Damn Vulnerable Web Application (DVWA)
DVWA is a web application which uses PHP and MySQL and implements a number of common web application vulnerabilities. For more information visit http://www.dvwa.co.uk/
and https://github.com/digininja/DVWA
.
Installation - vagrant up
Using the Vagrantfile in the penetration testing lab directory in the git repo at https://github.com/kushfj/pentesting
, spin up a DVWA VM in virtual box.
The virtual machines has two virtual network adapters, the first adapter is connected to the default NAT network. The NAT network is required during the initial setup to download and install updates and packages. The second adapter is connected the default intnet
internal network. The intnet internal network is used for the penetration testing. Note, you must disable or disconnect the NAT interface as soon as the machine is ready.