How to Install Damn Vulnerable Web App in Linux Backtrack 5 R1

Backtrack is the best Linux distribution for penetration testing and ethical hacking purposes, backtrack 5 R1 is the latest one and as discussed tutorials about backtrack 5 are also applicable on backtrack 5 R1. So in this tutorial I will tell you how to install damn vulnerable web application on backtrack machine, however you can install damn vulnerable web application on windows, MAC and some other Linux distribution like Ubuntu process is approximately same. 



What Is Damn Vulnerable Web Application?

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
It is a best platform to practice web application hacking and security.

Damn Vulnerable Web Application Tutorial Backtrack 5 R1

Generally we need xampp server to setup damn vulnerable web application but xampp server is nothing but a collection of apache, sql, perl, PHP, openssl and other server side software’s but backtrack 5 has all of these software’s installed. It means there is no need to install xampp on backtrack machine. All you need to do is to get damn vulnerable web app and put it on the root directory of backtrack. We have a wonderful bash that automate all the process.

#/bin/bash
echo -e “n#######################################”
echo -e “# Damn Vulnerable Web App Installer Script #”
echo -e “#######################################”
echo ” Coded By: Travis Phillips”
echo ” Website: http://theunl33t.blogspot.com”
echo -e -n “n[*] Changing directory to /var/www…”
cd /var/www > /dev/null
echo -e “Done!n”


echo -n “[*] Removing default index.html…”
rm index.html > /dev/null
echo -e “Done!n”


echo -n “[*] Changing to Temp Directory…”
cd /tmp
echo -e “Done!n”


echo “[*] Downloading DVWA…”
wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
echo -e “Done!n”


echo -n “[*] Unzipping DVWA…”
unzip DVWA-1.0.7.zip > /dev/null
echo -e “Done!n”


echo -n “[*] Deleting the zip file…”
rm DVWA-1.0.7.zip > /dev/null
echo -e “Done!n”


echo -n “[*] Copying dvwa to root of Web Directory…”
cp -R dvwa/* /var/www > /dev/null
echo -e “Done!n”


echo -n “[*] Clearing Temp Directory…”
rm -R dvwa > /dev/null
echo -e “Done!n”


echo -n “[*] Enabling Remote include in php.ini…”
cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
sed -e ‘s/allow_url_include = Off/allow_url_include = On/’ /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
rm /etc/php5/apache2/php.ini1
echo -e “Done!n”


echo -n “[*] Enabling write permissions to /var/www/hackable/upload…”
chmod 777 /var/www/hackable/uploads/
echo -e “Done!n”


echo -n “[*] Starting Web Service…”
service apache2 start &> /dev/null
echo -e “Done!n”


echo -n “[*] Starting MySQL…”
service mysql start &> /dev/null
echo -e “Done!n”


echo -n “[*] Updating Config File…”
cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
sed -e ‘s/””/”’toor”’/’ /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
rm /var/www/config/config.inc.php1
echo -e “Done!n”


echo -n “[*] Updating Database…”
wget –post-data “create_db=Create / Reset Database” http://127.0.0.1/setup.php &> /dev/null
mysql -u root –password=’toor’ -e ‘update dvwa.users set avatar = “/hackable/users/gordonb.jpg” where user = “gordonb”;’
mysql -u root –password=’toor’ -e ‘update dvwa.users set avatar = “/hackable/users/smithy.jpg” where user = “smithy”;’
mysql -u root –password=’toor’ -e ‘update dvwa.users set avatar = “/hackable/users/admin.jpg” where user = “admin”;’
mysql -u root –password=’toor’ -e ‘update dvwa.users set avatar = “/hackable/users/pablo.jpg” where user = “pablo”;’
mysql -u root –password=’toor’ -e ‘update dvwa.users set avatar = “/hackable/users/1337.jpg” where user = “1337”;’
echo -e “Done!n”


echo -e -n “[*] Starting Firefox to DVWAnUserName: adminnPassword: password”
firefox http://127.0.0.1/login.php &> /dev/null &
echo -e “nDone!n”
echo -e “[33[1;32m*33[1;37m] DVWA Install Finished!n”




Copy this code open text editor paste and than save it to whatever.sh and than open yout terminal locate the directory where you have saved this file before than use.

sh whatever.sh

You are done your damn vulnerable web application are install successfully, all the credit goes to the unl33t for the wonderful script.


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...