0%

Ubuntu 20.4.1配置DVWA

最近想重新看一波DVWA,遂重新搭环境

安装Linux环境

选用Ubuntu 20.4.1

默认自带php7.4

修改为阿里更新源

1
2
3
4
5
6
7
8
9
10
11
# 阿里源
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

更新

sudo apt update --fix-missing && sudo apt full-upgrade -y

安装 mysql,apache2,php

安装MySQL

sudo apt install mysql-server mysql-client libmysqlclient-dev -y

安装netstat

sudo apt install net-tools -y

查看MySQL状态

netstat -alt | grep mysql

安装Apache2

sudo apt install apache2 -y

开启Apache2服务,查看状态

1
2
sudo /etc/init.d/apache2 start
sudo systemctl status apache2

安装php的apache2的依赖

sudo apt install libapache2-mod-php -y

安装php-fpm,php-gd,php7.4-mysql

sudo apt install php7.4-fpm php-gd php7.4-mysql -y

mysql创建dvwa库,以及创建dvwa用户

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo mysql -uroot -proot

create database dvwa;

use mysql;

create user 'dvwa'@'localhost' identified by 'dvwa';
// mysql8 语法
// 'dvwa'@'localhost',用户 @ 可访问地址
// identified by 'dvwa',密码为dvwa

grant all privileges on dvwa.* to 'dvwa'@'localhost';
// privileges on dvwa.*,赋予用户 dvwa库的所有权限

FLUSH PRIVILEGES;

安装dvwa

DVWA 下载2.1 zip包

解压后将2.1文件夹中的所有移动到/var/www/html

/var/www/html/config/config.inc.php.dist 移动为 config.inc.php

修改 config.inc.php 里面的 $_DVWA[ 'db_password' ] 为之前sql设置的

修复错误

解决PHP function display_errors: Display

sudo vi /etc/php/7.4/apache2/php.ini

display_errors = Off 改为 display_errors = On

修改php中的php.ini文件,解决allow_url_include:disable

sudo vi /etc/php/7.4/apache2/php.ini

allow_url_include = Off 改为 allow_url_include = On

添加reCAPTCHA key

可以自己生成 reCAPTCHA key

直接白嫖

修改 config.inc.php 里面的

1
2
$_DVWA[ 'recaptcha_public_key' ] = '6LdJJlUUAAAAAH1Q6cTpZRQ2Ah8VpyzhnffD0mBb';
$_DVWA[ 'recaptcha_private_key' ] = '6LdJJlUUAAAAAM2a3HrgzLczqdYp4g05EqDs-W4K';

设置文件可读写

1
2
3
chmod 777 -R /var/www/html/hackable/uploads/
chmod 777 -R /var/www/html/external/phpids/0.6/lib/IDS/tmp/
chmod 777 -R /var/www/html/config/

重启php和apache2服务

sudo service php7.4-fpm restart

sudo service apache2 restart

浏览器打开 http://locahost/setup.php

创建DVWA

点击Create / Reset Database

访问地址

用户名: admin
密码: password

欢迎关注我的其它发布渠道