installing DVWA on digitalocean
RAD50 opened this issue · 7 comments
hello everyone
so I want to install DVWA on Digitalocean i looked online but all the tutorial is on a local network I want to make it public for me and my friends to test anything we want on it.
thanks for the help in advance.
Create yourself whatever DO calls a Linux VM and then follow the standard
Linux install instructions.
Just be very careful how you expose it, if you make it completely public
then anyone who finds it can take pretty much compete control of your box.
On Sat, 18 Nov 2023, 14:44 RAD50, @.***> wrote:
hello everyone
so I want to install DVWA on Digitalocean i looked online but all the
tutorial is on a local network I want to make it public for me and my
friends to test anything we want on it.
thanks for the help in advance.
—
Reply to this email directly, view it on GitHub
#594, or unsubscribe
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>
Hey man thanks for the help i just did all of that, I faced some obstacle but nothing cannot be solved with some googling, sorry for my lack of knowledge but i can you tell me about these errors what they are ?
"
Operating system: *nix
PHP version: 8.2.12
PHP function display_errors: Disabled
PHP function display_startup_errors: Disabled
PHP function allow_url_include: Disabled
PHP function allow_url_fopen: Enabled
PHP module gd: Installed
PHP module mysql: Installed
PHP module pdo_mysql: Installed
"
The first there things are they important, do i need to enable them?
If your question is about placing it behind an NGINX proxy, with a basic authentification, like asked in a recent issue, then something like
error_log /var/www/errorlog;
pid /var/www/nginx.pid;
worker_rlimit_nofile 8192;
daemon off;
events {
worker_connections 1024;
}
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
types {
text/html html htm shtml;
text/css css;
image/jpeg jpeg jpg;
}
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
index index.html;
access_log /var/www/accesslog;
server {
listen 443 ssl;
ssl_certificate /var/www/proxy_pub.pem;
ssl_certificate_key /var/www/proxy_priv.pem;
ssl_protocols TLSv1.2 TLSv1.3;
keepalive_timeout 70;
root /var/www/www-data;
location /dvwa {
rewrite ^/dvwa$ /dvwa/ permanent;
rewrite /dvwa/(.*) /$1 break;
proxy_pass http://172.16.1.4:80/;
proxy_http_version 1.1;
proxy_read_timeout 600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
auth_basic "Restricted area";
auth_basic_user_file /var/www/.users;
}
}
}
will work. You'll need to adjust le IP address of the "proxy_pass" to point to your DVWA instance, to setup the ".user" file with the hashed passwords of the authorized users and setup the NGINX SSL certificates. The "daemon off" above is beacuse this is used in an NGINX docker instance. This is an extract of something like I'm currently using.
Not sure if DVWA uses websockets or not so the "Upgrade" and "Connection" headers might be optional.
@adb014 Thanks man that helped me a lot, i just did all that it was a long journey but finally working and everything is great, also thanks @digininja for the help
Just be very careful you don't accidentally completely expose it, there are a lot of installs out there that shouldn't be.
…
On Mon, 20 Nov 2023, 23:04 RAD50, @.> wrote: @adb014 https://github.com/adb014 Thanks man that helped me a lot, i just did all that it was a long journey but finally working and everything is great, also thanks @digininja https://github.com/digininja for the help — Reply to this email directly, view it on GitHub <#594 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWLABMOLL5G7GOMWEL3YFPOWZAVCNFSM6AAAAAA7RAUCXCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJZHE2DKNRQG4 . You are receiving this because you were mentioned.Message ID: @.>
thanks for the advice, i really enjoy using DVWA to test my skills and to improve tbh i learned soo many things in the past week