Step 1 :
sudo apt install php7.2 php7.2-gd php-mysql mysql-server apache2 gitSet the MySQL server password as prompt.
Step 2 :
sudo mysql -u root -pCREATE DATABASE dvwadb;
GRANT ALL PRIVILEGES ON dvwadb.* TO ‘dvwa’@’localhost’ IDENTIFIED BY ‘dvwapassword’;Step 3 :
sudo nano /etc/php/7.2/apache2/php.iniChange the "Off" to "On" :
allow_url_include = OnStep 4 :
cd /var/www/html
sudo git clone https://github.com/ethicalhack3r/DVWA.git
cd /var/www/html/DVWA
sudo chmod 777 /var/www/html/DVWA/config
sudo chmod 666 /var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
sudo chmod 777 /var/www/html/DVWA/hackable/uploads/Step 5 :
sudo nano /etc/apache2/sites-enabled/000-default.confAppend "/DVWA" as the end of "/var/www/html" :
DocumentRoot /var/www/html/DVWAStep 6 :
sudo cp /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
sudo nano /var/www/html/DVWA/config/config.inc.phpMake changes as the following :
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwadb';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'dvwapassword';Step 7 :
Go to https://www.google.com/recaptcha/admin to generate the keys for 'Insecure CAPTCHA' module and add to the related items at "config.inc.php".
Step 8 :
sudo systemctl restart apache2Step 9 :
http://[server_ip_address]The username is "admin" while the password is "password".
Beware that the DVWA is vulnerable and do not allow it to be accessed via public.
Step 10 (Optional) :
sudo apt install php7.2-fpm
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php7.2-fpmThat's all! See you.