digininja
commented
7 months ago It looks like your database server is not running, follow these instructions:
https://github.com/digininja/DVWA/blob/master/README.md#connection-refused
Closed CyberSpace7777 closed 6 months ago
digininja
commented
7 months ago It looks like your database server is not running, follow these instructions:
https://github.com/digininja/DVWA/blob/master/README.md#connection-refused
CyberSpace7777
commented
7 months ago Hi Robin,
My apologies for a delayed response. Thanks very much for your assistance.
I am certain the "mariadb" database was always running at the time of this issue occurrence. Today, I checked it again as detailed below, however, I am still encountering the same issue:
Output 1: cyber@dvma:~$ systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-04-24 02:02:33 UTC; 2min 44s ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1249 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 8 (limit: 4515) Memory: 89.4M CPU: 936ms CGroup: /system.slice/mariadb.service └─1249 /usr/sbin/mariadbd
Apr 24 02:02:33 dvma.cyb mariadbd[1249]: 2024-04-24 2:02:33 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 24 02:02:33 dvma.cyb mariadbd[1249]: 2024-04-24 2:02:33 0 [Note] InnoDB: Buffer pool(s) load completed at 240424 2:02:33 Apr 24 02:02:33 dvma.cyb mariadbd[1249]: 2024-04-24 2:02:33 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 24 02:02:33 dvma.cyb mariadbd[1249]: 2024-04-24 2:02:33 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 24 02:02:33 dvma.cyb mariadbd[1249]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 24 02:02:33 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 24 02:02:33 dvma.cyb /etc/mysql/debian-start[1657]: Upgrading MySQL tables if necessary. Apr 24 02:02:34 dvma.cyb /etc/mysql/debian-start[1668]: Checking for insecure root accounts. Apr 24 02:02:34 dvma.cyb /etc/mysql/debian-start[1673]: WARNING: mysql.user contains 2 root accounts without password! Apr 24 02:02:34 dvma.cyb /etc/mysql/debian-start[1674]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables cyber@dvma:~$ systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-04-24 02:02:33 UTC; 3min 21s ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 1640 (apache2) Tasks: 6 (limit: 4515) Memory: 17.8M CPU: 153ms CGroup: /system.slice/apache2.service ├─1640 /usr/sbin/apache2 -k start ├─1643 /usr/sbin/apache2 -k start ├─1644 /usr/sbin/apache2 -k start ├─1645 /usr/sbin/apache2 -k start ├─1646 /usr/sbin/apache2 -k start └─1647 /usr/sbin/apache2 -k start
Apr 24 02:02:28 dvma.cyb systemd[1]: Starting The Apache HTTP Server... Apr 24 02:02:33 dvma.cyb systemd[1]: Started The Apache HTTP Server. cyber@dvma:~$
Output 2:
MariaDB [(none)]> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa'; +-------------+------+-----------------------+ | Host | User | plugin | +-------------+------+-----------------------+ | localhost | dvwa | mysql_native_password | | 192.168.0.4 | dvwa | mysql_native_password | | dvwa.cyb | dvwa | mysql_native_password | +-------------+------+-----------------------+ 3 rows in set (0.002 sec)
MariaDB [(none)]>
May you please assist me.
digininja
commented
7 months ago Is your config file definitely pointing at this database server? Send me a screenshot of the database section of your config file, an example of you logging in using those credentials on the command line, and the last 10 entries from the Apache log straight after the error has occurred.
CyberSpace7777
commented
7 months ago Hi Robin,
Thank you for your assistance.
Please find the requested details below, spread across over three posts:
cyber@dvma:/var/www/html/DVWA/config$ vi config.inc.php <?php
If you are having problems connecting to the MySQL database and all of the variables below are correct try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets. Thanks to @digininja for the fix.
Database management system to use $DBMS = 'MySQL'; $DBMS = 'PGSQL'; // Currently disabled
Database variables WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. Please use a database dedicated to DVWA.
If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user. See README.md for more information on this. $_DVWA = array(); $_DVWA[ 'db_server' ] = 'dvwa.cyb'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd'; $_DVWA[ 'db_port'] = '3306';
ReCAPTCHA settings Used for the 'Insecure CAPTCHA' module You'll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ 'recaptcha_public_key' ] = ''; $_DVWA[ 'recaptcha_private_key' ] = '';
Default security level Default value for the security level with each session. The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'. $_DVWA[ 'default_security_level' ] = 'low';
Default locale Default locale for the help page shown with each session. The default is 'en'. You may wish to set this to either 'en' or 'zh'. $_DVWA[ 'default_locale' ] = 'en';
Disable authentication Some tools don't like working with authentication and passing cookies around so this setting lets you turn off authentication. $_DVWA[ 'disable_authentication' ] = true; "config.inc.php" [readonly][dos] 56L, 2162B 1,1 Top
digininja
commented
7 months ago There is no screenshot.
CyberSpace7777
commented
7 months ago If you are having problems connecting to the MySQL database and all of the variables below are correct try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets. Thanks to @digininja for the fix.
Database management system to use $DBMS = 'MySQL'; $DBMS = 'PGSQL'; // Currently disabled
Database variables WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. Please use a database dedicated to DVWA.
If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user. See README.md for more information on this. $_DVWA = array(); $_DVWA[ 'db_server' ] = 'dvwa.cyb'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd'; $_DVWA[ 'db_port'] = '3306';
ReCAPTCHA settings Used for the 'Insecure CAPTCHA' module You'll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ 'recaptcha_public_key' ] = ''; $_DVWA[ 'recaptcha_private_key' ] = '';
Default security level Default value for the security level with each session. The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'. $_DVWA[ 'default_security_level' ] = 'low';
Default locale Default locale for the help page shown with each session. The default is 'en'. You may wish to set this to either 'en' or 'zh'. $_DVWA[ 'default_locale' ] = 'en';
Disable authentication Some tools don't like working with authentication and passing cookies around so this setting lets you turn off authentication. $_DVWA[ 'disable_authentication' ] = true; "config.inc.php" [readonly][dos] 56L, 2162B 1,1 Top
digininja
commented
7 months ago You've put $_DVWA[ 'db_server' ] = 'dvwa.cyb'; as your database server but you showed the database server running on 127.0.0.1 earlier so that is what you need to put in there.
