1、我这里使用的是kali 2020.03 版的系统,默认安装了mysql 的分支版本(MariaDB),apache2, php 。
注:MariaDB是mysql的一个分支,实接操作与mysql没有区别。
kali@kali:~$ whereis mysql
mysql: /usr/bin/mysql /etc/mysql /usr/share/mysql /usr/share/man/man1/mysql.1.gz
kali@kali:~$ whereis apache2
apache2: /usr/sbin/apache2 /usr/lib/apache2 /etc/apache2 /usr/share/apache2 /usr/share/man/man8/apache2.8.gz
kali@kali:~$ whereis php
php: /usr/bin/php7.4 /usr/bin/php /usr/lib/php /etc/php /usr/share/php7.4-opcache /usr/share/php7.4-json /usr/sare/man/man1/php.1.gz
2、如果不是用的kali,且系统默认没有安装,但用的是debian发行版的linux则可以通过执行以下命令安装环境。
sudo apt-get -y install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php
3、修改MariaDB密码,因为默认密码为空。
注:启动MariaDB与启动mysql命令方式一样,但启动操作必须加上sudo 输入系统密码。
kali@kali:~$ sudo service mysql start #启动MariaDB
[sudo] kali 的密码:
kali@kali:~$
kali@kali:~$ sudo mysql -u root #kali下的MariaDB默认是无密码,所以可以直接登录
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.3.23-MariaDB-1 Debian buildd-unstable
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases; #显示当前库名
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.045 sec)
MariaDB [(none)]> use mysql; #连接(切换到)mysql库
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> update user set authentication_string=PASSWORD("root") where User='root';#修改密码
Query OK, 1 row affected (0.056 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> update user set plugin="mysql_native_password" where User='root'; #更改数据库密码认证方式,将unix_socket更改为mysql_native_password
Query OK, 1 row affected (0.000 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges; #刷新权限
Query OK, 0 rows affected (0.000 sec)
3、下载DVWA,地址:https://github.com/digininja/DVWA
kali@kali:~/software$ git clone https://github.com/digininja/DVWA.git
正克隆到 'DVWA'...
remote: Enumerating objects: 3310, done.
remote: Total 3310 (delta 0), reused 0 (delta 0), pack-reused 3310
接收对象中: 100% (3310/3310), 1.60 MiB | 56.00 KiB/s, 完成.
处理 delta 中: 100% (1473/1473), 完成.
4、将DVWA移到 /var/www/html目录下
kali@kali:~/software$ sudo mv DVWA /var/www/html/
5、修改config配置文件名,将.dist去掉
kali@kali:/var/www/html/DVWA/config$ mv config.inc.php.dist config.inc.php
6、修改config.inc.php默认配置,并创建dvwa数据库及用户
注:默认密码是p @ ssw0rd,因为是靶机,本人喜欢帐户密码统一,个人习惯。
默认:
$ _DVWA [ 'db_user' ] = 'dvwa' ;
$ _DVWA [ ' db_password ' ] = 'p @ ssw0rd' ;
$ _DVWA [ 'db_database' ] = 'dvwa' ;
修改为:
$ _DVWA [ 'db_user' ] = 'dvwa' ;
$ _DVWA [ ' db_password ' ] = 'dvwa' ;
$ _DVWA [ 'db_database' ] = 'dvwa' ;
注意,使用的是MariaDB而不是MySQL(Kali中默认为MariaDB),则不能使用数据库根用户,必须创建一个新的数据库用户。为此,请以root用户身份连接到数据库,然后使用以下命令:
mysql> create database dvwa;
Query OK, 1 row affected (0.00 sec)
mysql> create user dvwa@localhost identified by 'dvwa';
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on dvwa.* to dvwa@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
7、启动apache2
kali@kali:/var/www/html$ sudo service apache2 start #启动apache2
[sudo] kali 的密码:
kali@kali:/var/www/html$ ps aux|grep apache #确定启动成功
root 13962 0.8 1.0 210312 21848 ? Ss 02:11 0:00 /usr/sbin/apache2 -k start
www-data 13963 0.0 0.5 210748 11112 ? S 02:11 0:00 /usr/sbin/apache2 -k start
www-data 13964 0.0 0.5 210748 11112 ? S 02:11 0:00 /usr/sbin/apache2 -k start
www-data 13965 0.0 0.5 210748 11112 ? S 02:11 0:00 /usr/sbin/apache2 -k start
www-data 13966 0.0 0.5 210748 11112 ? S 02:11 0:00 /usr/sbin/apache2 -k start
www-data 13967 0.0 0.5 210748 11112 ? S 02:11 0:00 /usr/sbin/apache2 -k start
kali 13969 5.0 0.0 9308 836 pts/0 S+ 02:12 0:00 grep --color=auto apache
启动成功后访问 http://127.0.0.1/DVWA 注:我这边目录是大写,因为Linux是区分大小写的。
默认帐号:admin
默认密码:password
8、DVWA优化,参考https://github.com/digininja/DVWA说明
问题2:PHP function allow_url_include: Disabled 解决:找到php.ini文件,将allow_url_include=off 改成 allow_url_include=On 命令:sudo vi /etc/php/7.4/apache2/php.ini 重启:sudo service apache2 restart |
问题1:[User: kali] Writable folder /var/www/html/DVWA/hackable/uploads/: No 解决:进入“/var/www/html/DVWA/hackable/”目录下,执行 chmod 777 uploads/ 修改目录权限,该目录用于web服务文件上传 |
问题2:[User: kali] Writable file /var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No 解决:进入“/var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/”目录下,执行chmod 777 phpids_log.txt |
问题3:[User: kali] Writable folder /var/www/html/DVWA/config: No 解决:进入“/var/www/html/DVWA/”目录下,执行chmod 777 config |
问题4:reCAPTCHA key: Missing 解决:修改配置文件config/config.inc.php 中 $_DVWA[ 'recaptcha_public_key' ]&$_DVWA[ 'recaptcha_private_key' ] 这些值需要从以下网址生成:https://www.google.com/recaptcha/admin/create |
9、创建或初始化数据库
10、初始化后会重新跳到登录页
默认帐号:admin
默认密码:password