DVWA and OWASP Mutillidae II Lab setup in Windows


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications.


Xampp which is a offline web server Download Here .

DVWA lab which you can download from Here

First install you xampp in windows. After which you should find a control panel as shown below.

The Choose Components screen will appear next. This screen will allow you to choose which components you would like to install. To run XAMPP properly, all components checked need to be installed. Click Next to continue.

When The Installation Complete screen will now appear. Click Finish to begin using XAMPP.

The XAMPP Control Panel allows you to manually start and stop Apache and MySQL, or install them as services.

start your Apache and MySQL modules. Apache is a web server and MySQL is used to maintain the database.

Extract DVWA lab setup in the location ” C:\xampp\htdocs\dvwa ” as is shown below.

Go to the location “ C:\xampp\htdocs\dvwa\config ” where we can find a file named config.inc.php.dist which is the file you will have to edit.

Open the dist file with notepad ++ and remove the [email protected] given as the db_password for user root and   kept it  “blank” for user root  [both single quotes without any spaces].  

Now save the config.inc.php.dist file as config.inc.php after making changes. 

From given image you can confirm that now we had php configuration file in /dvwa/config/config.inc 

Now open up your web browser type ” localhost/dvwa ”

When we first connect to the URI http://localhost/dvwa/ we’ll have to set up the database. 

Now we can successfully login with the default username admin and password password that were automatically created by the DVWA web application.

When we’ve successfully authenticated into the application, now you can use this application


OWASP Mutillidae II Web Pen-Test Practice Application

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software

Xampp which is an offline web server Download Here .

Mutilldae lab which you can download from Here

Extract Mutilldae lab setup in the location” C:\xampp\htdocs\mutilldae” as is shown below.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.

Leave a Reply

Your email address will not be published. Required fields are marked *