As I am learning to play with web vulnerabilities I stumbled upon DVWA. so let’s take a look. I downloaded the live cd because of the laziness of me and plus turns out it’s based on ubuntu 10.04 so more vulnerabilities outside of DVWA. We will find out. so I setuped the VMWare to have no hard disk or whatever. So It will be a fresh VM on every start booting off with the live cd I have got from here.
If you are configuring the VM yourself you can download older version of the ubuntu and install the requirements one by one. Like lammp,php … etc from launchpad. But it sounds like a tedious work. And also there’s extra configuration for you.
To access the VM we should connect the DVWA we should connect it to a virtual network that is host only for security reasons. So go to the Virtual Network Editor and change the following settings on your preferred VMNet(1,2….8) . To enumeration I will be using Kali Linux on the same virtual network so kali can see and communicate with the DVWA VM.
After that we should configure our DVWA and Kali as following screenshots. but you can play with the resources.
Starting the VMs
Power up the both VMs first DVWA. And you will come to a terminal prompt. There’s not much there to see with ls. Since its a webapp we shouldn’t expect something in the VM itself.(But It would be nice to know). But to start we just enter the command ifconfig to find the ip of the VM. And start the second VM Kali.
After we start the second VM Kali we can start the firefox and go to that ip address. And we will be greeted with the DVWA login page!
Login with the DVWA username and password admin:password.
And we can see the index page. first of all we have to setup the vulnareble webapp so headover to setup and click Create/Reset Database. And everything is good to go!
See you on the next article how to start with the first attack: Brute Force!
Sala's Blog 
I will. Thanks for the input.
LikeLike