This also can be applied to make a portable web development environment; so our objective is to make a fully functional portable pentesting environment, the only requirement is have a portable device as a external HDD, a pendrive or even a smartphone, so we begin.
1)Download PortableApps, http://portableapps.com, this tool makes possible to run software portable with a friendly user interface. Once you have downloaded the installer, you have to select the destination and you're done.
2)Download XAMPP ("XAMPP is an easy to install Apache distribution containing MySQL, PHP, and Perl". -http://www.apachefriends.org/index.html) has the necessary to setup a small server to host a site, we will use it to mount DVWA, so here http://www.apachefriends.org/download.html select a windows installer, doesn't matter which php version. You have to install it on the portableapp directory, on the root directory\PortableApps, make sure it has its own folder named 'xampp'
Now run the portableapps menu, and click the 'apps' option, and click again in 'refresh apps icon', if everything went well, you have to see 4 icons available on your portableapps menu of xampp, like xampp-control
3)Download DVWA, http://www.dvwa.co.uk 'Damn Vulnerable Web App', it's a test site with configurable vulnerabilities, used by pentesters to practice defense and offense against sites (depends in your interests). Once you have downloaded, decompress the zip file, rename it to 'dvwa' and copy the whole folder and paste it in the 'htdocs' folder on xampp directory, once you done this, this is how your folder should look like...
The next step is set up the dvwa itself, run the xampp-control from the portableapps menu, click the start button of Apache and MySQL, now open a browser and type this
Don't be scare if shows a message 'Unable to connect to MySQL' just click on the link showing. You will be redirected to another page, click the 'create reset database'button, and again don't be scared if this message appear 'Could not connect to the database - please check the config file.'
To solve that message we have to go to the root of dvwa directory,config folder and open the config.inc.php and open it with an editor, search for $_DVWA[ 'db_password' ] replace the whole line with this $_DVWA[ 'db_password' ] = ''; save it and go again to the site of dvwa in the browser and hit the button, now the database is created. Now the final step...
4)Download a OWASP project, you can download any OWASP project, but for this case we will use owasp zap https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project the function about this step, is set up a tool to make pentesting attacks against DVWA, so same as before install it on the portableapps directory besides xampp, and refresh the icons in the menu and that's it.
Now to access as a user in dvwa type this url http://127.0.0.1/dvwa/login.php the default user is admin and password is password
From now on, is up to you to do some research about how to use this tools, I hope it has been helpful this article.
*Sorry my english this was my first article in english
0 comentarios:
Post a Comment