From Network Security Wiki

Source: linuxsecurityblog.com, th3phantoms.blogspot.in


sudo apt update && sudo apt upgrade
sudo apt install apache2 mysql-server libapache2-mod-php7.0 libapache2-mod-fastcgi php7.0-fpm php7.0 php-mysql php7.0-mbstring php7.0-gd

When prompted, create a password for MySQL.

Edit PHP function:

sudo vim /etc/php/7.0/apache2/php.ini 
allow_url_include = On

In the bottom of apache.conf add the hostname:

nano /etc/apache2/apache2.conf
ServerName localhost

Download the DVWA files:


Rename config.inc.php and Edit MySQL password:

sudo mv /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
sudo vim /var/www/html/dvwa/config/config.inc.php
$_DVWA[ 'db_password' ] = 'dbpassword'; 

Give the write permission to folder and file:

sudo chmod 777 /var/www/html/dvwa/hackable/uploads/

If there are access related issue then only make the directory globally writeable:

sudo chmod -R 777 /var/www/html/dvwa

Create DVWA database:

mysql -u root -p
create database dvwa;

Open the application & scrolling down and find the button Create / Reset Database

Restart Apache:

sudo service apache2 restart

Access the application:
username: admin
password: password


{{#widget:DISQUS |id=networkm |uniqid=DVWA |url=https://aman.awiki.org/wiki/DVWA }}