Web Security Attack and Defense: Build a DVWA Vulnerability Environment

Others 2021-02-27 07:47:52 views: null

DVWA (Damn Vulnerable Web Application) vulnerability environment is an open source vulnerability testing platform, which includes basic vulnerability environments such as SQL injection, XSS, file upload, file inclusion, and CSRF.

1 Preparation

Other environments needed to build the environment

  • VScode (Configure the plugin to run PHP)
  • PHP operating environment
  • MySQL operating environment

2 Build a vulnerability environment

Instead of setting up the environment in Kali, but on your own physical machine, you have to turn on the virtual machine every time you set up in the virtual machine, which is too annoying.

Create a new database in MySQL (Navicat is recommended)

Use VScode to open the dvwa folder, enter the config folder to edit the config.inc.php.dist file, and rename config.inc.php.dist to config.inc.php.

Use the VScode plug-in to run the current project. After successful operation, open the path: http://localhost:4000/setup.php and click Create/Reset database. The default account for login is adminand the password is password.

Check Navicat to find that a new data table has been created.

3 configuration

We can go back to the previous http://localhost:4000/setup.php to see which areas have not been fully configured.

As shown below

In the figure above, there are two configurations that are red:

  1. allow_url_include red
  2. reCAPTCHA key red

There is a configuration method below the configuration.

3.1 配置allow_url_include

allow_url_include is not enabled, modify php.ini, refer to the bottom prompt to modify.

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On


; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = On

3.2 reCAPTCHA

The key can be generated by yourself, the address is https://www.google.com/recaptcha/admin/create, you need to pay attention to the V3 version when registering for reCAPTCHA, an error will be prompted in the DVWA, and the V2 version is normal.

The label is set according to your own preferences, and the reCAPTCHA type is set to the first of the second edition. After saving, you can get the public key and private key.

Edit the configuration file dvwa/config/config.inc.php

$_DVWA[ 'recaptcha_public_key' ] = '6LeaSDsaAAAAADdDGBCByaqcBLrWa6oKr-aKqBg4';
$_DVWA[ 'recaptcha_private_key' ] = '6LeaSDsaAAAAAIkRd3FVpb1bE5YkIgbmOis297fe';

4 renderings

Guess you like

Origin blog.csdn.net/qq_43085611/article/details/113127799
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com