DVWA: instalasi Ubuntu 16.04

From OnnoWiki
Jump to navigation Jump to search

DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya

Download

cd /usr/local/src
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip

Instalasi Aplikasi Pendukung

Downgrade

sudo add-apt-repository ppa:ondrej/php

sudo apt-get update
sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0 apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd \
php5.6-cli php5.6-curl mysql-client mysql-server libphp-adodb libgd2-xpm-dev \
php5.6-curl php-pear unzip

sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart

Ubuntu 16.04

Versi 1.9

mv v1.9.zip /var/www/html
cd /var/www/html
unzip v1.9.zip

cd /var/www/html/DVWA-1.9/external/phpids/0.6/lib/IDS
chmod -Rf 777 tmp
chown -Rf nobody.nogroup tmp
chmod -Rf 777 /var/www/html/DVWA-1.9/hackable/uploads/

Tambahan Konfigurasi

edit: 

vi /etc/php/5.6/cli/php.ini
vi /etc/php/5.6/apache2/php.ini
vi /etc/php/7.0/cli/php.ini
vi /etc/php/7.0/apache2/php.ini

ubah allow_url_include=Off, jadi 

allow_url_include=on


edit 

vi /var/www/html/DVWA-1.9/config/config.inc.php

ubah 

$_DVWA[ 'recaptcha_public_key' ]  = ' ';
$_DVWA[ 'recaptcha_private_key' ] = ' ';

menjadi 

$_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';


Ubah 

$_DVWA[ 'default_security_level' ] = 'impossible';

Menjadi 

$_DVWA[ 'default_security_level' ] = 'low';

Edit konfigurasi Database

vi /var/www/html/DVWA-1.9/config/config.inc.php

Edit 

$_DVWA = array();
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';

Pastikan sesuai dengan password root yang ada, misalnya 

$_DVWA[ 'db_password' ] = '123456';

Lakukan di shell 

mysql -u root -p123456

create database dvwa;
grant ALL on root.* to dvwa@localhost;
exit

Restart Apache

/etc/init.d/apache2 restart

Akses ke DVWA

Misalnya 

http://ip-server/DVWA-1.9/
http://192.168.0.80/DVWA-1.9/
http://192.168.0.100/DVWA-1.9/
http://192.168.0.111/DVWA-1.9/

Klik 

Click here to setup the database.
Create / Reset Database


Atau misalnya ke, 

http://ip-server/DVWA-1.9/setup.php
http://192.168.0.80/DVWA-1.9/setup.php
http://192.168.0.100/DVWA-1.9/setup.php
http://192.168.0.111/DVWA-1.9/setup.php

Create / Reset Database

Login ke DVWA

username admin
password password

Referensi


Youtube

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_instalasi_Ubuntu_16.04&oldid=51958"