install apache and php
-
Install apache is server software
-
Install php and some extensions is a backend programming language
-
Install mariadb (can be seen as mysql)
Install
under centos:
[root@centos7 ~ ]# yum -y install httpd php php-mysql php-gd mariadb server #安装
Under ubuntu:
$ apt-get -y install apache2 mariadb-server php php-mysqli php-gd libapache2-mod-php
start service
[root@centos7 ~ ]# systemctl start httpd #Start http service
[root@centos7 ~ ]# systemctl enable httpd #Set http service to boot automatically
[root@centos7 ~ ]# systemctl start mariadb #Start mariadb service
[root@centos7 ~ ]# systemctl enable mariadb #Set mariadb service to start automatically
[root@centos7 ~ ]# systemctl disable firewalld && systemctl stop firewalld && systemctl status firewalld #Close the firewall
test
[root@centos7 ~ ʠ mysqladmin -u root password " set your own password "
[root@centos7 ~ ʠ mysql -u root -p enter the password just set
MariaDB [(none)]> \q #exit
website construction
Download and environment configuration
download
Download the DVWA range file from GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA) and copy it to the centos machine desktop
Environment configuration
[root@localhost ~]# cd /home/sillage/desktop/
[root@localhost desktop]# cp DVWA-master.zip /var/www/html
[root@localhost desktop]# cd /var/www/html
[root@localhost html]# unzip DVWA-master.zip #unzip
[root@localhost html]# mv DVWA-master dvwa #Modify the name DVWA-master to dvwa
[root@localhost html]# chown -R apache dvwa/
[root@localhost html]# chown -R apache.apache dvwa/ #Modify the file master and group as apache user
[root@localhost html]# ls -la #verify
Total usage 1412
drwxr-xr-x. 3 root root 41 3月 1 11:28 .
drwxr-xr-x. 4 root root 33 3月 1 10:42 ..
drwxr-xr-x. 11 apache apache 4096 2月 25 19:07 dvwa
-rwxr--r--. 1 root root 1439985 Mar 1 11:15 DVWA-master.zip
[root@localhost html]# cd dvwa
[root@localhost dvwa]# cd config
[root@localhost config]# ls
config.inc.php.dist
[root@localhost config]# mv config.inc.php.dist config.inc.php
Edit the config.inc.php file
[root@localhost config]# vi config.inc.php
Will
$_DVWA[ 'db_user' ] = 'dvwa';
$_DVWA[ 'db_password' ] = 'P@sswOrd';
changed to
$_DVWA[ 'db_user' ] = 'root';
$_DVWA['db_password'] = ' The password you set earlier ';
Type underlined content
$_DVWA[ 'recaptcha_public_key' ] = ' 6LfUZr4UAAAACs5S68EfL7A7WXjNHAqyWnZwIch ';
$_DVWA[ 'recaptcha_private_key' ] =' 6LfUZr4UAAAAACMgFi7Qh7yPvWLtq0LV_zIBYWa8 ';
save and exit
:wq
Modify the php configuration file
[root@localhost config]# vi /etc/php.ini
Will
allow_url_include = Off
change into
allow_url_include = On
save and exit
:wq
increase permissions
[root@localhost config]# chmod -R 777 /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp
[root@localhost config]# chmod -R 777 /var/www/html/dvwa/config
[root@localhost config]# setenforce 0
[root@localhost config]# systemctl restart httpd
test
Open http://127.0.0.1/dvwa/ in the Firefox browser , click Setup/Reset DB and the following page will appear
Click Create/Reset Database
Click DVWA Security, change Impossible to Low and click Submit
Click Logout
The account and password here are admin/password
docker installation
Install using yum
Execute the following command to install dependencies:
[root@localhost /]# yum install -y yum-utils
Execute the following command to add the yum software source:
[root@localhost /]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost /]# sed -i 's/download.docker.com/mirrors.aliyun.com\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo
Install Docker
Update the yum software source cache and install docker-ce
[root@localhost /]# yum install docker-ce docker-ce-cli containerd.io
start docker
[root@localhost /]# systemctl enable docker
[root@localhost /]# systemctl start docker
Test whether Docker is installed correctly
[root@localhost /]# docker run --rm hello-world
Configure domestic accelerator
Alibaba Cloud Mirror Accelerator
Official Image Acceleration_Container Image Service-Alibaba Cloud Help Center
[root@localhost /]# mkdir -p /etc/docker
[root@localhost /]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://so9lk55n.mirror.aliyuncs.com"]
}
EOF
[root@localhost /]# systemctl daemon-reload
[root@localhost /]# systemctl restart docker
Basic commands of docker
Start the docker service systemctl start stop restart docker
List mirrored docker images
List containers docker ps -a / docker container ls -a
delete image docker rmi [image_id]
remove container docker rm [container_id]
Build the shooting range environment
[root@localhost /]# docker search dvwa
NAME DESCRIPTION STARS OFFICIAL AUTOMATED sagikazarmark/dvwa DVWA (Damn Vulnerable Web Application) Docke… 17 [OK] astronaut1712/dvwa Docker for DVWA LAB: https://github.com/Rand… 5 [OK] cytopia/dvwa DVWA (Damn Vulnerable Web Application) with … 10 citizenstig/dvwa Docker container for Damn Vulnerable Web App… 70[OK] cyberxsecurity/dvwa 2 infoslack/dvwa 11 [OK] santosomar/dvwa DVWA Container for Cybersecurity Training 1 c0ny1/dvwa dvwa鏡像 0 scotty2hotty/dvwa 0 howiehowerton/dvwa-howie 0 imfht/dvwa-nologin dvwa without login 1 mlinarik/ dvwa 0 pmuench/dvwa-container-escape DVWA with CVE-2021-4034 for Demo 0 utspark/dvwa_frontend 3 waiyanwinhtain/dvwa 0 vladvantaroo/dvwa just dvwa 0 qeaccelerators/dvwa_app_dockerized 0 rbenavente/dvwa-fargate 0 acgpiano/dvwa latest dvwa 2 truecharts /dvwa-web 0 bennalp/dvwa 0 vulfocus/dvwa 0 jechoi/dvwa Instantly runnable DVWA to practice web atta… 1 aracloud/dvwa 0 benoitg/dvwa Damn Vulnerable Web Application https://git … 2 [ OK ]
Observe that the above table uses the one with the largest number of users (bold), you can search hub.docker.com/r/citizenstig/dvwa on the docker official website to find the corresponding command
[root@localhost /]# docker pull citizenstig/dvwa
[root@localhost /]# docker run -d -p 80:80 -p 3306:3306 -e MYSQL_PASS="Chang3ME" citizenstig/dvwa
Enter 127.0.0.1:80 in the browser to enter the shooting range
Just reset the database, log in
Install docker-compose
install pip
[root@localhost /]# yum install python3
[root@localhost /]# curl -s https://bootstrap.pypa.io/pip/3.6/get-pip.py | python3
[root@localhost /]# pip3 install --upgrade pip
Install docker-compose
[root@localhost /]# pip install -U docker-compose
[root@localhost /]# python3 -m pip install -U docker-compose -i https://pypi.tuna.tsinghua.edu.cn/simple/ #Use domestic sources
install vulhub
git clone https://github.com/vulhub/vulhub.git #Download vulhub
open range
docker-compose up -d #start shooting range
docker-compose down #close shooting range