CyberSpace7777
commented
7 months ago I logged into db successfully using credential below. $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd';
Output: cyber@dvma:/var/www/html/DVWA/config$ sudo mysql -u dvwa -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 36 Server version: 10.6.16-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
cyber@dvma:/etc/apache2/sites-available$ cd /var/log/apache2 cyber@dvma:/var/log/apache2$ ls -l . total 152 -rw-r----- 1 root adm 2827 Apr 24 20:46 access-dvwaapp.log -rw-r--r-- 1 root root 15472 Apr 16 01:34 access-dvwaapp.log.1 -rw-r----- 1 root adm 0 Apr 24 02:02 access.log -rw-r----- 1 root adm 56693 Apr 15 22:12 access.log.1 -rw-r----- 1 root adm 988 Apr 24 20:46 error-dvwaapp.log -rw-r--r-- 1 root root 14024 Apr 16 01:34 error-dvwaapp.log.1 -rw-r----- 1 root adm 599 Apr 24 20:21 error.log -rw-r----- 1 root adm 41275 Apr 16 03:39 error.log.1 -rw-r----- 1 root adm 0 Apr 15 04:09 other_vhosts_access.log cyber@dvma:/var/log/apache2$ vi access-dvwaapp.log cyber@dvma:/var/log/apache2$ vi error.log cyber@dvma:/var/log/apache2$ vi access-dvwaapp.log cyber@dvma:/var/log/apache2$ vi error-dvwaapp.log cyber@dvma:/var/log/apache2$ vi error.log cyber@dvma:/var/log/apache2$ vi error-dvwaapp.log.1 cyber@dvma:/var/log/apache2$
Log 1: ### Apr 24 20:46 error-dvwaapp.log: [Wed Apr 24 02:06:17.178243 2024] [php:error] [pid 1645] [client 192.168.0.3:60608] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/sqli/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Wed Apr 24 20:46:08.298632 2024] [php:error] [pid 1707] [client 192.168.0.3:65114] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/sqli/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ ~ ~
Log 2: Apr 16 01:34 error-dvwaapp.log.1 [Mon Apr 15 23:09:01.266581 2024] [php:error] [pid 248955] [client 192.168.0.3:50918] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php:13\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php(13): mysqli_connect()\n#1 /var/www/html/DVWA/setup.php(23): include_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php on line 13, referer: http://dvwa.cyb/setup.php [Mon Apr 15 23:09:05.926888 2024] [php:error] [pid 248955] [client 192.168.0.3:50918] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php:13\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php(13): mysqli_connect()\n#1 /var/www/html/DVWA/setup.php(23): include_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php on line 13, referer: http://dvwa.cyb/setup.php [Tue Apr 16 00:52:37.262469 2024] [php:error] [pid 16209] [client 192.168.0.3:51740] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php:13\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php(13): mysqli_connect()\n#1 /var/www/html/DVWA/setup.php(23): include_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php on line 13, referer: http://dvwa.cyb/setup.php [Tue Apr 16 00:52:39.933623 2024] [php:error] [pid 16209] [client 192.168.0.3:51740] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php:13\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php(13): mysqli_connect()\n#1 /var/www/html/DVWA/setup.php(23): include_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/DBMS/MySQL.php on line 13, referer: http://dvwa.cyb/setup.php [Tue Apr 16 00:52:54.880075 2024] [php:error] [pid 16211] [client 192.168.0.3:51744] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 00:52:56.728927 2024] [php:error] [pid 16212] [client 192.168.0.3:51745] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 00:52:56.932669 2024] [php:error] [pid 16212] [client 192.168.0.3:51745] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 00:53:11.986977 2024] [php:error] [pid 16208] [client 192.168.0.3:51751] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php [Tue Apr 16 00:53:14.467843 2024] [php:error] [pid 16208] [client 192.168.0.3:51751] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php [Tue Apr 16 00:53:14.673328 2024] [php:error] [pid 16208] [client 192.168.0.3:51751] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php [Tue Apr 16 00:53:14.875773 2024] [php:error] [pid 16208] [client 192.168.0.3:51751] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php [Tue Apr 16 00:59:19.383936 2024] [php:error] [pid 16209] [client 192.168.0.3:51842] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php "error-dvwaapp.log.1" [readonly] 30L, 14024B 1,1 Top [Tue Apr 16 00:59:19.383936 2024] [php:error] [pid 16209] [client 192.168.0.3:51842] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/about.php [Tue Apr 16 01:00:15.741119 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:19.954537 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:20.143807 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:20.337707 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:20.512216 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:20.664260 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:20.854439 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:22.948319 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:23.151539 2024] [php:error] [pid 16208] [client 192.168.0.3:51851] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535 [Tue Apr 16 01:00:56.059142 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:00:58.509106 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:00:58.509106 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:00:58.706791 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:00:58.902007 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:00:59.101052 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:01:00.367230 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:01:00.552981 2024] [php:error] [pid 16211] [client 192.168.0.3:51855] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:34:21.760845 2024] [php:error] [pid 16212] [client 192.168.0.3:51993] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Tue Apr 16 01:34:21.952464 2024] [php:error] [pid 16212] [client 192.168.0.3:51993] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ ~
• Does this “WARNING: mysql.user contains 2 root accounts without password!” warrant investigation?
Output:
cyber@dvma:/var/www/html/DVWA/config$ systemctl status mysql
● mariadb.service - MariaDB 10.6.16 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-04-24 20:21:01 UTC; 14min ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Process: 1049 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS)
Process: 1114 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 1178 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=cd /usr/bin/..; /usr/bin/galera_recovery; [ $? -eq 0 ] && s>
Process: 1696 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS)
Process: 1698 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
Main PID: 1270 (mariadbd)
Status: "Taking your SQL requests now..."
Tasks: 8 (limit: 4515)
Memory: 89.8M
CPU: 964ms
CGroup: /system.slice/mariadb.service
└─1270 /usr/sbin/mariadbd
Apr 24 20:21:02 dvma.cyb /etc/mysql/debian-start[1700]: Upgrading MySQL tables if necessary. Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1704]: Looking for 'mariadb' as: /usr/bin/mariadb Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1704]: Looking for 'mariadb-check' as: /usr/bin/mariadb-check Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1704]: This installation of MariaDB is already upgraded to 10.6.16-MariaDB. Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1704]: There is no need to run mysql_upgrade again for 10.6.16-MariaDB. Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1704]: You can use --force if you still want to run mysql_upgrade Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1841]: Checking for insecure root accounts. Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1923]: WARNING: mysql.user contains 2 root accounts without password! Apr 24 20:21:03 dvma.cyb /etc/mysql/debian-start[1924]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables Apr 24 20:33:00 dvma.cyb mariadbd[1270]: 2024-04-24 20:33:00 31 [Warning] Access denied for user 'dvwa'@'localhost' (using password: YES) cyber@dvma:/var/www/html/DVWA/config$
digininja
commented
7 months ago Point the config file at the right database server otherwise it is trying to connect to a service that doesn't exist.
This is what the error is saying:
Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.phpAlso this bit looks like you tried to connect from the command line using the wrong password at some point so once you fix the database string you also need to make sure you have the right password.
Apr 24 20:33:00 dvma.cyb mariadbd[1270]: 2024-04-24 20:33:00 31 [Warning] Access denied for user 'dvwa'@'localhost' (using password: YES)Also this bit looks like you tried to connect from the command line using the wrong password at some point so once you fix the database string you also need to make sure you have the right password.
Apr 24 20:33:00 dvma.cyb mariadbd[1270]: 2024-04-24 20:33:00 31 [Warning] Access denied for user 'dvwa'@'localhost' (using password: YES)
Hi Robin, this occurred this morning due to a password typo. I then log in again twice using the same credential and were successful on both occasions
CyberSpace7777
commented
7 months ago Hi Robin,
I forgot to mention to that connection to dvwa, via http://dvwa.cyb, does not prompt me for a Username and Password, but it takes me straight in, where "Username: Unknown". Please refer screenshots attached.
