4
web安全入门-部署DVWA环境
source link: https://blog.51cto.com/apple0/5452853
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
web安全入门-部署DVWA环境
原创由于web安全常需要使用到一些模拟环境进行练习,来提高自己安全防御技术。
1、登陆服务器
这里使用tabby登陆
2、下载DVWA压缩包
确保服务器联网
输入如下信息,有时候需要更换源
wget https://github.com/ethicalhack3r/DVWA/archive/master.zip
3、进行解压
unzip master.zip
mv DVWA-master DVWA
4、运行环境下载
wget -c http://soft.vpser.net/lnmp/lnmp1.4.tar.gz && tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && ./install.sh lamp
选择数据库,可以回车默认
选择邮箱地址,也可以默认邮箱
选择apache版本,也可以默认
5、等待安装
安装完成界面
6、解压文件放入网站首页中
mv DVWA /home/wwwroot/default/
7、修改config.inc.php配置
我们现将config.inc.php.dist进行备份(后续可以恢复)
进入目录,备份配置文件,然后编辑 config.inc.php。
服务器首页
cd /home/wwwroot/default/DVWA/config
cp config.inc.php.dist config.inc.php
编辑配置文件
vim config.inc.php
# If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user.
# See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
# Only used with PostgreSQL/PGSQL database selection.
$_DVWA[ 'db_port '] = '5432';
# ReCAPTCHA settings
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create
$_DVWA[ 'recaptcha_public_key' ] = '';
$_DVWA[ 'recaptcha_private_key' ] = '';
# Default security level
# Default value for the secuirty level with each session.
# The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
$_DVWA[ 'default_security_level' ] = 'impossible';
# See README.md for more information on this.
$_DVWA = array();
$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = 'p@ssw0rd';
# Only used with PostgreSQL/PGSQL database selection.
$_DVWA[ 'db_port '] = '5432';
# ReCAPTCHA settings
# Used for the 'Insecure CAPTCHA' module
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create
$_DVWA[ 'recaptcha_public_key' ] = '';
$_DVWA[ 'recaptcha_private_key' ] = '';
# Default security level
# Default value for the secuirty level with each session.
# The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
$_DVWA[ 'default_security_level' ] = 'impossible';
$_DVWA[ 'db_user' ] = 'root'; 数据库用户名
$_DVWA[ 'db_password' ] = 'p@ssw0rd'; 数据库的信息
$_DVWA[ 'recaptcha_public_key' ] = ''; key
$_DVWA[ 'recaptcha_private_key' ] = ''; key
$_DVWA[ 'default_security_level' ] = 'impossible'; 网站的安全性
8、重点修改位置
首页红色部分需要解决
编辑php.ini配置文件
vim /usr/local/php/etc/php.ini
allow_url_include = Off
allow_url_include = On
重新启动apache服务
service httpd restart
安装完成之后,可以进行登陆
9、成功登陆
至此,web的安全测试环境已经建立成功。
- 赞
- 收藏
- 评论
- 分享
- 举报
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK