Difference between revisions of "DVWA: instalasi Ubuntu 16.04"

From OnnoWiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
==Download==
 
==Download==
  
 +
cd /usr/local/src
 
  wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
 
  wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
  
Line 10: Line 11:
  
 
  sudo add-apt-repository ppa:ondrej/php
 
  sudo add-apt-repository ppa:ondrej/php
 +
 
  sudo apt-get update
 
  sudo apt-get update
 
  sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
 
  sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
  php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0
+
  php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0 apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd \
 +
php5.6-cli php5.6-curl mysql-client mysql-server libphp-adodb libgd2-xpm-dev \
 +
php5.6-curl php-pear unzip
  
 
  sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart
 
  sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart
  
 
===Ubuntu 16.04===
 
===Ubuntu 16.04===
 
sudo apt-get install apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd php5.6-cli php5.6-curl \
 
mysql-client mysql-server libphp-adodb libgd2-xpm-dev \
 
php5.6-curl php-pear unzip
 
  
 
==Versi 1.9==
 
==Versi 1.9==
Line 38: Line 38:
  
 
  vi /etc/php/5.6/cli/php.ini
 
  vi /etc/php/5.6/cli/php.ini
 +
vi /etc/php/5.6/apache2/php.ini
 +
vi /etc/php/7.0/cli/php.ini
 +
vi /etc/php/7.0/apache2/php.ini
  
 
ubah allow_url_include=Off, jadi
 
ubah allow_url_include=Off, jadi
  
 
  allow_url_include=on
 
  allow_url_include=on
 +
  
 
edit
 
edit
Line 56: Line 60:
 
  $_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
 
  $_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
 
  $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
 
  $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
 +
 +
 +
Ubah
 +
 +
$_DVWA[ 'default_security_level' ] = 'impossible';
 +
 +
Menjadi
 +
 +
$_DVWA[ 'default_security_level' ] = 'low';
  
 
==Edit konfigurasi Database==
 
==Edit konfigurasi Database==
Line 117: Line 130:
  
 
* http://www.dvwa.co.uk/
 
* http://www.dvwa.co.uk/
 +
 +
 +
==Youtube==
 +
 +
* https://youtu.be/JKsF7D089t4 - instalasi DVWA 1.9 di ubuntu 16.04

Latest revision as of 09:37, 4 October 2018

DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya

Download

cd /usr/local/src
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip

Instalasi Aplikasi Pendukung

Downgrade

sudo add-apt-repository ppa:ondrej/php

sudo apt-get update
sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0 apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd \
php5.6-cli php5.6-curl mysql-client mysql-server libphp-adodb libgd2-xpm-dev \
php5.6-curl php-pear unzip

sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart

Ubuntu 16.04

Versi 1.9

mv v1.9.zip /var/www/html
cd /var/www/html
unzip v1.9.zip

cd /var/www/html/DVWA-1.9/external/phpids/0.6/lib/IDS
chmod -Rf 777 tmp
chown -Rf nobody.nogroup tmp
chmod -Rf 777 /var/www/html/DVWA-1.9/hackable/uploads/

Tambahan Konfigurasi

edit: 

vi /etc/php/5.6/cli/php.ini
vi /etc/php/5.6/apache2/php.ini
vi /etc/php/7.0/cli/php.ini
vi /etc/php/7.0/apache2/php.ini

ubah allow_url_include=Off, jadi 

allow_url_include=on


edit 

vi /var/www/html/DVWA-1.9/config/config.inc.php

ubah 

$_DVWA[ 'recaptcha_public_key' ]  = ' ';
$_DVWA[ 'recaptcha_private_key' ] = ' ';

menjadi 

$_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';


Ubah 

$_DVWA[ 'default_security_level' ] = 'impossible';

Menjadi 

$_DVWA[ 'default_security_level' ] = 'low';

Edit konfigurasi Database

vi /var/www/html/DVWA-1.9/config/config.inc.php

Edit 

$_DVWA = array();
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';

Pastikan sesuai dengan password root yang ada, misalnya 

$_DVWA[ 'db_password' ] = '123456';

Lakukan di shell 

mysql -u root -p123456

create database dvwa;
grant ALL on root.* to dvwa@localhost;
exit

Restart Apache

/etc/init.d/apache2 restart

Akses ke DVWA

Misalnya 

http://ip-server/DVWA-1.9/
http://192.168.0.80/DVWA-1.9/
http://192.168.0.100/DVWA-1.9/
http://192.168.0.111/DVWA-1.9/

Klik 

Click here to setup the database.
Create / Reset Database


Atau misalnya ke, 

http://ip-server/DVWA-1.9/setup.php
http://192.168.0.80/DVWA-1.9/setup.php
http://192.168.0.100/DVWA-1.9/setup.php
http://192.168.0.111/DVWA-1.9/setup.php

Create / Reset Database

Login ke DVWA

username admin
password password

Referensi


Youtube

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_instalasi_Ubuntu_16.04&oldid=51958"