CyberSpace7777
commented
7 months ago You've put
$_DVWA[ 'db_server' ] = 'dvwa.cyb';as your database server but you showed the database server running on 127.0.0.1 earlier so that is what you need to put in there.
Thank you. I initially had 127.0.0.1, but had issues. However, will try again.
CyberSpace7777
commented
7 months ago hi
You've put
$_DVWA[ 'db_server' ] = 'dvwa.cyb';as your database server but you showed the database server running on 127.0.0.1 earlier so that is what you need to put in there.Thank you. I initially had 127.0.0.1, but had issues. However, will try again.
1: Changed IP Address to 127.0.0.1 - but can't connect at the IP level
2: Changed IP Address to 192.168.0.249 - can connect but encounters original issue
CyberSpace7777
commented
7 months ago Point the config file at the right database server otherwise it is trying to connect to a service that doesn't exist.
This is what the error is saying:
Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php
Sorry I missed this. Will try. I will ask you how to if I can't figure it out. Thanks very much Robin
CyberSpace7777
commented
7 months ago Point the config file at the right database server otherwise it is trying to connect to a service that doesn't exist.
This is what the error is saying:
Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php
Can you please advise how to point to the correct DB: ![Uploading Can you please advise how to Point to correct db.JPG…]()
CyberSpace7777
commented
7 months ago Can you please advise how to point to the correct DB:
Screenshot 2:
![Uploading DB error at Line 535.JPG…]()
digininja
commented
7 months ago Your database server is listening on 127.0.0.1 not on dvwa.cyb, just change that in the config file.
On Thu, 25 Apr 2024, 00:29 CyberSpace7777, @.***> wrote:
[image: Uploading DB error at Line 535.JPG…]
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2076028344, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWN2ZBPHTZU4ETGYVT3Y7A55ZAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZWGAZDQMZUGQ . You are receiving this because you were mentioned.Message ID: @.***>
CyberSpace7777
commented
7 months ago Your database server is listening on 127.0.0.1 not on dvwa.cyb, just change that in the config file. … On Thu, 25 Apr 2024, 00:29 CyberSpace7777, @.> wrote: [image: Uploading DB error at Line 535.JPG…] — Reply to this email directly, view it on GitHub <#623 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWN2ZBPHTZU4ETGYVT3Y7A55ZAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZWGAZDQMZUGQ . You are receiving this because you were mentioned.Message ID: @.>
Hi Robin, Will do. I will let you know tomorrow. Thank you for your assistance today.
CyberSpace7777
commented
7 months ago Your database server is listening on 127.0.0.1 not on dvwa.cyb, just change that in the config file. … On Thu, 25 Apr 2024, 00:29 CyberSpace7777, @.> wrote: [image: Uploading DB error at Line 535.JPG…] — Reply to this email directly, view it on GitHub <#623 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWN2ZBPHTZU4ETGYVT3Y7A55ZAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZWGAZDQMZUGQ . You are receiving this because you were mentioned.Message ID: @.>
Hi Robin, Changed IP Address to 127.0.0.1, however still not working. Please refer to attachment for details. ![Uploading Changed IP Address to 127-0-0-1 - Still Unsuccessful.JPG…]()
digininja
commented
7 months ago Your screenshot upload failed.
Show me connecting to the database from the command line using the credentials in the config file and then show me the database section of the config file.
And show the last couple of lines of the error file after triggering the effort.
On Sat, 27 Apr 2024, 02:19 CyberSpace7777, @.***> wrote:
Can you please advise how to set the root password for the Root Accounts below:
@.***:/etc/apache2/sites-available$ systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2024-04-27 01:14:19 UTC; 4s ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Process: 356497 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS) Process: 356498 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356500 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=cd /usr/bin/..; /usr/bin/galera_recovery; [ $? -eq 0 ] &&> Process: 356541 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356543 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS) Main PID: 356529 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 13 (limit: 4515) Memory: 60.8M CPU: 794ms CGroup: /system.slice/mariadb.service └─356529 /usr/sbin/mariadbd
Apr 27 01:14:19 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356545]: Upgrading MySQL tables if necessary. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb' as: /usr/bin/mariadb Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb-check' as: /usr/bin/mariadb-check Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: This installation of MariaDB is already upgraded to 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: There is no need to run mysql_upgrade again for 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: You can use --force if you still want to run mysql_upgrade Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356556]: Checking for insecure root accounts. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356560]: WARNING: mysql.user contains 2 root accounts without password! Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356561]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables @.***:/etc/apache2/sites-available$ systemctl status mysql
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2080298652, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWLAS3JAZ7HXVPKRNMTY7L4LTAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBQGI4TQNRVGI . You are receiving this because you were mentioned.Message ID: @.***>
CyberSpace7777
commented
7 months ago Your screenshot upload failed. Show me connecting to the database from the command line using the credentials in the config file and then show me the database section of the config file. And show the last couple of lines of the error file after triggering the effort. … On Sat, 27 Apr 2024, 02:19 CyberSpace7777, @.> wrote: Can you please advise how to set the root password for the Root Accounts below: @.:/etc/apache2/sites-available$ systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2024-04-27 01:14:19 UTC; 4s ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Process: 356497 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS) Process: 356498 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356500 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=cd /usr/bin/..; /usr/bin/galera_recovery; [ $? -eq 0 ] &&> Process: 356541 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356543 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS) Main PID: 356529 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 13 (limit: 4515) Memory: 60.8M CPU: 794ms CGroup: /system.slice/mariadb.service └─356529 /usr/sbin/mariadbd Apr 27 01:14:19 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356545]: Upgrading MySQL tables if necessary. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb' as: /usr/bin/mariadb Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb-check' as: /usr/bin/mariadb-check Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: This installation of MariaDB is already upgraded to 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: There is no need to run mysql_upgrade again for 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: You can use --force if you still want to run mysql_upgrade Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356556]: Checking for insecure root accounts. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356560]: WARNING: mysql.user contains 2 root accounts without password! Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356561]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables @.:/etc/apache2/sites-available$ systemctl status mysql — Reply to this email directly, view it on GitHub <#623 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWLAS3JAZ7HXVPKRNMTY7L4LTAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBQGI4TQNRVGI . You are receiving this because you were mentioned.Message ID: @.>
Hi Robin,
Please find the requested information below. //REQUEST INFORMATION//
DB Log in: cyber@dvma:/var/www/html/DVWA/config$ sudo mysql -u root -pp@ssword -D dvwa Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 33 Server version: 10.6.16-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]> GRANT SUPER ON . TO dvwa@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.001 sec)
MariaDB [dvwa]> GRANT SUPER ON . TO dvwa@'127.0.0.1' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.001 sec)
MariaDB [dvwa]> GRANT SUPER ON . TO dvwa@'dvwa.cyb' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.002 sec)
MariaDB [dvwa]> flush privileges; Query OK, 0 rows affected (0.001 sec)
