirmed that this is totally free.

Here, GNU stands for the General Public License, and by this word it is pretty easy to understand. Likewise, Kali Linux also comes under the GNU license.

After these all proves we can say that this is “OPEN SOURCE”.

How to do DVWA login??

source-thehacktoday.com

Now many of the people have this great doubt.

First of all, this is not a good question if you are in the field of Cyber Security and Ethical Hacking. This also doesn’t sound good if you ask anyone for this login.

Before login you need to some of the main settings and after completion of that things you can go to its login page.

It always uses the default username and password.

What is the address of DVWA Login??

So, many of them are confused that how we can go to the login page after setting up all the things.

Now in this case when you will create the set-up.php part in the browser, after its successful setup the application will give you the button to login in.

And it also has second method. But this will also work if and only if your database is successfully created. If it is then you can type in any browser “localhost/dvwa”, it will automatically redirect you to the login page.

As, told earlier you need to login with its default username and password.

So, the default username is “admin” and the default password is “password”. With these credentials you can successfully log in the website.

Even then great thing is that you can do all these practice and attacks in the offline mode. Which I liked the most.

DVWA SQL-Injection??

source-medium.com

This is a very widely used question that whether this web application has SQL-Injection or not?

Then I will tell that it doesn’t only have SQL-Injection but also has its Blind-SQL. Which is a good thing and also a very dangerous bug that was found earlier.

It also has many other kinds of bug or vulnerability to be practiced at a very different security level.

So, why not to start it very fast and complete all the levels of security and test your capability of being a Penetration Tester.

It’s a very great to choose to practice these attacks in DVWA because many people thinks that this is not a good platform to be practiced. But I have told you and make you all understand how this is the great platform.

And this is used by the large population and even by the experts of Cyber Security, in order to enhance their own skills and to check their capabilities.

As, keeping your security in mind. I want you all to keep your defender and antiviruses own while using this platform, as this is vulnerable and your system can be compromised.

So, be careful in the Jungle.

Hope so now your myth or the question must be cleared in a very simple manner.

What is DVWA is used for??

So, from the above words you all can say why and when this Web Application is used for.

Now if you all have still not understood for what is used for then you must go on internet and first search and learn what is DVWA used for.

In simple words this is used for practicing the Web Application attacks, in the safe environment. This is an open-source platform, as I have proved these things above.

Hope so now you must have understood how, when and Why it is used.

Many people also ask about this “localhost/dvwa”.

So, I want to tell them this is the location of their DVWA. And from typing this address in the URL bar they will be landed to the DVWA login page if they have done all the setup without any error.

For doing all the setup you can go at the top of this page, I have given all the steps to do it.

DVWA GitHub??
So, if you all want to download this application then you can do form their GitHub page.

But this method is somewhat if you are using windows. And this method is specially for the Kali Users. But don’t worry soon I will make an article for the GitHub tools to use in windows.

For now, if you all are using windows then I will give the download link at the end, so that you will have a broad concept before downloading it. And after downloading you will face no issue in setting it up.

I will also mention its GitHub repository link at the end for my Kali users.

Is DVWA used only while being online??

So, this is a main question and I have already answered it before.

Now for you all I want to say that this totally offline. And you can practice it by being offline.

You will just need the internet access while do its configuration and after that no need to connect internet.

And the reason behind this is that it is hosted on the local host and you don’t need any internet to go there. Only after enabling the servers.

If you all don’t know what is server then you can go through the article from the top and, in the middle, you will get that. Or you can just search for “Server” by pressing “CTR+F” and typing in that.

What is the Web Application attacks that you will perform in this lab DVWA?

As told earlier that being a beginner you will enough attacks for the practice. But now I will prove it by this-

There are enough attacks or vulnerabilities. And with this you can come at a great height of Penetration testing.

Just like Mathematics, we need to practice a lot to acquire any great and demanding skills. With these great skills you can be very popular and earn money as much as you can.

There is no limit of income in this type of fields and this is the truth that many people from India are also earning a lot.

source-medium.com

Hope so you must have heard about Gautam Kumawat, Ankit Fadia and many more are there. Who have found very big and dangerous bugs in big companies like Facebook, Twitter and Instagram. They have also got the very big amount in the bounties that is around $10000-$25000.

So, form this you can get an idea of what a big filed is this.

My Recommendation

Now, I want to recommend you all that this is totally an open-source application. This application is full of vulnerable bugs that causes heavy damage to any system. Please be secure while doing practice on this.

And if you have a good system resource then you can use the Virtual Box or the VM-Ware. Now, you can install this in these virtual environments and change the network settings of it to NAT and then you will be totally protected to the vulnerable bugs.

Concluding Part- where you should use DVWA or not??

So, through great journey of this whole article, you must have understood what I want to say.

Directly coming to the point, I will say you all that you can practice it. This is told by because of a very good reason.

And the reason is that this is totally an offline work. So, being offline no one can attack on your system form the external sources.

But this is not totally true that you can’t be hacked through this Damn Vulnerable Web Application. You can be hacked if you give your system in the physical access of anyone. Then it will be very easy to hack you.

Now for the beginners as told earlier DVWA is a great platform. So, they can practice it lot without any worry and why they should not worry I have told in the above lines.

Hope so, you all will like this "What Is DVWA? The Pentesting Environment" article and will give a positive response to me.

I want to give you all a great news that you all can now follow me on my Instagram handle and can also subscribe me on YouTube.

Note: - All the links mentioned in the article will be given down below. So, you will not have to hunt for anything also these all links will be from my side and no fraud links.

Hope, so you all like this article on What Is DVWA? The Pentesting Environment-DVWA (Damn Vulnerable Web Application).