Let’s learn WebApp Pentest from basic on DVWA. From setup to hack. Part 1.

Hey all. How are you doing?

There are lots of things in pentest. Network, infra, android, IOS, web application, cloud, and more. For now, let’s pick one topic which is Web Application. We need to practice, check and learn simultaneously. We know what is Web application, We have seen so many videos but need to do hands-on.

This blog is separated into multiple parts. We will set up and hack both. That’s why I am breaking into several pieces. Now where to do? We have soooo many options like bwapp, dvwa and many more. Let’s start with the dvwa.

Assuming you have a Windows machine, we need a web server to use dvwa. If you have Linux, Apache and MySQL are there. If not just install those please using the package manager. So, download xampp for windows. Go to https://www.apachefriends.org/index.html for xampp and go to https://dvwa.co.uk/ for downloading dvwa.

Let’s install the xampp and once install you will see this control panel for starting and stopping the different services.

and put the extracted folder in the xampp’s htdocs directory

Now go to C:\xampp\htdocs\DVWA\config and open the config. We can see all the creds and all

Now we have to delete the db password. I mean just make it blank and also change the db user to root and save.

Now, this file is a DIST format file. We need to change to PHP. For that let's go to the windows search bar and search the file explorer option. Go to the View tab and untick the hide extension for known file type. Apply and ok.

Now rename the file from config.inc.php.dist to config.inc.php

Now start the Apache and MySQL. Go to localhost/dvwa/setup.php

click on create/reset database and it will redirect to the login page of dvwa.

Put admin as username and password as the password. Enter the dvwa page.

The setup is complete. Now we can move to the hacking part.

We will meet at part 2 of this blog.