MariaDB [dvwa]> select Host,User, plugin from mysql.user where mysql.user.User = 'dvwa'; +-------------+------+-----------------------+ | Host | User | plugin | +-------------+------+-----------------------+ | localhost | dvwa | mysql_native_password | | 192.168.0.4 | dvwa | mysql_native_password | | dvwa.cyb | dvwa | mysql_native_password | | 127.0.0.1 | dvwa | mysql_native_password | +-------------+------+-----------------------+ 4 rows in set (0.002 sec)
MariaDB [dvwa]> select Host,User, plugin from mysql.user where mysql.user.User = 'root'; +-------------+------+-----------------------+ | Host | User | plugin | +-------------+------+-----------------------+ | localhost | root | mysql_native_password | | 192.168.0.4 | root | mysql_native_password | +-------------+------+-----------------------+ 2 rows in set (0.002 sec)
MariaDB [dvwa]> quit Bye cyber@dvma:/var/www/html/DVWA/config$ sudo mysql -u dvwa -pp@ssword -D dvwa ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES) cyber@dvma:/var/www/html/DVWA/config$
DB Config:
$DBMS = 'MySQL';
#
$_DVWA = array(); $_DVWA[ 'db_server' ] = 'dvwa.cyb'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd'; $_DVWA[ 'db_port'] = '3306';
Error Log: [Sun Apr 28 06:28:05.334787 2024] [php:error] [pid 1580] [client 192.168.0.3:56276] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in /v ar/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/h tml/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Sun Apr 28 06:28:42.868101 2024] [php:error] [pid 15472] [client 192.168.0.3:56287] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in / var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/ html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb / [Sun Apr 28 06:28:45.481449 2024] [php:error] [pid 15472] [client 192.168.0.3:56287] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in / var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/ html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb / [Sun Apr 28 06:28:46.257221 2024] [php:error] [pid 15472] [client 192.168.0.3:56287] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in / var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/ html/DVWA/login.php(8): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb / [Sun Apr 28 06:28:54.461451 2024] [php:error] [pid 15473] [client 192.168.0.3:56288] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in / var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/ html/DVWA/vulnerabilities/upload/index.php(14): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, referer: http://dvwa.cyb/ [Sun Apr 28 06:29:14.304232 2024] [php:error] [pid 15474] [client 192.168.0.3:56290] PHP Fatal error: Uncaught mysqli_sql_exception: Connection refused in / var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535\nStack trace:\n#0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect()\n#1 /var/www/ html/DVWA/vulnerabilities/brute/index.php(13): dvwaDatabaseConnect()\n#2 {main}\n thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535, r eferer: http://dvwa.cyb/setup.php cyber@dvma:/var/log/apache2$
I am getting "Access denied" when credential exists and granted with "Super" User privilege for user "dvwa", which is used in the "dvwa" DB: cyber@dvma:/var/www/html/DVWA/config$ sudo mysql -u dvwa -pp@ssword -D dvwa ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES) cyber@dvma:/var/www/html/DVWA/config$
CyberSpace7777
commented
7 months ago Your screenshot upload failed. Show me connecting to the database from the command line using the credentials in the config file and then show me the database section of the config file. And show the last couple of lines of the error file after triggering the effort. … On Sat, 27 Apr 2024, 02:19 CyberSpace7777, @.> wrote: Can you please advise how to set the root password for the Root Accounts below: @.:/etc/apache2/sites-available$ systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2024-04-27 01:14:19 UTC; 4s ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Process: 356497 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=0/SUCCESS) Process: 356498 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356500 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= || VAR=cd /usr/bin/..; /usr/bin/galera_recovery; [ $? -eq 0 ] &&> Process: 356541 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, status=0/SUCCESS) Process: 356543 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS) Main PID: 356529 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 13 (limit: 4515) Memory: 60.8M CPU: 794ms CGroup: /system.slice/mariadb.service └─356529 /usr/sbin/mariadbd Apr 27 01:14:19 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356545]: Upgrading MySQL tables if necessary. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb' as: /usr/bin/mariadb Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: Looking for 'mariadb-check' as: /usr/bin/mariadb-check Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: This installation of MariaDB is already upgraded to 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: There is no need to run mysql_upgrade again for 10.6.16-MariaDB. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356548]: You can use --force if you still want to run mysql_upgrade Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356556]: Checking for insecure root accounts. Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356560]: WARNING: mysql.user contains 2 root accounts without password! Apr 27 01:14:19 dvma.cyb /etc/mysql/debian-start[356561]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables @.:/etc/apache2/sites-available$ systemctl status mysql — Reply to this email directly, view it on GitHub <#623 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWLAS3JAZ7HXVPKRNMTY7L4LTAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBQGI4TQNRVGI . You are receiving this because you were mentioned.Message ID: @.>
CyberSpace7777
commented
7 months ago Hi Robin,
I couldn't connect when IP Address is set to 127.0.0.1 as detailed below. Therefore I reverted back to DNS.
Connection via DNS works, but I don't get presented with a Log In screen. Please see attachment
Perhaps this is the issue.
Can you please advise how to fix this.
CyberSpace7777
commented
7 months ago Hi Robin,
May I please seek your confirmation if you can't use PHP v7.0 or later with DVWA, as detailed below.
![Uploading Is is true You are unable to use PHP v7.0 or later with DVWA.JPG…]()
digininja
commented
7 months ago The unknown user is because you've disabled auth in the config file.
Yes you can use PHP7.
I'm on my phone so can't read everything at the moment. Let's go back to basics. What box is your database server running in? Can you show me from your DVWA box connecting to it using the creds in the config file.
On Sun, 28 Apr 2024, 22:23 CyberSpace7777, @.***> wrote:
Hi Robin, May I please seek your confirmation if you can't use PHP v7.0 or later with DVWA, as detailed below. [image: Uploading Is is true You are unable to use PHP v7.0 or later with DVWA.JPG…]
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2081660786, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWPF6HOJYK4MVTHZDNLY7VSGNAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGY3DANZYGY . You are receiving this because you were mentioned.Message ID: @.***>
digininja
commented
7 months ago You keep showing you connecting to localhost but then say you have to leave DNS.
My guess is you've messed up creating the database user, probably the wrong password, you have the database server only listening on localhost, not on the IP, so when you try to connect by the IP it will fail. If you have got the database on a different server, did you allow the user to connect from anywhere or just localhost?
On Sun, 28 Apr 2024, 22:27 Robin Wood, @.***> wrote:
The unknown user is because you've disabled auth in the config file.
Yes you can use PHP7.
I'm on my phone so can't read everything at the moment. Let's go back to basics. What box is your database server running in? Can you show me from your DVWA box connecting to it using the creds in the config file.
On Sun, 28 Apr 2024, 22:23 CyberSpace7777, @.***> wrote:
Hi Robin, May I please seek your confirmation if you can't use PHP v7.0 or later with DVWA, as detailed below. [image: Uploading Is is true You are unable to use PHP v7.0 or later with DVWA.JPG…]
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2081660786, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWPF6HOJYK4MVTHZDNLY7VSGNAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGY3DANZYGY . You are receiving this because you were mentioned.Message ID: @.***>
digininja
commented
7 months ago I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example:
This is a log entry, nicely formatted.Something I did spot, when creating the database user, your machine name seems to be wrong cyber@dvma: dvma, not dvwa.
