Create Install-DVWA.sh

[IamCarron]

Install-DVWA.sh this script automates the installation process for [DVWA]

[digininja]

Lots of comments for you.

It is a good start, just needs a bit of work.

I think DVWA should be a learning tool right from the start of the install, that is why I'd like to keep all the output on the screen so users can see what is going on. It also helps to debug if something goes wrong.

[IamCarron]

Everything should be done if you find anything that needs to be improved tell me!

[IamCarron]

Fixed and tested

[IamCarron]

Everithing should be fine now I you find anything just tell me!

[digininja]

OK, I'm downloading a virtual Kali image now so will test this out.

[digininja]

I've just thought of a problem.

We need to tell people how to get just this script and run it rather than having them clone the repo then run the script from the repo. If they clone the repo and then run the script they are going to have a spare copy of the repo that they don't need.

Or they clone the repo into /var/ww/html and then your clone tries to go over it and could mess things up.

[IamCarron]

The idea that I came up with is to add in the instructions of the readme to clone it from my repo so I would already do everything and it would be easier to maintain in case you request improvements or errors, in case you want to implement it directly on your repo I can modify it so that it does not clone the repository and just copy the folder to www. As you prefer.

[digininja]

You hosting it is fine with me. I will have to put a comment on to say that it is an external script so user beware that you could change it to do malicious things at any point, but I doubt you'd do that.

On Thu, 18 Jan 2024 at 11:36, IamCarron @.***> wrote:

The idea that I came up with is to add in the instructions of the readme to clone it from my repo so I would already do everything and it would be easier to maintain in case you request improvements or errors, in case you want to implement it directly on your repo I can modify it so that it does not clone the repository and just copy the folder to www. As you prefer.

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/pull/603#issuecomment-1898312881, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNT75OBGBVTM3BMUTTYPECMVAVCNFSM6AAAAABB4ZA6TSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJYGMYTEOBYGE . You are receiving this because you commented.Message ID: @.***>

[IamCarron]

You hosting it is fine with me. I will have to put a comment on to say that it is an external script so user beware that you could change it to do malicious things at any point, but I doubt you'd do that. … On Thu, 18 Jan 2024 at 11:36, IamCarron @.> wrote: The idea that I came up with is to add in the instructions of the readme to clone it from my repo so I would already do everything and it would be easier to maintain in case you request improvements or errors, in case you want to implement it directly on your repo I can modify it so that it does not clone the repository and just copy the folder to www. As you prefer. — Reply to this email directly, view it on GitHub <#603 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNT75OBGBVTM3BMUTTYPECMVAVCNFSM6AAAAABB4ZA6TSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJYGMYTEOBYGE . You are receiving this because you commented.Message ID: @.>

No problem about that, it shouldn't need much update after the final release and anyone can look the code at any time!

[digininja]

It would be good to explain what has gone wrong when it does.

You need to decide whether the failure is critical enough to justify stopping the script running or if it can continue to run and then allow the user to run it a second time to try to fix it up.

For this one, could you wrap the commands in a loop that repeats until the exit code is 0?

On Thu, 18 Jan 2024 at 16:47, IamCarron @.***> wrote:

@.**** commented on this pull request.

In Install-DVWA.sh https://github.com/digininja/DVWA/pull/603#discussion_r1457722605:

• mysql -u "$mysql_user" -p"$mysql_password" -e "CREATE DATABASE IF NOT EXISTS dvwa;" &>/dev/null &&
• mysql -u "$mysql_user" -p"$mysql_password" -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY @.***';" &>/dev/null &&
• mysql -u "$mysql_user" -p"$mysql_password" -e "GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';" &>/dev/null &&
• mysql -u "$mysql_user" -p"$mysql_password" -e "FLUSH PRIVILEGES;" &>/dev/null
• else

