STEP 0:建置說明
- OS:CentOS7
- httpd-2.4.6-88.el7.centos.x86_64
- php-5.4.16-46.el7.x86_64
- mariadb-5.5.60-1.el7_5.x86_64
- DVWA檔案(https://github.com/ethicalhack3r/DVWA)
STEP 1:安裝Apache HTTP伺服器
- 安裝Apache
# yum -y install httpd
- 啟用Apache服務
# systemctl start httpd
- 預設開機啟用
# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.
wants/httpd.service to /usr/lib/systemd/system/httpd.service.
- 確認網頁與服務是否正常啟用
# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2019-04-01 14:07:08 CST; 5min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 11678 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
- 確認安裝後版本
[root@localhost ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 5 2018 01:47:09
STEP 2:安裝PHP
- 安裝php與php常用套件。
# yum install -y php php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel
- 重新啟用Apache服務
# systemctl restart httpd
- 確認PHP是否成功安裝
[root@localhost ~]# php -v
PHP 5.4.16 (cli) (built: Oct 30 2018 19:30:51)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
STEP 3:安裝MariaDB資料庫
STEP 4:安裝DVWA與相關設定- 安裝MariaDB資料庫
# yum install -y mariadb-server mariadb
- 啟用MariaDB服務
# systemctl start mariadb.service
- 預設啟用MariaDB
# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.
wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
- 登入MariaDB指令如下
[root@localhost ~]# mysql -u root
- 登入後開頭變成"MariaDB [(none)]>",請使用use使用mysql資料庫,進入mysql修改密碼
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
- 修改root密碼
MariaDB [mysql]> update user set password=PASSWORD("你的密碼") where User='root';
Query OK, 4 rows affected (0.00 sec)
Rows matched: 4 Changed: 4 Warnings: 0
- 修改Mysql帳戶資訊或權限設定後,不重啟mysql服務直接生效後quit離開
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> quit
- 重新登入與確認版本
# mysql -u root -p
[root@localhost ~]# mysql -V
mysql Ver 15.1 Distrib 5.5.60-MariaDB, for Linux (x86_64) using readline 5.1
- 利用wget下載DVWA之zip檔並且解壓縮,並移動至網頁目錄
# wget https://github.com/ethicalhack3r/DVWA/archive/master.zip
# mv master.zip /var/www/html/
- 移動至該目錄並解壓縮(參數-q:不顯示任何解壓訊息)
# cd /var/www/html/
# unzip -q master.zip
- 由於是MariaDB是所以要建立資料庫
# mysql -u root -p
MariaDB [(none)]> create database dvwa;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on dvwa.* to dvwa@localhost identified by 'dvwa';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
- 請編輯config.inc.php.dist後,設定資料庫之帳號密碼與Database,並重新命名為config.inc.php
# vim config.inc.php.dist
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'dvwa';
# mv config.inc.php.dist config.inc.php
- 請設定selinux預設開啟遠端資料庫連線
# setsebool -P httpd_can_network_connect_db 1
- 瀏覽網頁http://127.0.0.1/DVWA-master/setup.php點下Create / Reset Database即可完成
- 預設登入頁面,帳號admin / 密碼password,完成安裝~
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = On
; Define the anonymous ftp password (your email address). PHP's default setting
重啟web服務後即可。
# systemctl restart httpd
- reCAPTCHA key: Missing
至https://www.google.com/recaptcha以Gmail進去Admin console申請key。
申請完成後,將申請完成的key貼入config.inc.php以下這兩個欄位。
# vim /var/www/html/DVWA-master/config/config.inc.php
重啟web服務後即可。
# systemctl restart httpd
完成後如上圖所示~Question- [User: apache] Writable folder /var/www/html/DVWA-master/hackable/uploads/: No
# chmod 777 /var/www/html/DVWA-master/hackable/uploads/
- [User: apache] Writable file /var/www/html/DVWA-master/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No
# chcon -t httpd_sys_rw_content_t /var/www/html/DVWA-master/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt -R
- [User: apache] Writable folder /var/www/html/DVWA-master/config: No
# chcon -t httpd_sys_rw_content_t /var/www/html/DVWA-master/config -R
1. DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment.
A:
如上述字面上的意思,找不到該檔案,請重新命名成config.inc.php檔即可
# cd /var/www/html/DVWA-master/config/
# mv config.inc.php.dist config.inc.php
2.Could not connect to the MySQL service.Please check the config file.
2.Could not connect to the MySQL service.Please check the config file.
A:
默認的情況下httpd_can_network_connect_db遠端連線資料庫為關閉的(off)
請設定Selinux將httpd_can_network_connect_db開啟即可解決這問題
# setsebool -P httpd_can_network_connect_db 1
(參數-P為永久有效,後面1為啟用,0則反之)