In this guide, we are going to learn how to install and Setup DVWA on CentOS 8. As you already know, DVWA, an acronym for Damn Vulnerable Web Application is a very vulnerable PHP/MySQL web application designed to help security professionals, students, web application developers to test their security skills, learn web application security and understand web application security processes respectively.
Install and Setup DVWA on CentOS 8
Update system packages
To begin with, ensure that your system packages are up-to-date
Install LAMP Stack on CentOS 8
Since DVWA is web application, you basically need to have a LAMP stack installed before setting DVWA. Follow the link below to learn how to install LAMP stack on CentOS 8.
Create DVWA Database and Database User
After you have installed LAMP stack, proceed to create DVWA database and database user.
mysql -u root -p
Create DVWA database. You can use any database name.
create database dvwadb;
Create DVWA database user with all the privileges assigned on the DVWA db. Again replace the user and the password accordingly.
grant all on dvwadb.* to dvwamgr@localhost identified by 'mypassword';
Reload the privileges table and exit the database.
Configure PHP for DVWA
Install other required PHP-GD module.
dnf install php-gd
PHP 7.2 is used in this demo.
PHP 7.2.11 (cli) (built: Oct 9 2018 15:09:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
Proceed to edit
php.ini and make the following changes.
allow_url_fopen = On– Allows for Remote File Inclusions (RFI)
allow_url_include = On– Allows for Remote File Inclusions (RFI)
display_errors = Off– (Optional) Hides PHP warning messages to make it less verbose
Save and quit the PHP configuration file
Install DVWA on Debian 10
In this demo, we will install DVWA on the default Apache web root directory, the
Therefore, clone the DVWA github repository to the web root directory.
dnf install git
git clone https://github.com/ethicalhack3r/DVWA /var/www/html/
Configuring DVWA on CentOS 8
To begin the configuration with, rename the sample configuration file
Edit the configuration file,
/var/www/html/config/config.inc.php and configure the database connection details.
... # Database variables # WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. # Please use a database dedicated to DVWA. # # If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user. # See README.md for more information on this. $_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwadb'; $_DVWA[ 'db_user' ] = 'dvwamgr'; $_DVWA[ 'db_password' ] = 'mypassword'; ...
Install reCAPTCHA keys
Generate recapture values from Google service.
Once generated, simply copy and paste the site key and site secret key to
$_DVWA[ 'recaptcha_public_key' ] and
$_DVWA[ 'recaptcha_private_key' ] respectively.
... # ReCAPTCHA settings # Used for the 'Insecure CAPTCHA' module # You'll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ 'recaptcha_public_key' ] = '6LcWVswUAAAAAHPp-TlOuNcLcrw7iAWVhtOrDYFm'; $_DVWA[ 'recaptcha_private_key' ] = '6LcWVswUAAAAABssYEu10VtWinRub6b_D8zn_sSL'; ...
Save and exit the configuration file.
Assign the ownership of the DVWA web configuration files to Apache.
chown -R apache:apache /var/www/html
Restart the database and Apache
systemctl restart mariadb httpd
If SELinux is running, apache user will be denied write access to the file,
/var/www/html/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt as well as on the directory,
/var/www/html/config. To fix this, simply execute the command below;
setsebool -P httpd_unified 1
Allow HTTPD scripts and modules to connect to the network
setsebool -P httpd_can_network_connect 1
Allow HTTPD scripts and modules to network connect to databases.
setsebool -P httpd_can_network_connect_db 1
Finalize DVWA Setup on Browser
You can now access DVWA from your preferred browser to finalize the configuration setup. Use the address,
On the setup page, ensure that no setting with status red. If any, ensure you fix the issue before proceeding.
Click Reset/Database to configure DVWA database connection settings.
Since we already done this above, you will be redirected to the DVWA login interface if the DB connection details are correct.
Login using the default credentials; Username:
DVWA default dashboard.
Well. that is all it takes to install and setup DVWA on CentOS 8.