DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications.
Requirement:
Xampp which is a offline web server Download Here .
DVWA lab which you can download from Here
First install you xampp in windows. After which you should find a control panel as shown below.
The Choose Components screen will appear next. This screen will allow you to choose which components you would like to install. To run XAMPP properly, all components checked need to be installed. Click Next to continue.
When The Installation Complete screen will now appear. Click Finish to begin using XAMPP.
The XAMPP Control Panel allows you to manually start and stop Apache and MySQL, or install them as services.
start your Apache and MySQL modules. Apache is a web server and MySQL is used to maintain the database.
Extract DVWA lab setup in the location ” C:\xampp\htdocs\dvwa ” as is shown below.
Go to the location “ C:\xampp\htdocs\dvwa\config ” where we can find a file named config.inc.php which is the file you will have to edit.
in this option find the db_password option is kept blank so set to blank” [both single quotes without any spaces] And save the file.
Now open up your web browser type ” localhost/dvwa ”
When we first connect to the URI http://localhost/dvwa/ we’ll have to set up the database.
Now we can successfully login with the default username admin and password password that were automatically created by the DVWA web application.
When we’ve successfully authenticated into the application, now you can use this application
OWASP Mutillidae II Web Pen-Test Practice Application
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software
Xampp which is an offline web server Download Here .
Mutilldae lab which you can download from Here
Extract Mutilldae lab setup in the location” C:\xampp\htdocs\mutilldae” as is shown below.
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.
The post Setup Web Penetest Lab for Beginners using DVWA and OWASP Mutillidae II appeared first on Hacking Articles.