[PHP知识库]在云上搭建靶场

在云上搭建DVWA

记录如何在腾讯云上搭建DVWA靶场.

1.首先连接云服务器

Connecting to xxx.xxx.xxx.xxx:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.15.0-142-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
New release '18.04.6 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


*** System restart required ***
Last login: Sun Oct  3 21:12:02 2021 from 123.15.36.11
ubuntu@VM-0-9-ubuntu:~$ uname -a
Linux VM-0-9-ubuntu 4.15.0-142-generic #146~16.04.1-Ubuntu SMP Tue Apr 13 09:27:15 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

2.安装mysql+apche+php

apt-get install mysql-server
apt-get isntall mysql-client
apt-get install libmysqlclient-dev
apt-get install apache2
apt install php
apt-get install libapache2-mod-php

3.安装DVWA

cd /var/www/html
wget https://github.com/digininja/DVWA/archive/refs/heads/master.zip
unzip master.zip
mv DVWA-master/ dvwa

4.设置mysql

mysql -uroot -proot
create database dvwa;
grant all privileges on *.* to dvwa@localhost identified by 'dvwa';

5.配置DVWA

vim /dvwa/config/config.inc.php

$_DVWA = array();
$_DVWA[ 'db_server' ]   = '127.0.0.1';
$_DVWA[ 'db_database' ] = 'dvwa';
$_DVWA[ 'db_user' ]     = 'dvwa';
$_DVWA[ 'db_password' ] = 'dvwa';
$_DVWA[ 'db_port'] = '3306';

6.配置apache

Apache2配置目录相关知识: https://blog.csdn.net/stay_zezo/article/details/80212552

修改apache的默认端口为9000,在云上由于我的80端口被nginx占用,为了避免端口冲突,所以这里修改Apache的默认端口为9000.

vim /etc/apache2/ports.conf

Listen 9000

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

此时如果打开apache服务,访问your_ip:9000,可以看到Apache的默认页面

修改默认站点目录,将默认的站点目录修改成dvwa的目录/var/www/html/dvwa

vim sites-enabled/000-default.conf 

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-QilmGufx-1633316989396)(C:\Users\Null\AppData\Roaming\Typora\typora-user-images\image-20211003220150551.png)]

修改dir.conf,先将默认打开的文件改成setup.php进行初始化,如果不改的话会直接执行index.php，进入login界面，没有初始化会搭建失败.

root@VM-0-9-ubuntu:/etc/apache2# vim mods-enabled/dir.conf 

<IfModule mod_dir.c>
        DirectoryIndex setup.php
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

然后重启Apache服务

root@VM-0-9-ubuntu:/etc/apache2# /etc/init.d/apache2 restart

并从主机访问云端ip: your_ip:9000,浏览器会加载DVWA的初始化界面,点击创建数据库，可能会由于几个飘红的选项导致失败：这里贴出那几个飘红的解决办法

1. PHP函数allow_url_include：缺少

vim /etc/php/7.2/apache2/php.ini

需要将其中的allow_url_include=Off，更改为allow_url_include=On。

2. PHP模块gd：缺少

apt-get install php-gd

3. PHP模块mysql：缺少

apt-get install php7.0-mysql

再次重启Apache服务后创建数据库，成功后再次修改dir.conf文件,把默认打开的文件修改成index.php,下次再访问的时候就直接跳转到登录界面:

root@VM-0-9-ubuntu:/etc/apache2# vim mods-enabled/dir.conf 

<IfModule mod_dir.c>
        DirectoryIndex index.php
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-kghTPZeu-1633316989399)(C:\Users\Null\AppData\Roaming\Typora\typora-user-images\image-20211003224407597.png)]

ule mod_dir.c>
DirectoryIndex index.php

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

[外链图片转存中...(img-kghTPZeu-1633316989399)]

参考链接：https://www.jianshu.com/p/5251d43388bc