DVWA: instalasi Ubuntu 16.04: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) Created page with "'''WARNING: DVWA tidak bisa untuk PHP 7.0''' DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-..." |
Onnowpurbo (talk | contribs) |
||
| (12 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya | DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya | ||
==Download== | ==Download== | ||
cd /usr/local/src | |||
wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip | wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip | ||
==Instalasi Aplikasi Pendukung== | |||
===Downgrade=== | |||
sudo add-apt-repository ppa:ondrej/php | |||
sudo apt-get update | |||
sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \ | |||
php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0 apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd \ | |||
php5.6-cli php5.6-curl mysql-client mysql-server libphp-adodb libgd2-xpm-dev \ | |||
php5.6-curl php-pear unzip | |||
sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart | |||
===Ubuntu 16.04=== | ===Ubuntu 16.04=== | ||
==Versi 1.9== | |||
mv v1.9.zip /var/www/html | |||
cd /var/www/html | |||
unzip v1.9.zip | |||
cd /var/www/html/DVWA-1.9/external/phpids/0.6/lib/IDS | |||
chmod -Rf 777 tmp | |||
chown -Rf nobody.nogroup tmp | |||
chmod -Rf 777 /var/www/html/DVWA-1.9/hackable/uploads/ | |||
==Tambahan Konfigurasi== | |||
edit: | |||
vi /etc/php/5.6/cli/php.ini | |||
vi /etc/php/5.6/apache2/php.ini | |||
vi /etc/php/7.0/cli/php.ini | |||
vi /etc/php/7.0/apache2/php.ini | |||
ubah allow_url_include=Off, jadi | |||
allow_url_include=on | |||
edit | |||
vi /var/www/html/DVWA-1.9/config/config.inc.php | |||
ubah | |||
$_DVWA[ 'recaptcha_public_key' ] = ' '; | |||
$_DVWA[ 'recaptcha_private_key' ] = ' '; | |||
menjadi | |||
== | $_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; | ||
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'; | |||
Ubah | |||
$_DVWA[ 'default_security_level' ] = 'impossible'; | |||
Menjadi | |||
$_DVWA[ 'default_security_level' ] = 'low'; | |||
==Edit konfigurasi Database== | ==Edit konfigurasi Database== | ||
| Line 62: | Line 93: | ||
grant ALL on root.* to dvwa@localhost; | grant ALL on root.* to dvwa@localhost; | ||
exit | exit | ||
==Restart Apache== | |||
/etc/init.d/apache2 restart | |||
==Akses ke DVWA== | ==Akses ke DVWA== | ||
| Line 71: | Line 106: | ||
http://192.168.0.100/DVWA-1.9/ | http://192.168.0.100/DVWA-1.9/ | ||
http://192.168.0.111/DVWA-1.9/ | http://192.168.0.111/DVWA-1.9/ | ||
Klik | Klik | ||
| Line 92: | Line 126: | ||
username admin | username admin | ||
password password | password password | ||
==Referensi== | ==Referensi== | ||
* http://www.dvwa.co.uk/ | * http://www.dvwa.co.uk/ | ||
==Youtube== | |||
* https://youtu.be/JKsF7D089t4 - instalasi DVWA 1.9 di ubuntu 16.04 | |||
Latest revision as of 02:37, 4 October 2018
DVWA (Damn Vurnelabel Web App) dapat digunakan untuk belajar SQL Injection / SQLmap untuk melakukan serangan ke Web & Database-nya
Download
cd /usr/local/src wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
Instalasi Aplikasi Pendukung
Downgrade
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update sudo apt-get install php7.0 php5.6 php5.6-mysql php-gettext php5.6-mbstring php-mbstring php7.0-mbstring \ php-xdebug libapache2-mod-php5.6 libapache2-mod-php7.0 apache2 php5.6 php5.6-xmlrpc php5.6-mysql php5.6-gd \ php5.6-cli php5.6-curl mysql-client mysql-server libphp-adodb libgd2-xpm-dev \ php5.6-curl php-pear unzip
sudo a2dismod php7.0 ; sudo a2enmod php5.6 ; sudo service apache2 restart
Ubuntu 16.04
Versi 1.9
mv v1.9.zip /var/www/html cd /var/www/html unzip v1.9.zip
cd /var/www/html/DVWA-1.9/external/phpids/0.6/lib/IDS chmod -Rf 777 tmp chown -Rf nobody.nogroup tmp chmod -Rf 777 /var/www/html/DVWA-1.9/hackable/uploads/
Tambahan Konfigurasi
edit:
vi /etc/php/5.6/cli/php.ini vi /etc/php/5.6/apache2/php.ini vi /etc/php/7.0/cli/php.ini vi /etc/php/7.0/apache2/php.ini
ubah allow_url_include=Off, jadi
allow_url_include=on
edit
vi /var/www/html/DVWA-1.9/config/config.inc.php
ubah
$_DVWA[ 'recaptcha_public_key' ] = ' '; $_DVWA[ 'recaptcha_private_key' ] = ' ';
menjadi
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
Ubah
$_DVWA[ 'default_security_level' ] = 'impossible';
Menjadi
$_DVWA[ 'default_security_level' ] = 'low';
Edit konfigurasi Database
vi /var/www/html/DVWA-1.9/config/config.inc.php
Edit
$_DVWA = array(); $_DVWA[ 'db_server' ] = 'localhost'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = 'p@ssw0rd';
Pastikan sesuai dengan password root yang ada, misalnya
$_DVWA[ 'db_password' ] = '123456';
Lakukan di shell
mysql -u root -p123456
create database dvwa; grant ALL on root.* to dvwa@localhost; exit
Restart Apache
/etc/init.d/apache2 restart
Akses ke DVWA
Misalnya
http://ip-server/DVWA-1.9/ http://192.168.0.80/DVWA-1.9/ http://192.168.0.100/DVWA-1.9/ http://192.168.0.111/DVWA-1.9/
Klik
Click here to setup the database. Create / Reset Database
Atau misalnya ke,
http://ip-server/DVWA-1.9/setup.php http://192.168.0.80/DVWA-1.9/setup.php http://192.168.0.100/DVWA-1.9/setup.php http://192.168.0.111/DVWA-1.9/setup.php
Create / Reset Database
Login ke DVWA
username admin password password
Referensi
Youtube
- https://youtu.be/JKsF7D089t4 - instalasi DVWA 1.9 di ubuntu 16.04
