DVWA 靶场安装
1.环境准备
[jk@dvwa ~]$ sudo rpm -q centos-release
centos-release-7-9.2009.0.el7.centos.x86_64
# 关掉防火墙
[jk@dvwa ~]$ sudo systemctl stop firewalld.service
[jk@dvwa ~]$ sudo systemctl disable firewalld.service
[jk@dvwa ~]$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[jk@dvwa ~]$ sudo setenforce 0
[jk@dvwa ~]$ sudo vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 安装 mysql依赖、httpd、php
[jk@dvwa ~]$ sudo yum install -y perl libaio net-tools zip unzip httpd
[jk@dvwa ~]$ sudo yum install -y php php-pdo php-mysqlnd php-cli php-gd
[jk@dvwa ~]$ sudo systemctl start httpd
[jk@dvwa ~]$ sudo systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[jk@dvwa ~]$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-01-01 10:32:15 CST; 14min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1405 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─1405 /usr/sbin/httpd -DFOREGROUND
├─1406 /usr/sbin/httpd -DFOREGROUND
├─1407 /usr/sbin/httpd -DFOREGROUND
├─1408 /usr/sbin/httpd -DFOREGROUND
├─1409 /usr/sbin/httpd -DFOREGROUND
└─1410 /usr/sbin/httpd -DFOREGROUND
[jk@dvwa ~]$ sudo yum -y remove maria*
[jk@dvwa ~]$ cd /opt/software
2. 安装 MySQL 5.7
打开 MySQL网址,选择 5.7.23 版本、Red Hat Enterprise Linux / Oracle Linux、Red Hat Enterprise Linux 7 / Oracle Linux 7 (x86, 64-bit)。
下载 mysql-community-common-5.7.23-1.el7.x86_64.rpm、mysql-community-libs-5.7.23-1.el7.x86_64.rpm、mysql-community-client-5.7.23-1.el7.x86_64.rpm、mysql-community-server-5.7.23-1.el7.x86_64.rpm。注意安装顺序有要求。
[jk@dvwa software]$ ll
total 196104
-rw-rw-r--. 1 jk jk 25253600 Jan 1 10:54 mysql-community-client-5.7.23-1.el7.x86_64.rpm
-rw-rw-r--. 1 jk jk 280860 Jan 1 10:54 mysql-community-common-5.7.23-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 2256452 Jan 1 10:55 mysql-community-libs-5.7.23-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 173011196 Jan 1 10:50 mysql-community-server-5.7.23-1.el7.x86_64.rpm
[jk@dvwa software]$ sudo rpm -ivh mysql-community-common-5.7.23-1.el7.x86_64.rpm
warning: mysql-community-common-5.7.23-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:mysql-community-common-5.7.23-1.e################################# [100%]
[jk@dvwa software]$ sudo rpm -ivh mysql-community-libs-5.7.23-1.el7.x86_64.rpm
warning: mysql-community-libs-5.7.23-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:mysql-community-libs-5.7.23-1.el7################################# [100%]
[jk@dvwa software]$ sudo rpm -ivh mysql-community-client-5.7.23-1.el7.x86_64.rpm
warning: mysql-community-client-5.7.23-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:mysql-community-client-5.7.23-1.e################################# [100%]
[jk@dvwa software]$ sudo rpm -ivh mysql-community-server-5.7.23-1.el7.x86_64.rpm
warning: mysql-community-server-5.7.23-1.el7.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:mysql-community-server-5.7.23-1.e################################# [100%]
[jk@dvwa software]$ sudo rpm -qa | grep mysql
mysql-community-common-5.7.23-1.el7.x86_64
mysql-community-server-5.7.23-1.el7.x86_64
mysql-community-libs-5.7.23-1.el7.x86_64
mysql-community-client-5.7.23-1.el7.x86_64
[jk@dvwa software]$ mysql --version
mysql Ver 14.14 Distrib 5.7.23, for Linux (x86_64) using EditLine wrapper
[jk@dvwa software]$ systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
[jk@dvwa software]$ sudo mysqld --initialize --user=mysql
[jk@dvwa software]$ cat /var/log/mysqld.log
2024-01-01T03:11:45.319384Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2024-01-01T03:11:46.507318Z 0 [Warning] InnoDB: New log files created, LSN=45790
2024-01-01T03:11:46.704068Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2024-01-01T03:11:46.803727Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 7f6367b3-a853-11ee-b6f8-00505629c118.
2024-01-01T03:11:46.805496Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2024-01-01T03:11:46.807357Z 1 [Note] A temporary password is generated for root@localhost: oU-+wmRdf3Gf
[jk@dvwa software]$ sudo systemctl start mysqld
[jk@dvwa software]$ sudo systemctl enable mysqld
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ===
Authentication is required to manage system service or unit files.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
[jk@dvwa software]$ systemctl status mysqld
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-01-01 11:13:22 CST; 47s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Main PID: 1723 (mysqld)
CGroup: /system.slice/mysqld.service
└─1723 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
[jk@dvwa software]$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.23
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> alter user 'root'@'localhost' identified by '111111';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
mysql> quit;
Bye
3.安装 DVWA
[jk@dvwa ~]$ cd /opt/software
[jk@dvwa software]$ sudo curl -OL https://github.com/digininja/DVWA/archive/refs/tags/2.3.zip
[jk@dvwa software]$ sudo unzip 2.3.zip -d /var/www/html/
[jk@dvwa software]$ cd /var/www/html
[jk@dvwa html]$ sudo chown apache:apache -R DVWA-2.3/
[jk@dvwa html]$ cd DVWA-2.3
[jk@dvwa DVWA-2.3]$ sudo mv config/config.inc.php.dist config/config.inc.php
[jk@dvwa DVWA-2.3]$ sudo vi /etc/httpd/conf/httpd.conf
<IfModule mime_module>
AddType text/html .php
</IfModule>
<IfModule dir_module>
DirectoryIndex index.html index.htm index.php
</IfModule>
[jk@dvwa DVWA-2.3]$ sudo vi config/config.inc.php
# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
# See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ] = getenv('DB_SERVER') ?: '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '111111';
$_DVWA[ 'db_port'] = '3306';
# ReCAPTCHA settings
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
[jk@dvwa DVWA-2.3]$ sudo vi /etc/php.ini
display_errors = On
display_startup_errors = On
allow_url_fopen = On
allow_url_include = On
[jk@dvwa DVWA-2.3]$ sudo systemctl restart httpd
访问 http://192.168.108.140/DVWA-2.3/setup.php
点击 Create / Reset Database,创建数据库。
创建成功后,会自动跳转到登录界面,账户是admin,密码是password。
默认中等难度(medium),需要修改成最低难度(Low)。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 百万级群聊的设计实践
· 永远不要相信用户的输入:从 SQL 注入攻防看输入验证的重要性
· 全网最简单!3分钟用满血DeepSeek R1开发一款AI智能客服,零代码轻松接入微信、公众号、小程
· .NET 10 首个预览版发布,跨平台开发与性能全面提升
· 《HelloGitHub》第 107 期