• Execute MySQL commands without password

• mysql -u "$mysql_user" -e "CREATE DATABASE IF NOT EXISTS dvwa;" &>/dev/null &&
• mysql -u "$mysql_user" -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY @.***';" &>/dev/null &&
• mysql -u "$mysql_user" -e "GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';" &>/dev/null &&
• mysql -u "$mysql_user" -e "FLUSH PRIVILEGES;" &>/dev/null
• fi
• if [ $? -eq 0 ]; then
• echo "$(get_language_message "\033[92mMySQL commands executed successfully.\033[0m" "\033[92mComandos MySQL ejecutados con éxito.\033[0m")"
• else
• echo -e "$(get_language_message "\033[91mError: Unable to execute MySQL commands. Please check your MySQL credentials." "\033[91mError: No se pueden ejecutar los comandos de MySQL. Por favor, verifique sus credenciales de MySQL.")"

I think now should do the job i need to translate some comments and outputs. Let me know what you think.

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/pull/603#discussion_r1457722605, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWKB2H54A3ZZK7OG43LYPFGYXAVCNFSM6AAAAABB4ZA6TSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTQMZQGE2DIMZYG4 . You are receiving this because you commented.Message ID: @.***>

[IamCarron]

It would be good to explain what has gone wrong when it does. You need to decide whether the failure is critical enough to justify stopping the script running or if it can continue to run and then allow the user to run it a second time to try to fix it up. For this one, could you wrap the commands in a loop that repeats until the exit code is 0? … On Thu, 18 Jan 2024 at 16:47, IamCarron @.> wrote: @*.*** commented on this pull request. ------------------------------ In Install-DVWA.sh <#603 (comment)>: > + mysql -u "$mysql_user" -p"$mysql_password" -e "CREATE DATABASE IF NOT EXISTS dvwa;" &>/dev/null && + mysql -u "$mysql_user" -p"$mysql_password" -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY @.';" &>/dev/null && + mysql -u "$mysql_user" -p"$mysql_password" -e "GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';" &>/dev/null && + mysql -u "$mysql_user" -p"$mysql_password" -e "FLUSH PRIVILEGES;" &>/dev/null + else + # Execute MySQL commands without password + mysql -u "$mysql_user" -e "CREATE DATABASE IF NOT EXISTS dvwa;" &>/dev/null && + mysql -u "$mysql_user" -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY @.';" &>/dev/null && + mysql -u "$mysql_user" -e "GRANT ALL PRIVILEGES ON dvwa. TO 'dvwa'@'localhost';" &>/dev/null && + mysql -u "$mysql_user" -e "FLUSH PRIVILEGES;" &>/dev/null + fi + + if [ $? -eq 0 ]; then + echo "$(get_language_message "\033[92mMySQL commands executed successfully.\033[0m" "\033[92mComandos MySQL ejecutados con éxito.\033[0m")" + else + echo -e "$(get_language_message "\033[91mError: Unable to execute MySQL commands. Please check your MySQL credentials." "\033[91mError: No se pueden ejecutar los comandos de MySQL. Por favor, verifique sus credenciales de MySQL.")" I think now should do the job i need to translate some comments and outputs. Let me know what you think. — Reply to this email directly, view it on GitHub <#603 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWKB2H54A3ZZK7OG43LYPFGYXAVCNFSM6AAAAABB4ZA6TSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTQMZQGE2DIMZYG4 . You are receiving this because you commented.Message ID: **@.***>

Done but I cant replicate the error with the default credencials for kali

[IamCarron]

Ok, now should be bulletproof I hope.

[digininja]

It looks good to me.

Best thing to do I think is for you to take a copy of this and put it on your site then close this PR. If you could then write a few lines to go in the README for this site and put that in as a new PR, I'll probably tweak it a little bit and then accept it.

I guess this was probably a lot more work than you thought, but I know my users and know how much hand holding they need and how little they read instructions and error messages.

[IamCarron]

No problem, I'm glad this can help anyone who wants to learn something new and can help them do it in the easiest and simplest way possible.

And this the main repository for the script: https://github.com/IamCarron/DVWA-Script