Webantix

I have always wanted to get involved with a community based project and when I got pointed in the direction of Damn Vulnerable Web Apps (DVWA) it just made sense. So this is my first attempt to get involved. Below is a full guide on how I installed DVWA and Ubuntu 9.10 (Karmic Koala) JeOS. You can do this on either a virtual machine or an old PC you have lying around.

DO NOT USE THIS ON A LIVE ENVIRONMENT.

Installing Ubuntu JeOS (Just enough Operating System)

First you will need to download the latest version of Ubuntu. You can find this a the following link. http://www.ubuntu.com/getubuntu/download

once you have this downloaded you will need to burn it to a CD/DVD as every one’s burn software is slightly different you can work that bit out for yourself.

Boot into your new Ubuntu CD/DVD

Choose your language

At the menu screen press f4 this will give you options of install types.

As I am installing this on my VMware Workstation I choose Install a minimal virtual machine if you are installing on old hardware just choose minimal build.

after you have selected that it will take you back to the menu where you should choose Install Ubuntu Server

We are now in the installation. Choose your language and your keyboard layout.
after that give your machine a host name and set your time zone.

Once you are at the Partition Manager screens depending on your set up you may be wanting to use some of the disk or all of it. As I want to use all the disk I choose “Use Guided – Use entire disk”
At the next screen it will ask you to accept to “Write changes to disk”(THIS WILL DELETE EVERYTHING ON THIS PARTITION DO IT AT YOUR OWN RISK)

It will now ask you to Create a user account.
After the user account it will ask you to encrypt your hard drive, do not do this as this is just a test system.
Also set no automatic updates on the updates screen.

Now we are onto software selection. Usually we would use this to install basic packages for the server. As I am installing a virtual machine I have selected in the software selection.

Basic Ubuntu Server
LAMP Server
Virtual Machine host

leave your MySQL password blank (It will ask you to set it a number of times, just leave it blank)

press continue at the end of the Installation.

Your Ubuntu JeOS install is complete. Please remember that some of the options you have chosen are insecure so do not use these instructions to build a live server.

Installing Damn Vulnerable Web Apps

Once you have installed boot up and log into your new operating system. We will then need to update our apt-get, install a couple more packages and then download DVWA.

Once you have logged in as your user type the following commands.

$ sudo apt-get update
$ sudo apt-get install wget unzip
$ wget http://downloads.sourceforge.net/project/dvwa/dvwa-1.0.6.zip
$ sudo unzip dvwa-1.0.6.zip
$ cd dvwa-1.0.6
$ sudo mv dvwa /var/www/

Now we have completed the install of DVWA we need to find out where to surf too.

$ifconfig

You will then see the following.

eth0    Link encap:Ethernet  HWaddr 22:cc:80:e1:54:4b
        inet addr:192.168.1.22  Bcast:191.168.1.255  Mask:255.255.255.0
        inet6 addr: abcd::21a:80ff:fee1:8671/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:6934 errors:0 dropped:0 overruns:0 frame:0
        TX packets:1892 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:100
        RX bytes:2619505 (2.6 MB)  TX bytes:333429 (333.4 KB)
        Memory:daa00000-daa20000

The inet addr: field if you have not worked it out is the IP address you want to surf too.

then browse to http://<ip address>/dvwa

Time to play…