This error:
: Connection refused in ...Could mean any the following:
The database server is not running.
The database server is not running on the correct host or port.
There is a firewall blocking access to the database server.
The credentials (username and password) used to connect to the database are incorrect.This is what I want you to try.
Set the DVWA config file to use 127.0.0.1 as the database server.
Show me that the database and the web server are both running on the same machine.
ps aux | grep -E "mysql|apa"Show me connecting to the database using the credentials out of the config file.
mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwaShow me the database bit in the config file.
grep db_ dvwa/config/config.inc.phpShow the last two lines of the error log after you've tried to use the site.
tail -f /var/log/apache2/error.logShow the error from the browser.
Do all this with either screenshots or correctly formatted markdown.
CyberSpace7777
commented
7 months ago I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example:
This is a log entry, nicely formatted.Something I did spot, when creating the database user, your machine name seems to be wrong
cyber@dvma:dvma, notdvwa.This error:
: Connection refused in ...Could mean any the following:
The database server is not running. The database server is not running on the correct host or port. There is a firewall blocking access to the database server. The credentials (username and password) used to connect to the database are incorrect.This is what I want you to try.
Set the DVWA config file to use 127.0.0.1 as the database server.
Show me that the database and the web server are both running on the same machine.
ps aux | grep -E "mysql|apa"Show me connecting to the database using the credentials out of the config file.
mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwaShow me the database bit in the config file.
grep db_ dvwa/config/config.inc.phpShow the last two lines of the error log after you've tried to use the site.
tail -f /var/log/apache2/error.logShow the error from the browser.
Do all this with either screenshots or correctly formatted markdown.
That's great. Thanks Robin for your for the detailed instructions. Will do as per your instructions.
CyberSpace7777
commented
7 months ago You keep showing you connecting to localhost but then say you have to leave DNS. My guess is you've messed up creating the database user, probably the wrong password, you have the database server only listening on localhost, not on the IP, so when you try to connect by the IP it will fail. If you have got the database on a different server, did you allow the user to connect from anywhere or just localhost? …
1.` 'You keep showing you connecting to localhost but then say you have to leave DNS.': Apologies for my ignorant, can you please show me where do you see this if possible. When I configured the IP Address 127.0.0.1, neither connection to either http://127.0.0.1/DVWA OR http://localhost/DVWA work. However, when I used DNS as in dvwa.cyb, then I get a successful connection.`__
2. My guess is you've messed up creating the database user, probably the wrong password: Possible
3. you have the database server only listening on localhost, not on the IP: Can you please advise where to check this.
4. so when you try to connect by the IP it will fail: It only fails on 127.0.0.1, however when I used an actual IP Address 192.168.0.249, then it works fine.
5. If you have got the database on a different server: Both DB and Application Server (DVWA) are running on Ubuntu VMWare (Workstation) virtual machine server.
6. did you allow the user to connect from anywhere or just localhost? How do I check this? Do you mean through the front-end firewall?
Given both the DB and Application Server (DVWA) are running on the same Linux Ubuntu virtual machine,
I make the connection to dvwa on/from the same Host (PC) running VMWare Workstation,
to this same virtual machine running Ubuntu/MariaDB/DVWA.
Please, look at your reply, it contains two previous messages and isn't readable. Tidy it up so the only thing in there is the relevant bit and I'll have a look in the morning.
On Mon, 29 Apr 2024, 22:48 CyberSpace7777, @.***> wrote:
You keep showing you connecting to localhost but then say you have to leave DNS. My guess is you've messed up creating the database user, probably the wrong password, you have the database server only listening on localhost, not on the IP, so when you try to connect by the IP it will fail. If you have got the database on a different server, did you allow the user to connect from anywhere or just localhost? … <#m1777736441801724083> On Sun, 28 Apr 2024, 22:27 Robin Wood, @.> wrote: The unknown user is because you've disabled auth in the config file. Yes you can use PHP7. I'm on my phone so can't read everything at the moment. Let's go back to basics. What box is your database server running in? Can you show me from your DVWA box connecting to it using the creds in the config file. On Sun, 28 Apr 2024, 22:23 CyberSpace7777, @.> wrote: > Hi Robin, > May I please seek your confirmation if you can't use PHP v7.0 or later > with DVWA, as detailed below. > [image: Uploading Is is true You are unable to use PHP v7.0 or later with > DVWA.JPG…] > > — > Reply to this email directly, view it on GitHub > <#623 (comment) https://github.com/digininja/DVWA/issues/623#issuecomment-2081660786>,
or unsubscribe > https://github.com/notifications/unsubscribe-auth/AAA4SWPF6HOJYK4MVTHZDNLY7VSGNAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGY3DANZYGY . > You are receiving this because you were mentioned.Message ID: > @.***>
'You keep showing you connecting to localhost but then say you have to leave DNS.': Apologies for my ignorant, can you please show me where do you see this if possible. When I configured the IP Address 127.0.0.1, neither connection to either http://127.0.0.1/DVWA OR http://localhost/DVWA work. However, when I used DNS as in dvwa.cyb, then I get a successful connection. __
My guess is you've messed up creating the database user, probably the wrong password: Possible
you have the database server only listening on localhost, not on the IP: Can you please advise where to check this.
so when you try to connect by the IP it will fail: It only fails on 127.0.0.1, however when I used an actual IP Address 192.168.0.249, then it works fine.
If you have got the database on a different server: Both DB and Application Server (DVWA), thus everything is on one server (virtual machine)
did you allow the user to connect from anywhere or just localhost? How do I check this? Do you mean through the front-end firewall?
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2083741466, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWI3XMQOQJKR4AT5DXDY7253NAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBTG42DCNBWGY . You are receiving this because you were mentioned.Message ID: @.***>
CyberSpace7777
commented
7 months ago Please, look at your reply, it contains two previous messages and isn't readable. Tidy it up so the only thing in there is the relevant bit and I'll have a look in the morning.
Please disregard this post. But refer to the newly formatted on above
CyberSpace7777
commented
7 months ago I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example:
This is a log entry, nicely formatted.Something I did spot, when creating the database user, your machine name seems to be wrong
cyber@dvma:dvma, notdvwa.This error:
: Connection refused in ...Could mean any the following:
The database server is not running. The database server is not running on the correct host or port. There is a firewall blocking access to the database server. The credentials (username and password) used to connect to the database are incorrect.This is what I want you to try.
Set the DVWA config file to use 127.0.0.1 as the database server.
Show me that the database and the web server are both running on the same machine.
ps aux | grep -E "mysql|apa"Show me connecting to the database using the credentials out of the config file.
mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwaShow me the database bit in the config file.
grep db_ dvwa/config/config.inc.phpShow the last two lines of the error log after you've tried to use the site.
tail -f /var/log/apache2/error.logShow the error from the browser.
Do all this with either screenshots or correctly formatted markdown.
CyberSpace7777
commented
7 months ago I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example:
This is a log entry, nicely formatted.Something I did spot, when creating the database user, your machine name seems to be wrong
cyber@dvma:dvma, notdvwa.This error:
: Connection refused in ...Could mean any the following:
The database server is not running. The database server is not running on the correct host or port. There is a firewall blocking access to the database server. The credentials (username and password) used to connect to the database are incorrect.This is what I want you to try.
