Welcome back cyber enthusiasts!
Today we will learn how to install and configure DVWA in Docker. I will demonstrate this step by step and explain how to do this on kali Linux. I will briefly explain what docker is and what DVWA entails and later on take you through how to install and configure DVWA on docker.
Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and deploy it as one package. In Docker, the containers running share the host OS kernel.
Damn Vulnerable Web Application, shorter DVWA, is a PHP/MySQL web application that is damn vulnerable. The main goal of this pentesting playground is to aid penetration testers and security professionals to test their skills and tools. In addition it can aid web devs better understand how to secure web apps, but also to aid students/teachers to learn all about web app security and possible vulnerabilities.
DVWA has a number of attacks that you can use to practice and enhance your web security expertise. Here is the fun part:)
You can set your level of difficulty and also enhance the security level for the web application which will make it easier to track your progress as you practice.
Some of the attacks include:
- Command Injection
- File Inclusion
- File Upload
- Insecure CAPTCHA
- SQL Injection / SQL Injection (Blind)
- Weak Session IDs
- XSS (DOM)
- XSS (Reflected)
- XSS (Stored)
- CSP Bypass.
Lets get started!
1.Fire up your kali Linux machine.
2.Open your terminal.
3.We then need to run the update command.
Sudo apt update
4.We need to run the install docker command. Give it time as the command will take longer to complete execution.
Sudo apt install -y docker.io
5.The next step is you have to enable docker.
Run this command
Sudo systemctl enable docker — now docker
6.We then need to confirm the docker version by running the above command.
Docker — version
7.Add your user to the docker group using the following command.
Run this command: sudo usermod -aG docker $USER
8.Docker has been successfully installed. Log out and log back in so that your group membership is re-evaluated. If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect. On a desktop Linux environment such as X Windows, log out of your session completely and then log back in. On Linux, you can also run the following command to activate the changes to groups:
9.The next step is to setup DVWA. Don’t worry, we are almost there:).Run this command to setup DVWA.
Docker run — rm -it -p 80:80 vulnerables/web-dvwa
10.The last thing to do is paste http://127.0.0.1 on your browser.
This will bring you to the DVWA web login page as shown below. Default login credentials are :
11.Once you are logged in,your homepage should look like this:
You are all setup, you can now practice at your own pace, one vulnerability at a time.
Article by Nancy Muriithi. Nancy is a Cybersecurity Researcher, CTF player and bug bounty hunter. She is the lead campus coordinator and a member of SheHacks KE. She actively does cybersecurity mentorship and has a passion for cloud security. Follow her: Facebook: Muriithi Nancy Twitter:@Sheina_techie LinkedIn: Nancy Muriithi