dvwa安装教程

概述

DVWA (Damn Vulnerable Web Application) 是用 PHP+MySQL 编写的一套用于漏洞检测和教学的程序,支持多种数据库,包括了 SQL 注入、XSS 等一些常见的安全漏洞。 总之dvwa就是一个我们练习xss和sql注入的一个环境 因为我不喜欢把这个东西安装在虚拟机和自己的笔记本上,如果安装在虚拟机上,那么每次都要打开这个虚拟机,还有我的笔记本是安装这个东西的地方吗?所以我就把它安装在树莓派上,安装方式有三种,第一种是docker,第二种就是传统的安装方式,第三种是使用iso镜像安装。先说传统的安装方式

下载dvwa

你可以在github和它的官方网站http://www.dvwa.co.uk/来下载,但是有趣的是这么一个著名的靶子,竟然在github上只有两次release,下载这种简单的事情就自己琢磨吧

设置环境

首先你要知道的是dvwa其实就是一个充满漏洞的网站,所以只要设置lnmp或者lamp环境就好了,具体怎么安装lnmp和lamp这个可以用一键安装脚本来解决,而我的树莓派一直有这个lnmp环境,所以我就不再详细描述怎么安装lnmp了 首先看一下我的lnmp版本

1
2
3
4
5
6
7
8
9
➜  ~ mysql --version
mysql  Ver 14.14 Distrib 5.5.56, for Linux (armv7l) using readline 5.1
➜  ~ php --version  
Failed loading /usr/local/zend/ZendGuardLoader.so:  /usr/local/zend/ZendGuardLoader.so: cannot open shared object file: No such file or directory
PHP 5.6.31 (cli) (built: Oct  1 2017 18:33:23) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
➜  ~ nginx -v       
nginx version: nginx/1.12.1

nginx是1.12.1,mysql是5.5.56,php是5.6.31

设置nginx

首先解压dvwa unzip DVWA-master.zip 然后把它放入站点文件夹下面 mv DVWA-master /www/dvwa 之后配置nginx 下面是nginx的配置文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
 server {
    server_name 192.168.1.100;
    listen      8888;
    
    location / { 
        root /www/dvwa;
        index index.html index.php;
    }

    location ~ \.php$ {
        fastcgi_pass   unix:/tmp/php-cgi.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME /www/dvwa/$fastcgi_script_name;
        include        fastcgi_params;
    }
 }

接着重启nginx sudo service nginx restart 重启之后访问报错 DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment. 那就按照上面说的做 cd /www/dvwa cp config/config.inc.php.dist config/config.inc.php 接着编辑这个配置文件 vim config.inc.php

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php

# If you are having problems connecting to the MySQL database and all of the variables below are correct
# try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets.
#   Thanks to @digininja for the fix.

# Database management system to use
$DBMS = 'MySQL';
#$DBMS = 'PGSQL'; // Currently disabled

# Database variables
#   WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup.
#   Please use a database dedicated to DVWA.
#
# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
#   See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'root';
$_DVWA[ 'db_password' ] = '[email protected]';

# Only used with PostgreSQL/PGSQL database selection.
$_DVWA[ 'db_port '] = '5432';

# ReCAPTCHA settings
#   Used for the 'Insecure CAPTCHA' module
#   You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create
$_DVWA[ 'recaptcha_public_key' ]  = '';
$_DVWA[ 'recaptcha_private_key' ] = '';

# Default security level
#   Default value for the secuirty level with each session.
#   The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
$_DVWA[ 'default_security_level' ] = 'impossible';

# Default PHPIDS status
#   PHPIDS status with each session.
#   The default is 'disabled'. You can set this to be either 'enabled' or 'disabled'.
$_DVWA[ 'default_phpids_level' ] = 'disabled';

# Verbose PHPIDS messages
#   Enabling this will show why the WAF blocked the request on the blocked request.
#   The default is 'disabled'. You can set this to be either 'true' or 'false'.
$_DVWA[ 'default_phpids_verbose' ] = 'false';

?>

为了清楚我还是解释一下这个配置文件吧 首先 $DBMS = 'MySQL'; 上面这一行是说你是用什么数据库的dvwa不仅支持mysql而且还支持PGSQL也就是PostgreSQL

1
2
3
4
5
$_DVWA = array();
$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'root';
$_DVWA[ 'db_password' ] = '[email protected]';

上面是对数据库的配置,比如数据库的地址名字密码用户 $_DVWA[ 'db_port '] = '5432'; 配置数据库端口,如果你不知道你的数据库是什么端口的,首先登录你的数据库 输入 show global variables like 'port'; 就好了 按照你的配置完成之后,下面我们来设置数据库

配置数据库

首先创建dvwa的数据库,我就使用dvwa默认的名字dvwa来创建数据库

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
➜  config mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 213
Server version: 5.5.56-log Source distribution

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database dvwa;
Query OK, 1 row affected (0.04 sec)

mysql>

接着数据库一般没什么可以配置了,使用浏览器访问dvwa试试

配置php和一些目录权限

很明显dvwa提示我们上面还有几个地方需要配置,首先是php要PHP function allow_url_include 打开php.ini 用vim搜索allow_url_include

1
2
3
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = Off

重启php-fpm sudo service php-fpm restart 设置为On就好了,然后刷新页面就好了

之后我们设置 reCAPTCHA key:,有人会问这个是什么,其实就是谷歌的验证码服务 我们要去申请一个key然后填在刚才的dvwa的配置文件config.inc.php里就好了 打开 https://www.google.com/recaptcha/admin#list 之后一步一步申请把,如果不能访问,那么你可以联系我,或者只能mmp了,其实不设置也可以,就是dvwa少一个验证码的功能

接着解决下面两个权限问题

1
2
[User: root] Writable folder /www/dvwa/hackable/uploads/: No
[User: root] Writable file /www/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No

设置可写权限 chmod 763 hackable/uploads chmod 666 external/phpids/0.6/lib/IDS/tmp/phpids_log.txt

如果确定上面全是一片绿了之后,点击下面的create/reset database

默认的账号和密码

账号:admin 密码:password

使用docker安装

上面是使用传统的方式安装,下面就使用docker来安装这个东西, 首先执行 docker pull vulnerables/web-dvwa 接着运行 docker run --rm -it -p 8889:80 vulnerables/web-dvwa 8889是主机的端口,80是容器的端口 但是要注意的是这个docker镜像只能在x86架构下运行,arm是不可以的,之后访问ip+端口就好了,所以用docker还是超级方便的

使用iso镜像安装

这个没什么好说的就是用虚拟机安装一个操作系统

欢迎关注我的博客 www.bboy.app Have Fun