Set the DVWA config file to use 127.0.0.1 as the database server.
$_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd'; $_DVWA[ 'db_port'] = '3306';Show me that the database and the web server are both running on the same machine.
Edit config file to change IP Address to 127.0.0.1: cyber@dvma:/var/www/html/DVWA/config$ sudo vi config.inc.php [sudo] password for cyber: cyber@dvma:/var/www/html/DVWA/config$ sudo vi config.inc.php
Proof DB and web server are running on same machine: cyber@dvma:/var/www/html/DVWA/config$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:47:09:e3 brd ff:ff:ff:ff:ff:ff altname enp2s1 inet 192.168.0.249/24 brd 192.168.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 2001:8003:1c3b:2401:20c:29ff:fe47:9e3/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86390sec preferred_lft 86390sec inet6 fe80::20c:29ff:fe47:9e3/64 scope link valid_lft forever preferred_lft forever
cyber@dvma:/var/www/html/DVWA/config$ sudo systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:04 UTC; 1h 9min ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 1639 (apache2) Tasks: 6 (limit: 4515) Memory: 18.0M CPU: 274ms CGroup: /system.slice/apache2.service ├─1639 /usr/sbin/apache2 -k start ├─1691 /usr/sbin/apache2 -k start ├─1692 /usr/sbin/apache2 -k start ├─1693 /usr/sbin/apache2 -k start ├─1694 /usr/sbin/apache2 -k start └─1695 /usr/sbin/apache2 -k start
Apr 29 21:10:57 dvma.cyb systemd[1]: Starting The Apache HTTP Server... Apr 29 21:11:04 dvma.cyb systemd[1]: Started The Apache HTTP Server.
Check db status on MYSQL: cyber@dvma:/var/www/html/DVWA/config$ sudo systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 9min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.499s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd
Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary.
Check db status on MariaDB: cyber@dvma:/var/www/html/DVWA/config$ sudo systemctl status mariadb ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 10min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.501s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd
Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary. cyber@dvma:/var/www/html/DVWA/config$
> ```
> ps aux | grep -E "mysql|apa"
> ```cyber@dvma:/var/www/html/DVWA/config$ ps aux | grep -E "mysql|apa" mysql 1179 0.0 2.1 1338012 84680 ? Ssl 21:10 0:01 /usr/sbin/mariadbd root 1639 0.0 0.5 209636 21732 ? Ss 21:10 0:00 /usr/sbin/apache2 -k start www-data 1691 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1692 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1693 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1694 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1695 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start cyber 118822 0.0 0.0 6612 2416 pts/0 S+ 22:26 0:00 grep --color=auto -E mysql|apa cyber@dvma:/var/www/html/DVWA/config$
>
> Show me connecting to the database using the credentials out of the config file.
>
> ```
> mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwa
> ```
cyber@dvma:/var/www/html/DVWA/config$ mysql -h 127.0.0.1 -u dvwa -pp@ssw0rd -D dvwa
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
>
> Show me the database bit in the config file.
>
> ```
> grep db_ dvwa/config/config.inc.php
> ```cyber@dvma:/var/www/html$ grep db_ DVWA/config/config.inc.php
$_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = 'p@ssw0rd'; $_DVWA[ 'db_port'] = '3306'; cyber@dvma:/var/www/html$
>
> Show the last two lines of the error log after you've tried to use the site.
>
> ```
> tail -f /var/log/apache2/error.log
> ```cyber@dvma:/var/www/html$ tail -f /var/log/apache2/error.log [Mon Apr 29 21:11:08.596729 2024] [mpm_prefork:notice] [pid 1639] AH00163: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations [Mon Apr 29 21:11:08.596803 2024] [core:notice] [pid 1639] AH00094: Command line: '/usr/sbin/apache2'
>
> Show the error from the browser.
>
> Do all this with either screenshots or correctly formatted markdown.This is your problem now.
***@***.***:/var/www/html/DVWA/config$ mysql -h 127.0.0.1 -u dvwa ***@***.***
-D dvwa
ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using
password: YES)This error means the user can't connect to the database.
Probably the easiest thing to do is to go back to the database setup step and follow the instructions for adding the user and do it with a different username, maybe dvwa2.
Don't do anything other than follow the instructions. I think at one point you were trying to make the user a super user, don't just do as it says.
You then need to update the config file with the new user's details.
On Tue, 30 Apr 2024, 00:21 CyberSpace7777, @.***> wrote:
I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example:
This is a log entry, nicely formatted.
Something I did spot, when creating the database user, your machine name seems to be wrong @.***: dvma, not dvwa.
This error:
: Connection refused in ...
Could mean any the following:
The database server is not running. The database server is not running on the correct host or port. There is a firewall blocking access to the database server. The credentials (username and password) used to connect to the database are incorrect.
This is what I want you to try.
Set the DVWA config file to use 127.0.0.1 as the database server.
$_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = @.***'; $_DVWA[ 'db_port'] = '3306';
Show me that the database and the web server are both running on the same machine.
Edit config file to change IP Address to 127.0.0.1: @.:/var/www/html/DVWA/config$ sudo vi config.inc.php [sudo] password for cyber: @.:/var/www/html/DVWA/config$ sudo vi config.inc.php
Proof DB and web server are running on same machine: @.***:/var/www/html/DVWA/config$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:47:09:e3 brd ff:ff:ff:ff:ff:ff altname enp2s1 inet 192.168.0.249/24 brd 192.168.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 2001:8003:1c3b:2401:20c:29ff:fe47:9e3/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86390sec preferred_lft 86390sec inet6 fe80::20c:29ff:fe47:9e3/64 scope link valid_lft forever preferred_lft forever
@.***:/var/www/html/DVWA/config$ sudo systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:04 UTC; 1h 9min ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 1639 (apache2) Tasks: 6 (limit: 4515) Memory: 18.0M CPU: 274ms CGroup: /system.slice/apache2.service ├─1639 /usr/sbin/apache2 -k start ├─1691 /usr/sbin/apache2 -k start ├─1692 /usr/sbin/apache2 -k start ├─1693 /usr/sbin/apache2 -k start ├─1694 /usr/sbin/apache2 -k start └─1695 /usr/sbin/apache2 -k start
Apr 29 21:10:57 dvma.cyb systemd[1]: Starting The Apache HTTP Server... Apr 29 21:11:04 dvma.cyb systemd[1]: Started The Apache HTTP Server.
Check db status on MYSQL: @.***:/var/www/html/DVWA/config$ sudo systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 9min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.499s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd
Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary.
