Logo

dev-resources.site

for different kinds of informations.

Cara Menginstal DVWS (Damn Vulnerable Web Services) di Nginx

Published at
10/2/2023
Categories
dvws
nginx
security
bugbounty
Author
1amkaizen
Main Article
https://dev.to/1amkaizen/cara-menginstal-dvws-damn-vulnerable-web-services-di-nginx-4641
Categories
4 categories in total
dvws
open
nginx
open
security
open
bugbounty
open
Author
9 person written this
1amkaizen
open
Cara Menginstal DVWS (Damn Vulnerable Web Services) di Nginx

DVWS (Damn Vulnerable Web Services) adalah platform latihan uji penetrasi yang dirancang untuk membantu pengembang dan peneliti keamanan memahami kerentanannya pada layanan web dan API. Berikut adalah langkah-langkah untuk menginstal DVWS di server Nginx.

Langkah 1: Persiapkan Server dan Instal Nginx

Pastikan Anda memiliki server yang dijalankan dan Nginx terinstal. Jika belum, ikuti langkah-langkah untuk menginstal Nginx pada sistem operasi Anda.

Langkah 2: Instal PHP-FPM

DVWS menggunakan PHP, jadi kita akan menginstal PHP-FPM (PHP FastCGI Process Manager) untuk menangani pemrosesan PHP.



sudo apt update
sudo apt install php-fpm
Enter fullscreen mode Exit fullscreen mode

Langkah 3: Konfigurasi Nginx

Buat konfigurasi Nginx untuk DVWS. Buat file konfigurasi baru di direktori konfigurasi Nginx, misalnya, /etc/nginx/sites-available/dvws.



sudo nano /etc/nginx/sites-available/dvws
Enter fullscreen mode Exit fullscreen mode

Tambahkan konfigurasi berikut (sesuaikan dengan lokasi di mana Anda akan menempatkan DVWS):



server {
    listen 80;
    server_name your_domain_or_ip;

    root /var/www/html/DVWS;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}
Enter fullscreen mode Exit fullscreen mode

Gantilah your_domain_or_ip dengan domain atau alamat IP server Anda.

Langkah 4: Aktifkan Konfigurasi Nginx

Aktifkan konfigurasi yang baru saja dibuat dengan membuat tautan simbolis ke direktori sites-enabled.



sudo ln -s /etc/nginx/sites-available/dvws /etc/nginx/sites-enabled/
Enter fullscreen mode Exit fullscreen mode

Langkah 5: Restart Nginx

Restart Nginx untuk menerapkan perubahan konfigurasi.



sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

Langkah 6: Unduh dan Konfigurasi DVWS

Unduh kode sumber DVWS dari repositori Git.



git clone https://github.com/interference-security/DVWS.git /var/www/html/DVWS
Enter fullscreen mode Exit fullscreen mode

Atur izin yang sesuai untuk direktori DVWS.




sudo chown -R www-data:www-data /var/www/html/DVWS
Enter fullscreen mode Exit fullscreen mode




Langkah 7: Akses DVWS melalui Browser

Sekarang, Anda dapat mengakses DVWS melalui browser web dengan menggunakan alamat IP atau domain server dan melanjutkan dengan uji penetrasi. Buka http://your_domain_or_ip/ di browser.

Pastikan untuk selalu menggunakan DVWS dan alat uji penetrasi dengan etika dan hanya pada sistem yang Anda miliki izin untuk menguji.

bugbounty Article's
30 articles in total
Favicon
ใ€Activities Guideใ€‘A detailed overview of the TECNO Security Response Center's security incentive activities
Favicon
Master Password Attacks in Minutes! Ethical Hacking Guide ๐Ÿ”“
Favicon
How to Set Up an Access Point with a Fake Captive Portal
Favicon
Some handy notes for GCP pentesting
Favicon
Mastering OSINT for Bug Bounty Success: Advanced Tools and Techniques for Deep Recon
Favicon
Top 5 Vulnerabilities Youโ€™re Missing Out On (And How to Catch Them)
Favicon
The Unspoken Path to Effective Bug Hunting: A Guide Beyond Tools and Techniques
Favicon
Top Hacking Books for 2024 (plus Resources): FREE and Paid
Favicon
Bug bounty hunting with LLMs
Favicon
External vs. Internal Explained
Favicon
Bug Bounty Report Template
Favicon
Docker explained for pentesters
Favicon
A07:2021 โ€“ Identification and Authentication Failures
Favicon
what is BOUNTY BUG ?
Favicon
Cara Menginstal DVWS (Damn Vulnerable Web Services) di Nginx
Favicon
Details QA should share when reporting a bug for efficient resolution
Favicon
Treating the IRS Tax Code as Actual Code: The Rise of Tax Hackers
Favicon
Top 5 open-source bug reporting tools for web developers
Favicon
The Role of Bug Reporting in Software Testing: A Deep Dive
Favicon
10 Best Bug Bounty Platforms to Earn Money Online
Favicon
Rapyd Launches Bug Bounty Program: Earn Rewards for Finding Security Vulnerabilities
Favicon
How to Get Started with Bug Bounty?
Favicon
$350 XSS in 15 minutes
Favicon
The Best Ways to Exploit Rate Limit Vulnerabilities
Favicon
A Brief Introduction to SAML Security Vector
Favicon
A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters
Favicon
P1 Bug Bounties: What is an IDOR, and how does IDOR == $$$?
Favicon
An Open Source apps Leads to XSS to RCE Vulnerability Flaws
Favicon
How To Exploit PHP Remotely To Bypass Filters & WAF Rules
Favicon
The Various Utilization Methods of PHP Serialization & Deserialization

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech