digininja/DVWA

installing DVWA on digitalocean

RAD50 opened this issue · 7 comments

RAD50 commented

hello everyone

so I want to install DVWA on Digitalocean i looked online but all the tutorial is on a local network I want to make it public for me and my friends to test anything we want on it.

thanks for the help in advance.

digininja commented
  • 😄1
RAD50 commented

Create yourself whatever DO calls a Linux VM and then follow the standard

Linux install instructions.

Just be very careful how you expose it, if you make it completely public

then anyone who finds it can take pretty much compete control of your box.

On Sat, 18 Nov 2023, 14:44 RAD50, @.***> wrote:

hello everyone

so I want to install DVWA on Digitalocean i looked online but all the

tutorial is on a local network I want to make it public for me and my

friends to test anything we want on it.

thanks for the help in advance.

—

Reply to this email directly, view it on GitHub

#594, or unsubscribe

https://github.com/notifications/unsubscribe-auth/AAA4SWIK4EDHYDT35FUH2HTYFDCWFAVCNFSM6AAAAAA7RAUCXCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAYDANBUHEZTKNA

.

You are receiving this because you are subscribed to this thread.Message

ID: @.***>

Hey man thanks for the help i just did all of that, I faced some obstacle but nothing cannot be solved with some googling, sorry for my lack of knowledge but i can you tell me about these errors what they are ?

"

Operating system: *nix

PHP version: 8.2.12
PHP function display_errors: Disabled
PHP function display_startup_errors: Disabled
PHP function allow_url_include: Disabled
PHP function allow_url_fopen: Enabled
PHP module gd: Installed
PHP module mysql: Installed
PHP module pdo_mysql: Installed

"

The first there things are they important, do i need to enable them?

digininja commented
adb014 commented

If your question is about placing it behind an NGINX proxy, with a basic authentification, like asked in a recent issue, then something like

error_log  /var/www/errorlog;
pid        /var/www/nginx.pid;
worker_rlimit_nofile 8192;
daemon off;

events {
  worker_connections 1024;
}

http {
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 10m;

  types {
    text/html                             html htm shtml;
    text/css                              css;
    image/jpeg                            jpeg jpg;
  }
  
  proxy_redirect off;
  proxy_buffering off;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Port $server_port;

  index index.html;
  access_log /var/www/accesslog;
  
  server {
    listen 443 ssl;
    ssl_certificate /var/www/proxy_pub.pem;
    ssl_certificate_key /var/www/proxy_priv.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    keepalive_timeout 70;
    root /var/www/www-data;
   
    location /dvwa {
      rewrite ^/dvwa$ /dvwa/ permanent;
      rewrite /dvwa/(.*) /$1 break;
      proxy_pass http://172.16.1.4:80/;
      proxy_http_version 1.1;
      proxy_read_timeout 600;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Real-PORT $remote_port;
      auth_basic "Restricted area";
      auth_basic_user_file /var/www/.users;
    }
  }
}

will work. You'll need to adjust le IP address of the "proxy_pass" to point to your DVWA instance, to setup the ".user" file with the hashed passwords of the authorized users and setup the NGINX SSL certificates. The "daemon off" above is beacuse this is used in an NGINX docker instance. This is an extract of something like I'm currently using.

Not sure if DVWA uses websockets or not so the "Upgrade" and "Connection" headers might be optional.

RAD50 commented

@adb014 Thanks man that helped me a lot, i just did all that it was a long journey but finally working and everything is great, also thanks @digininja for the help

digininja commented
RAD50 commented

Just be very careful you don't accidentally completely expose it, there are a lot of installs out there that shouldn't be.
…
On Mon, 20 Nov 2023, 23:04 RAD50, @.> wrote: @adb014 https://github.com/adb014 Thanks man that helped me a lot, i just did all that it was a long journey but finally working and everything is great, also thanks @digininja https://github.com/digininja for the help — Reply to this email directly, view it on GitHub <#594 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWLABMOLL5G7GOMWEL3YFPOWZAVCNFSM6AAAAAA7RAUCXCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJZHE2DKNRQG4 . You are receiving this because you were mentioned.Message ID: @.>

thanks for the advice, i really enjoy using DVWA to test my skills and to improve tbh i learned soo many things in the past week