How to configure DVWA on windows system 💻

How to configure DVWA on windows system 💻

Setting up Lab environment

Hey folks 🙋

In this article, I will be sharing how to set up a lab on your windows system using DVWA(Damn Vulnerable Web Application) for practising OWASP Top 10 attacks. IKR, this is very basics but my motto is to cover this topic as an article because I have encountered a lot of infosec enthusiasts who messed up few things while configuring.

Let's Bring it on...

First, let’s have a look at what you need to be installed on your machine :

Now my I assuming that you’ve installed the XAMPP is already installed, up and running 🏃

Now it’s time to unzip the zip file of DVWA that you have downloaded.

Now Extract the zip file by right-clicking on the file then choosing the extract all option.

Now you have to open XAMPP server and need to click on the Explorer button :

Now go to the “htdocs” folder then paste the extracted DVWA folder but after renaming it as follows :

Now go inside the dvwa folder then you will find the config folder. Open it 📂 . Inside that folder, there will be a file named “config.inc.php.dist”.

We have to rename it to only “cnfig.inc.php”. Then this will be a PHP formatted file as follows :

Now we need have to open this php file in a notepad:

  • Step 1:

  • Step 2:

  • Step 3: Select the Notepad from the options then the file will open.

Now we have to change two filed in the file :

First, we have to erase the password filed to null and in ‘db_user’ filed we have to replace dvwa to root. Like this :

Now it’s time to open start two services Apache server and MySQL database from the XAMPP server.

Now we have to open a browser and need to type the URL in the bar

127.0.0.1/dvwa

There you see a page like the below :

Now you need to scroll down to the bottom you will find a button named “Create /Reset Database”. Just click it.

After clicking wait for few seconds then you will this login screen :

Now you will be able to log in using the default username: admin and password: password.

Happy Learning 😋

If you still be having any issues then I am a ping away.