SQLMap: Instalasi DVWA
DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya
Download
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
Instalasi Aplikasi Pendukung
Ubuntu 16.04
sudo apt-get install apache2 php7.0 php7.0-xmlrpc php7.0-mysql php7.0-gd php7.0-cli php7.0-curl \ mysql-client mysql-server libphp-adodb libgd-dev php7.0-curl php-pear php7.0-zip php7.0-intl \ php7.0-cli php7.0-common libapache2-mod-php7.0 php7.0 php7.0-mysql php7.0-fpm php7.0-soap \ php7.0-curl php7.0-gd php7.0-mysql php7.0-bz2 php7.0-xml imagemagick git unzip
a2dismod php5 a2enmod php7.0 service apache2 stop service apache2 start
Ubuntu < 16.04
sudo apt-get install apache2 php5 php5-xmlrpc php5-mysql php5-gd php5-cli php5-curl \ mysql-client mysql-server libphp-adodb libgd2-xpm-dev \ php5-curl php-pear unzip
Versi 1.9
mv DVWA-1.9.zip /var/www/html cd /var/www/html unzip DVWA-1.9.zip
cd /var/www/html/DVWA-1.9/external/phpids/0.6/lib/IDS chmod -Rf 777 tmp chown -Rf nobody.nogroup tmp chmod -Rf 777 /var/www/html/DVWA-1.9/hackable/uploads/
Edit konfigurasi Database
vi /var/www/html/DVWA-1.9/config/config.inc.php
Edit
$_DVWA = array(); $_DVWA[ 'db_server' ] = 'localhost'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = 'p@ssw0rd';
Pastikan sesuai dengan password root yang ada, misalnya
$_DVWA[ 'db_password' ] = '123456';
Lakukan di shell
mysql -u root -p123456
create database dvwa; grant ALL on root.* to dvwa@localhost; exit
Akses ke DVWA
Misalnya
http://ip-server/DVWA-1.9/ http://192.168.0.80/DVWA-1.9/ http://192.168.0.100/DVWA-1.9/ http://192.168.0.111/DVWA-1.9/
Klik
Click here to setup the database. Create / Reset Database
Atau misalnya ke,
http://ip-server/DVWA-1.9/setup.php http://192.168.0.80/DVWA-1.9/setup.php http://192.168.0.100/DVWA-1.9/setup.php http://192.168.0.111/DVWA-1.9/setup.php
Create / Reset Database
Login ke DVWA
username admin password password