The Ultimate Zero-to-Hero Guide: Installing DVWA on Kali Linux.

This is the ultimate, foolproof, guide to installing the Damn Vulnerable Web App (DVWA) on Kali Linux.

Step 1: Install the Web Stack and Download DVWA First, we need to install the engine (Apache Web Server, MariaDB Database, PHP) and clone the DVWA files directly into the correct web directory. Open your Kali terminal, copy this entire block, and press Enter:

sudo apt update
sudo apt install apache2 mariadb-server php php-mysql php-gd git -y
cd /var/www/html/
sudo git clone https://github.com/digininja/DVWA.git
sudo chown -R www-data:www-data /var/www/html/dvwa/
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php

Step 2: Auto-Configure the Database DVWA needs a specific database user to store its vulnerable data. Instead of logging into the MySQL console manually, we can inject the exact setup commands directly from the terminal using this one-liner block. Copy and paste this:

sudo systemctl start mariadb
sudo mysql -u root -e "CREATE DATABASE dvwa;"
sudo mysql -u root -e "CREATE USER 'dvwa'@'127.0.0.1' IDENTIFIED BY 'p@ssw0rd';"
sudo mysql -u root -e "GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'127.0.0.1';"
sudo mysql -u root -e "FLUSH PRIVILEGES;"

Step 3: Auto-Tweak PHP Security Shields By default, Kali Linux has strict PHP security settings that will actually block you from completing advanced hacking challenges (like File Inclusion) inside DVWA. This command uses sed (a stream editor) to automatically find the security switch, turn it off, and restart your web server to apply the changes. Copy and paste this:

sudo sed -i 's/allow_url_include = Off/allow_url_include = On/g' /etc/php/*/apache2/php.ini
sudo systemctl restart apache2

Step 4: Initialize the Application Your backend is completely set up! Now we just need to tell the web app to build its tables. * Open your Kali web browser and navigate to: http://localhost/dvwa/setup.php * Scroll to the very bottom of the page and click the Create / Reset Database button. * The page will reload and redirect you to the login screen. Default Login Credentials: * Username: admin * Password: password

(Note: Once you log in, go to the "DVWA Security" tab on the left and set the security level to "Low" so you can start learning the basics!)

The Daily Routine: Startup and Shutdown 🚦 You never have to run the installation steps above again. However, when you reboot your computer, the web servers default to "Off" so they don't consume your RAM in the background. Here are the only commands you need to know for your daily hacking sessions: Start Up (When you want to practice): Boot the web server and database into your live memory. DVWA is now accessible in your browser.

sudo systemctl start apache2 mariadb

Check Status (If the page won't load): Verify that your services are actually running. Look for the green "active" text. (Press q to exit this screen).

sudo systemctl status apache2 mariadb

Turn Off (Before shutting down your PC): Kill the background processes to free up your CPU and RAM for normal computer use.

sudo systemctl stop apache2 mariadb