Check db status on MariaDB: @.***:/var/www/html/DVWA/config$ sudo systemctl status mariadb ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 10min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.501s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd
Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary. @.***:/var/www/html/DVWA/config$
ps aux | grep -E "mysql|apa"
@.:/var/www/html/DVWA/config$ ps aux | grep -E "mysql|apa" mysql 1179 0.0 2.1 1338012 84680 ? Ssl 21:10 0:01 /usr/sbin/mariadbd root 1639 0.0 0.5 209636 21732 ? Ss 21:10 0:00 /usr/sbin/apache2 -k start www-data 1691 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1692 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1693 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1694 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1695 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start cyber 118822 0.0 0.0 6612 2416 pts/0 S+ 22:26 0:00 grep --color=auto -E mysql|apa @.:/var/www/html/DVWA/config$
Show me connecting to the database using the credentials out of the config file.
mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwa
@.:/var/www/html/DVWA/config$ mysql -h 127.0.0.1 -u dvwa @. -D dvwa ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)
Show me the database bit in the config file.
grep db_ dvwa/config/config.inc.php
@.***:/var/www/html$ grep db_ DVWA/config/config.inc.php
try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets.
WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
$_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = @.'; $_DVWA[ 'db_port'] = '3306'; @.:/var/www/html$
Show the last two lines of the error log after you've tried to use the site.
tail -f /var/log/apache2/error.log
@.***:/var/www/html$ tail -f /var/log/apache2/error.log [Mon Apr 29 21:11:08.596729 2024] [mpm_prefork:notice] [pid 1639] AH00163: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations [Mon Apr 29 21:11:08.596803 2024] [core:notice] [pid 1639] AH00094: Command line: '/usr/sbin/apache2'
Show the error from the browser.
Changed.IP.Address.to.127-0-0-1.dated.30.April.2024-01.JPG (view on web) https://github.com/digininja/DVWA/assets/167155125/43a09240-4f80-4e9c-b9dd-b7e5b89b6e84
Do all this with either screenshots or correctly formatted markdown.
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2083847380, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWIKVAUPFL3ZNJKMPT3Y73IWTAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBTHA2DOMZYGA . You are receiving this because you were mentioned.Message ID: @.***>
CyberSpace7777
commented
7 months ago This is your problem now.
***@***.***:/var/www/html/DVWA/config$ mysql -h 127.0.0.1 -u dvwa ***@***.*** -D dvwa ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES)This error means the user can't connect to the database. Probably the easiest thing to do is to go back to the database setup step and follow the instructions for adding the user and do it with a different username, maybe dvwa2. Don't do anything other than follow the instructions. I think at one point you were trying to make the user a super user, don't just do as it says. You then need to update the config file with the new user's details. … On Tue, 30 Apr 2024, 00:21 CyberSpace7777, @.> wrote: I've tried, but I can't read your logs. When posting logs, please use formatting so they are readable, you can use backticks to do this, for example: This is a log entry, nicely formatted. Something I did spot, when creating the database user, your machine name seems to be wrong @.: dvma, not dvwa. This error: : Connection refused in ... Could mean any the following: The database server is not running. The database server is not running on the correct host or port. There is a firewall blocking access to the database server. The credentials (username and password) used to connect to the database are incorrect. This is what I want you to try. Set the DVWA config file to use 127.0.0.1 as the database server. $_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = @.'; $_DVWA[ 'db_port'] = '3306'; Show me that the database and the web server are both running on the same machine. Edit config file to change IP Address to 127.0.0.1: @.:/var/www/html/DVWA/config$ sudo vi config.inc.php [sudo] password for cyber: @.:/var/www/html/DVWA/config$ sudo vi config.inc.php Proof DB and web server are running on same machine: @.:/var/www/html/DVWA/config$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:47:09:e3 brd ff:ff:ff:ff:ff:ff altname enp2s1 inet 192.168.0.249/24 brd 192.168.0.255 scope global ens33 valid_lft forever preferred_lft forever inet6 2001:8003:1c3b:2401:20c:29ff:fe47:9e3/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 86390sec preferred_lft 86390sec inet6 fe80::20c:29ff:fe47:9e3/64 scope link valid_lft forever preferred_lft forever @.:/var/www/html/DVWA/config$ sudo systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:04 UTC; 1h 9min ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 1639 (apache2) Tasks: 6 (limit: 4515) Memory: 18.0M CPU: 274ms CGroup: /system.slice/apache2.service ├─1639 /usr/sbin/apache2 -k start ├─1691 /usr/sbin/apache2 -k start ├─1692 /usr/sbin/apache2 -k start ├─1693 /usr/sbin/apache2 -k start ├─1694 /usr/sbin/apache2 -k start └─1695 /usr/sbin/apache2 -k start Apr 29 21:10:57 dvma.cyb systemd[1]: Starting The Apache HTTP Server... Apr 29 21:11:04 dvma.cyb systemd[1]: Started The Apache HTTP Server. Check db status on MYSQL: @.:/var/www/html/DVWA/config$ sudo systemctl status mysql ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 9min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.499s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary. Check db status on MariaDB: @.:/var/www/html/DVWA/config$ sudo systemctl status mariadb ● mariadb.service - MariaDB 10.6.16 database server Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2024-04-29 21:11:13 UTC; 1h 10min ago Docs: man:mariadbd(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 1179 (mariadbd) Status: "Taking your SQL requests now..." Tasks: 7 (limit: 4515) Memory: 90.5M CPU: 1.501s CGroup: /system.slice/mariadb.service └─1179 /usr/sbin/mariadbd Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: 10.6.16 started; log sequence number 42586; transaction id 14 Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Plugin 'FEEDBACK' is disabled. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-second> Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] Server socket created on IP: '127.0.0.1'. Apr 29 21:11:06 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:06 0 [Note] InnoDB: Buffer pool(s) load completed at 240429 21:11:06 Apr 29 21:11:13 dvma.cyb mariadbd[1179]: 2024-04-29 21:11:13 0 [Note] /usr/sbin/mariadbd: ready for connections. Apr 29 21:11:13 dvma.cyb mariadbd[1179]: Version: '10.6.16-MariaDB-0ubuntu0.22.04.1' socket: '/run/mysqld/mysqld.sock' port: 3306 Ubuntu 22.04 Apr 29 21:11:13 dvma.cyb systemd[1]: Started MariaDB 10.6.16 database server. Apr 29 21:11:13 dvma.cyb /etc/mysql/debian-start[1718]: Upgrading MySQL tables if necessary. @.:/var/www/html/DVWA/config$ ps aux | grep -E "mysql|apa" @.:/var/www/html/DVWA/config$ ps aux | grep -E "mysql|apa" mysql 1179 0.0 2.1 1338012 84680 ? Ssl 21:10 0:01 /usr/sbin/mariadbd root 1639 0.0 0.5 209636 21732 ? Ss 21:10 0:00 /usr/sbin/apache2 -k start www-data 1691 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1692 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1693 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1694 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start www-data 1695 0.0 0.2 210200 10036 ? S 21:10 0:00 /usr/sbin/apache2 -k start cyber 118822 0.0 0.0 6612 2416 pts/0 S+ 22:26 0:00 grep --color=auto -E mysql|apa @.:/var/www/html/DVWA/config$ Show me connecting to the database using the credentials out of the config file. mysql -h 127.0.0.1 -u dvwa -pwhatever -D dvwa @.:/var/www/html/DVWA/config$ mysql -h 127.0.0.1 -u dvwa @. -D dvwa ERROR 1045 (28000): Access denied for user 'dvwa'@'localhost' (using password: YES) Show me the database bit in the config file. grep db dvwa/config/config.inc.php @.***:/var/www/html$ grep db DVWA/config/config.inc.php # try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets. # WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'dvwa'; $_DVWA[ 'db_password' ] = @.'; $_DVWA[ 'db_port'] = '3306'; @.:/var/www/html$ Show the last two lines of the error log after you've tried to use the site. tail -f /var/log/apache2/error.log @.:/var/www/html$ tail -f /var/log/apache2/error.log [Mon Apr 29 21:11:08.596729 2024] [mpm_prefork:notice] [pid 1639] AH00163: Apache/2.4.52 (Ubuntu) configured -- resuming normal operations [Mon Apr 29 21:11:08.596803 2024] [core:notice] [pid 1639] AH00094: Command line: '/usr/sbin/apache2' Show the error from the browser. Changed.IP.Address.to.127-0-0-1.dated.30.April.2024-01.JPG (view on web) https://github.com/digininja/DVWA/assets/167155125/43a09240-4f80-4e9c-b9dd-b7e5b89b6e84 Do all this with either screenshots or correctly formatted markdown. — Reply to this email directly, view it on GitHub <#623 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWIKVAUPFL3ZNJKMPT3Y73IWTAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBTHA2DOMZYGA . You are receiving this because you were mentioned.Message ID: @.>
That's great. Thank you Robin.
