Monday, 6 February 2017

Setting up Legal Environment for Penetration Testing Through DVWA

In previous blog's we discussed SSL, Detailing of SESSION ID. In this post, i will tell you about how to set up the Damn Vulnerable Web App (DVWA) website for penetration testing which is 100% legal.Most of the people face difficulty in performing Pentest on websites because it is illegal but you can start your learning from that website. You may use Kali Linux OS for Penetration Testing because most of the software for Pentest is Pre-install.


THREE STEP PROCESS:

Step 1: Installing XAMPP

1.Download XAMPP
2.Open Terminal
3. Type chmod +x full path of file with name (By grabbing the .run file from folder to the terminal)
4.Type sudo full path of file with name and the GUI will pop up



5.Install the setup by following the simple instructions
6.after successfully install you may starts the servers




 STEP 2: Installing DVWA

1.Download DVWA
2.Extract the ZIP folder
3.Copy and paste it into  \opt\lampp\htdocs

STEP 3: Configure DVWA

1.Go to the web browser and go to http://127.0.0.1/dvwa/login.php
2.Type User name=admin and Password=password

Error Handling:

ERROR 1:You should recieve a mysql error: that’s okay.

1.Open up \opt\lampp\htdocs\dvwa\config\config.inc.php
2. find the line: $ DVWA[ ’db password’ ] = ’p@ssw0rd’;
3.change it to: $ DVWA[ ’db password’ ] = ”;




ERROR 2: Object Not Found 404

This error is due to name mismatch.so, use the same name



ERROR 3: Access Forbidden error 403



This error can be resolved by changing the permissions of the folder.


SUMMARY:

In this post, we understand that how to install the DVWA web app which provides legal environment for penetration testing. it is three step process in the first step we install XAMPP, in the second step we install DVWA and in the third step we configure DVWA. In the end of the post, the illustration of errors and their solutions.