Installation of DVWA in Windows 10 Using XAMPP [August 2024]

Installation of DVWA in Windows 10 Using XAMPP

Introduction

Damn Vulnerable Web Application (DVWA in Windows) is a web-based PHP/MySQL application that is designed to contain security vulnerabilities. It provides an opportunity for cybersecurity enthusiasts to test penetration tools and hone their hacking skills legally and safely.

Prerequisites

• A computer running Windows 10.
• Administrative rights on the computer for installation purposes.
• Basic knowledge of web servers and databases.

Why DVWA in Windows?

Before we delve into the installation, let’s understand why we’re using XAMPP. XAMPP is a powerful software distribution that provides an easy way to host web applications locally. It’s user-friendly, free, and offers cross-platform functionality.

Installation Process

1. Installing XAMPP

XAMPP serves as the backbone of this setup, providing necessary services like Apache and MySQL.

1. Download XAMPP: Head over to XAMPP’s official website and download the latest stable release for Windows.
2. Run the Installer: Once downloaded, initiate the setup. Follow the installation prompts. Ensure that both Apache and MySQL modules are selected.
3. Post Installation: After successful installation, open the XAMPP Control Panel. You should see a list of services. Start both Apache and MySQL.

2. Tweeting PHP for DVWA

For DVWA to function effectively, certain PHP parameters need adjustment.

1. Head to C:\xampp\php\ and locate the php.ini file.
2. Using any text editor, open php.ini.
3. Find the line allow_url_include and set its value to On:
   graphqlCopy code

   allow_url_include = On

4. Save the file and exit.
5. Remember to restart Apache from the XAMPP Control Panel to implement these changes.

3. Deploying DVWA

1. Get DVWA: Visit DVWA’s GitHub page: https://github.com/digininja/DVWA. Click on the green “Code” button and download the ZIP file.
2. Place in XAMPP: Once downloaded, extract the ZIP file and place it in C:\xampp\htdocs. For ease, rename the folder to simply dvwa.
3. Configuration Tweaks: Inside the dvwa folder, navigate to config. Rename the file config.inc.php.dist to config.inc.php.

4. Initializing DVWA

1. In your preferred web browser, visit http://localhost/dvwa.
2. DVWA requires a database setup. Click on the Create / Reset Database button. This action initializes the required database components.
3. Post setup, the login page emerges. Default credentials are:
   • Username: admin
   • Password: password

Safety First

DVWA is intentionally vulnerable. Hence, do not host it on external servers or expose it to the internet. Keep it restricted to your local environment.

Learning Path

Now that you have DVWA installed:

1. Discover: Explore each section of DVWA. Understand the vulnerabilities it showcases.
2. Research: For each vulnerability, research about its nature, why it exists, and its real-world implications.
3. Practice: Use the knowledge gained to exploit these vulnerabilities. Tools like Burp Suite and OWASP Zap can be instrumental.

Conclusion

Installing DVWA on Windows using XAMPP is a simple yet rewarding endeavor. It provides a sandboxed environment for cybersecurity enthusiasts to learn, experiment, and grow. Always remember the ethical boundaries and use your knowledge responsibly.

FAQ: Installing DVWA in Windows 10 Using XAMPP

1. What is DVWA?

DVWA (Damn Vulnerable Web Application) is a deliberately insecure web application designed for security professionals and penetration testers to practice and learn various web application vulnerabilities.

2. What is XAMPP?

XAMPP is a free and open-source software package that includes Apache HTTP Server, MySQL database, PHP programming language, and Perl interpreter. It’s a popular choice for local development environments.

3. Why use DVWA and XAMPP together?

DVWA requires a web server, database, and programming language to run. XAMPP provides all these components in a single package, making it a convenient choice for setting up DVWA locally.

4. How do I install XAMPP in Windows 10?

• Download XAMPP: Visit the official XAMPP website (apachefriends.org) and download the latest Windows installer.
• Run the installer: Double-click the downloaded installer file and follow the on-screen instructions.
• Start XAMPP: After installation, open the XAMPP Control Panel and start the Apache and MySQL services.

5. How do I install DVWA in XAMPP?

• Download DVWA: Download the latest DVWA ZIP file from its GitHub repository (github.com/ethicalhack3r/DVWA).
• Extract the files: Extract the downloaded ZIP file to a directory of your choice, such as C:\xampp\htdocs.
• Access DVWA: Open your web browser and navigate to http://localhost/dvwa. You should see the DVWA login page.

6. What are the default login credentials for DVWA?

The default username is “admin,” and the password is “password.”.

7. How do I change the default login credentials for DVWA?

• Log in to DVWA as an administrator.
• Navigate to the “Configuration” page.
• Change the username and password in the “Credentials” section.
• Click the “Save” button.

8. What are some common issues I might encounter during installation?

• Port conflicts: If another application is already using ports 80 (for Apache) or 3306 (for MySQL), you may need to change the ports in the XAMPP configuration files.
• Firewall issues: Make sure your Windows firewall is configured to allow XAMPP and DVWA to access the internet.
• PHP version compatibility: Ensure that the PHP version installed with XAMPP is compatible with DVWA.

9. Can I use DVWA for online testing?

No, DVWA is intended for local testing only. Do not attempt to use it to test live web applications.

10. Are there any security risks associated with using DVWA?

While DVWA is a safe environment for practicing vulnerabilities, it’s important to exercise caution and avoid using it on a publicly accessible network.