I would need to login as Root, then create a new user?Please stop re-posting the whole of the last message.
Using backticks is only needed for code style content such as output from commands, not normal text.
You need to follow these instructions - https://github.com/digininja/DVWA?tab=readme-ov-file#database-setup
CyberSpace7777
commented
6 months ago My apologies Robin. I am new to this genre. Will do
CyberSpace7777
commented
6 months ago Hi Robin,
Your configuration worked. Thanks very much for all your assistance from end-to-end. I buy you coffee at an appropriate time
cyber@dvma:/var/www/html/DVWA/config$ sudo mysql -u root -pp@ssw0rd -D dvwa
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.6.16-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]> create user dvwa2@localhost identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.033 sec)
MariaDB [dvwa]> create user dvwa2@127.0.0.1 identified by 'p@ssw0rd';
Query OK, 0 rows affected (0.001 sec)
Can now connect to DB with new user name:
cyber@dvma:/etc/apache2/sites-available$ sudo mysql -u dvwa2 -pp@ssw0rd -D dvwa
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.6.16-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dvwa]>cyber@dvma:/etc/mysql/mariadb.conf.d$ sudo mysql -host 127.0.0.1 -u dvwa2 -pp@ssw0rd -D dvwa
[sudo] password for cyber:
ERROR 2005 (HY000): Unknown server host 'ost' (-3)Successful connection
digininja
commented
6 months ago Glad it is all working. A tip for the future, if you are following instructions, follow the instructions, don't go off on your own adding extra commands unless you know exactly what they will do.
When creating the database user, it says to to create the user dvwa@localhost but when you create it here, you also created it at 127.0.0.1. In this instance, it probably doesn't matter, but in some situations it could affect things.
And you've finally sorted out the message formatting, the last message is much easier to read, any future tickets, use that style.
CyberSpace7777
commented
6 months ago Hi Robin, I appreciate and thank you for your assistance.
Yes, your absolute correct that I should have followed the 'validated design configuration' that has proven working.
Now I understand the 127.0.0.1 or localhost (Linux default loopback IP) is used by the dvwa application server to connect to the back-end db (MySql/MariabDB), thus why it is required in the DB configuration. Whereas, I thought a real IP Address is required in the db configuration.
I also made another mistake and ONLY learnt yesterday was that the reason why I couldn't make a browser connection to 127.0.0.1 (dvwa application server) was because I also had DNS running on another Linux virtual machine, that also has a default loopback 127.0.0.1 running. Thus why I couldn't connect to dvwa on 127.0.0.1, via the client browser. As soon as I shutdown the DNS VM, then it worked. Both VMs run on the same Host, therefore there was an IP Address conflict.
In future when I have dvwa "How-To-Do" queries, who do I contact or do I raise another ticket? For example, my version has a different XSS (Stored) to another version:
My Version:
Another Version:
digininja
commented
6 months ago Every box has localhost, it is how a machine talks to itself. Services can be set to listen on localhost or on the machine's IP. If they listen on localhost then they are not accessible outside the host, if they are on the IP then they are. So if I have two machines and I browse to localhost on both of them I will be accessing the machine I am on.
If you have other questions, create a new ticket for each. When you do, answer all the questions that the ticket asks for, doing that makes it a lot easier to me to work out what is going on. I will close tickets where there has not been an attempt to answer the questions.
The difference in screenshot is because the bottom one is very old, I've added a lot of new features since them.
CyberSpace7777
commented
6 months ago Hi Robing, Thank you for your explanation about the "localhost" which makes sense.
Great work on this Dam Vulnerability Web Application, to learn about Cybersecurity and Attack Vectors on the web.
digininja
commented
6 months ago This ticket system is too help fix problems and to report bugs, it is not a teaching resource.
XSS is probably the most common vulnerability out there and there are loads of tutorials on it. The idea of DVWA is for you to learn new things that means doing your research, filtering the good from the rubbish and the stuff that used to work from the stuff that works now.
On Fri, 3 May 2024, 03:33 CyberSpace7777, @.***> wrote:
Hi Robing, Thank you for your explanation about the "localhost" which makes sense.
Great work on this Dam Vulnerability Web Application, to learn about Cybersecurity Attacks on the web.
If possible, can you please explain how I can do a cross site script attack using the command below, otherwise I will raise another ticket.
— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/623#issuecomment-2092035251, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMUHBTCX4IXF5EPNATZALZPXAVCNFSM6AAAAABGMFWMY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSGAZTKMRVGE . You are receiving this because you modified the open/close state.Message ID: @.***>
CyberSpace7777
commented
6 months ago Hi Robin, I totally agree with you. Will do. Thank you
Subject: DVWA Post Installation Issue
Attention: Robin Wood
Background: After having completed DVWA installation successfully on Ubuntu Linux, via instructions at https://github.com/digininja/DVWA?tab=readme-ov-file. However, I am having issues with accessing any of Menus on the left pane, which results in errors. Please see below on a Post, posted on Robin Wood's youtube channel https://www.youtube.com/watch?v=Yzksa_WjnY0:
Me: great tutorial. thank you.
Can you please advise how to fix the error below: Fatal error: Uncaught mysqli_sql_exception: Connection refused in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php:535 Stack trace: #0 /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php(535): mysqli_connect() https://github.com/orgs/community/discussions/1 /var/www/html/DVWA/vulnerabilities/xss_r/index.php(14): dvwaDatabaseConnect() https://github.com/orgs/community/discussions/2 {main} thrown in /var/www/html/DVWA/dvwa/includes/dvwaPage.inc.php on line 535
Robin: Your database credentials are wrong. Raise a ticket in GitHub giving all the details it requests and I'll try to help.