I am setting up a DVWA environment and I want the directory and its files to be displayed on my browser. I have copied the DVWA files in the www folder and deleted all the files that were previously on the folder.
Now when I go to local host via my browser I get the error The requested URL / was not found on this server. I have confirmed my apache is well up and running.
Here is a step-by-step guide how to setup DVWA within Ubuntu 16.04 and the default Apache's configuration:
Pre-Requirements
The standard Ubuntu LAMP stack, that means we have working Apache2, MySQL, PHP. Refs:
Along with next additional PHP extensions:
sudo apt update
sudo apt install php-curl php-gd php-mbstring php-mcrypt php-xml php-xmlrpc
1. Download DVWA via Git
First install Git if it is not installed - sudo apt install git - and then:
cd /var/www/html
sudo git clone https://github.com/ethicalhack3r/DVWA.git
/var/www/html/DVWA.2. Create configuration file
Create the configuration file /var/www/html/DVWA/config/config.inc.php:
sudo cp /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
Edit the configuration file in this way (lines from 18 to 21):
$_DVWA = array();
$_DVWA[ 'db_server' ] = 'localhost';
$_DVWA[ 'db_database' ] = 'dvwaDatabase';
$_DVWA[ 'db_user' ] = 'dvwaUser';
$_DVWA[ 'db_password' ] = 'dvw@~User~p@$$w0rd';
dvwaDatabase, dvwaUser and dvw@~User~p@$$w0rd are subject of your decision.sudo nano /var/www/html/DVWA/config/config.inc.php.3. Grant writable permissions
You should change the ownership of certain files and folders to Apache's user www-data:
sudo chown www-data:www-data /var/www/html/DVWA/hackable/uploads/
sudo chown www-data:www-data /var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
4. Create MySQL Database
The steps are:
The commands are:
$ mysql -u'root' -p
Enter password: *enter mysql root's password*
mysql> CREATE DATABASE dvwaDatabase;
mysql> CREATE USER 'dvwaUser'@'localhost' identified by 'dvw@~User~p@$$w0rd';
mysql> GRANT ALL PRIVILEGES ON dvwaDatabase.* TO 'dvwaUser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit
;) at the end of each sentence.5. Enable certain PHP functions
Edit the existing /var/www/html/DVWA/config/.htaccess file with this content:
php_flag magic_quotes_gpc Off
php_flag allow_url_fopen On
php_flag allow_url_include On
php_flag display_errors On
I'm not sure you are really need to enable the function allow_url_include, but to do this you should edit your php.ini file, because this option is disabled by default. The default PHP version, within Ubuntu 16.04, is PHP7.0, so your php.ini file is located in /etc/php/7.0/apache2/ edit the file with Nano text editor and use Ctr+W to find allow_url_include, then change the line in this way:
allow_url_include = On
You can do the above step with a single command using sed:
sudo sed 's/allow_url_include = Off/allow_url_include = On/' /etc/php/7.0/apache2/php.ini -i.bak
Check if the value is changed and restart Apache:
cat /etc/php/7.0/apache2/php.ini | grep allow_url_include
sudo systemctl restart apache2.service
6. Open DVWA and continue with its setup
Open your browser and type: http://localhost/DVWA/. Initially you should use user: admin and passwd: admin, but next you should use user: admin and passwd: password.
That's it.
Further reading
How to update: man git-pull or Git pull contents without affecting the local file changes...
Advanced VirtualHost configuration: [1] How to setup an additional VirtualHost, [2] How to use a domain name for my local needs, [3] Another example - WP install, [4] How to set a domain to ip address?, [5] How to create and enable Let's Encrypt HTTPS certificate.
If you using XAMPP instead of the native LAMP stack the default DocumentRoot directory should be /opt/lampp/htdocs instead of /var/www/html and I think it is the only difference according the above guide.
