Lamp架构搭建DVWA
搭建Lamp请看:https://blog.csdn.net/qq_41709494/article/details/89430834
1.下载DVWA地址:http://www.dvwa.co.uk/
2. 安装Lamp的所有包
[root@localhost ~]# yum install php php-mysql php-gd httpd mariadb mariadb-server -y
3.解压DVWA压缩包
[root@localhost ~]#yum install unzip -y #安装unzip解压软件
[root@localhost ~]#unzip DVWA-master_(1).zip #解压压缩包
[root@localhost ~]# ls DVWA-master
about.php COPYING.txt external ids_log.php login.php php.ini security.php
CHANGELOG.md docs favicon.ico index.php logout.php README.md setup.php
config dvwa hackable instructions.php phpinfo.php robots.txt vulnerabilities
4.启动和设置自动开机服务
[root@localhost ~]# systemctl start mariadb #开启mariadb
[root@localhost ~]# systemctl start httpd #开启httpd
[root@localhost ~]# systemctl enable mariadb #设置开机自动开启mariadb
[root@localhost ~]# systemctl enable httpd #设置开机自动开启httpd
5.设置数据库密码和查看数据库
[root@localhost ~]# mysqladmin -u root password '123456' #设置Mariadb密码为123456
[root@localhost ~]# mysql -u root -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 3
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@localhost ~]#
6. 移动到apache根目录下和改所有权
[root@localhost ~]# mv DVWA-master /var/www/html #把解压好的文件移动到apache根目录下
[root@localhost ~]# chown -R apache:apache /var/www/html/* #更改所属用户和所属用户组
[root@localhost ~]# cd /var/www/html/ #切换到apache根目录
[root@localhost html]# ll
总用量 4
drwxr-xr-x. 8 apache apache 4096 2月 6 16:11 DVWA-master
7.查看DVWA的配置文档,配置DVWA
[root@localhost ~]# cd /var/www/html/DVWA-master/config #切换到配置文档
[root@localhost config]# ls
config.inc.php.dist
[root@localhost config]# cat config.inc.php.dist
<?php
# If you are having problems connecting to the MySQL database and all of the variables below are correct
# try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets.
# Thanks to @digininja for the fix.
# Database management system to use
$DBMS = 'MySQL';
#$DBMS = 'PGSQL'; // Currently disabled
# Database variables
# WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
# Please use a database dedicated to DVWA.
#
# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
# See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
# Only used with PostgreSQL/PGSQL database selection.
$_DVWA[ 'db_port '] = '5432';
# ReCAPTCHA settings
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
$_DVWA[ 'recaptcha_public_key' ] = '';
$_DVWA[ 'recaptcha_private_key' ] = '';
# Default security level
# Default value for the secuirty level with each session.
# The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
$_DVWA[ 'default_security_level' ] = 'impossible';
# Default PHPIDS status
# PHPIDS status with each session.
# The default is 'disabled'. You can set this to be either 'enabled' or 'disabled'.
$_DVWA[ 'default_phpids_level' ] = 'disabled';
# Verbose PHPIDS messages
# Enabling this will show why the WAF blocked the request on the blocked request.
# The default is 'disabled'. You can set this to be either 'true' or 'false'.
$_DVWA[ 'default_phpids_verbose' ] = 'false';
?>
[root@localhost config]# vi config.inc.php.dist
...
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '123456'; #修改正确数据库的密码
...
7.浏览网页,但是出现错误
[root@localhost config]# cp config.inc.php.dist config.inc.php
[root@localhost config]# ll
总用量 8
-rw-r--r--. 1 root root 1855 6月 5 22:35 config.inc.php
-rw-r--r--. 1 apache apache 1855 6月 5 22:30 config.inc.php.dist
[root@localhost ~]# chown -R apache:apache /var/www/html/* #更改所属用户和所属用户组
总用量 8
-rw-r--r--. 1 root root 1855 6月 5 22:35 config.inc.php
-rw-r--r--. 1 apache apache 1855 6月 5 22:30 config.inc.php.dist
[root@localhost ~]# chown -R apache:apache /var/www/html/* #更改所属用户和所属用户组
7-1.解决方法
[root@localhost DVWA-master]# more php.ini #查看DVWA的php怎么配置
; This file attempts to overwrite the original php.ini file. Doesnt always work.
magic_quotes_gpc = Off
allow_url_fopen on
allow_url_include on
[root@localhost DVWA-master]# cd #切换到/root
[root@localhost ~]# vi /etc/php.ini #编辑php配置
...
allow_url_include = Off 改为 On
...
[root@localhost ~]# systemctl restart httpd
#还有错误,验证码的问题
7-2.解决方法
[root@localhost DVWA-master]# cd config/
[root@localhost config]# vi config.inc.php #编辑验证码
...
# ReCAPTCHA settings
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
$_DVWA[ 'recaptcha_public_key' ] = '';
$_DVWA[ 'recaptcha_private_key' ] = '';
...
申请公钥和私钥recaptcha验证码,需要FQ才能浏览:https://www.google.com/recaptcha/admin
recaptcha验证码的生成,此处就省略
这个两个key是需要到谷歌这种不存在的网站去免费生成的,但是碍于我们伟大的长城防火墙,我们只能在百度上借用一下别人的key了。
$_DVWA[ 'recaptcha_public_key' ] ='6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] ='6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
:wq 保存并退出
8.自动创建DVWA的数据库
[root@localhost config]# mysql -u root -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 34
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| dvwa |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
9.登录DVWA,默认用户是admin,密码是password
10.进入后台,就搭建成功了