Quick Setup Vulnerable Web Application Lab

There are a lot of things to learn about Web application hacking and Penetration Testing. You can learn these things only by practicing those learnings in a private virtual environment. You can set up that virtual environment very quickly by following this article. Here we are going to build an isolated lab within your laptop or desktop with no extra hardware required. 

Tools used:

  • Windows 7 operating system
  • Oracle Virtual Box
  • WAMP Server
  • Vulnerable Web Application DVWA
Install Microsoft Windows 7 operating system in Oracle Virtual box.
First, download the WAMP software package from here and copy the package into the virtual machine (Windows 7) operating system. Now install the WAMP server with default configurations and as in the image below. 

WAMP is a complete package of free to use Softwares like MySQL server, Apache Server, Maria-DB, PHP, and phpMyAdmin all in one package for Windows platform. Now after installing the WAMP server in Windows 7 OS, we are going to set up different Vulnerable web applications.


Damn vulnerable web application (DVWA) is a tiny little web application that is purposefully developed by https://dewhurstsecurity.com/ for web-app penetration testing learning. Download the web application from here.
Now extract and place the folder in WAMP's directory (C:\wamp\www) and rename the folder to DVWA.

Now go to the folder C:\wamp\www\DVWA\config and rename the file from config.inc.php.dist to config.inc.php. 

Open this config file in Notepad and clear the password variable as shown in the image below.

Now you have to start the WAMP server if it is not already. Click on start button, then All Programs then under WAMPServer click on start WAMPServer.
You will see the green wamp server icon at the bottom right corner of your windows. 
Now, fire up your browser and navigate to the address http://localhost/dvwa. When DVWA opens up for the first time it will ask to create the dvwa database, click Create/Reset Database button.

You will be redirected to the login panel. Enter Username as admin and Password as password.

No comments:

Post a Comment