This paragraph is the report that the teacher asked to write during the summer training before, and I will record it here.
Environment construction of DVWA in kali
Environment: kali virtual machine
1. Download and install PhPStudy (small skin panel)
-
Use a browser to visit www.xp.cn and select the LInux version.
-
Then choose the Debian install script without docker version. Copy the content in the gray frame, use ctrl+alt+t to open the terminal, paste and run it in the terminal.
-
The interface after installation is shown in the figure. Remember to save the following text, which will be used later.
-
We access the URL displayed after accessing the intranet in the above information, enter the Xiaopi panel console; enter the initial system account and password to log in.
-
After logging in, the "one-key installation basic component interface" will pop up automatically, click one-key installation, and wait for the installation to complete.
-
After the installation is complete, click to start mysql and apache. If the text turns green, it means the startup is successful.
2. Create a database
- Click on the database, choose to add database, here we set the database name as dvwa, user name as dvwa, password root, click save.
3. Download dvwa and unzip it
-
Enter the dvwa.co.uk official website with the browser and download the DVWA source code file
-
Click File, File Upload, and select a file.
-
Find our DVWA-master.zip in the download directory. After refreshing, you can see that the compressed package appears in our file resources.
-
Unzip the compressed package and refresh it
Fourth, modify the configuration file
-
We open the file system, choose to open it as Root, enter the password, and enter the www file.
-
Enter the "/www/admin/DVWA-master/config/" directory, find and open the config.inc.php.dist file, and change the password to the database password root we set.
-
Make a copy of the file and rename it to config.inc.php
5. Add a site in the small skin panel -
Open the Xiaopi panel, click Sites, and select Add Site. The site domain name is the IP address of our virtual machine.
-
Configure the site. Note here that the website directory must be selected as the DVWA-master directory.
-
Enter the site after saving successfully, and you can find the successfully entered page.
6. Solve the problem of red mark
First, every time we start DVWA, we need to enter the command to start apache2 and MySQL
service apache2 start to start apache service
service mysql start to start mysql database service
After the above steps, we found the following problems on the development page.
We need to solve the No. 1 and No. 2 problems, and other places will not affect the normal use.
Problem 1: PHP function allow_url_include: Disabled
1. Find the php.ini file and change the corresponding position in the php.ini file to allow_url_include: On, allow_url_fopen: On:
Note: The php.in file here is not in the DVWA folder, but the php.ini file in the php installation directory in our phpstudy folder.
-
We found the directory /usr/local/phpstudy/soft/php/php-5.5.38/etc/ and found the php.ini file in it
-
Double-click to open the php.ini file, find line 808, and change allow_url_include = Off to allow_url_include = On
-
Close and restart apache, you can see that this problem has been solved
Question 2: reCAPTCHA key: Missing
- First, we find the configuration file config.inc.php in the "/www/admin/DVWA-master/config/" directory:
$DVWA[ 'recaptcha_public_key' ] = ''; $DVWA[ 'recaptcha_private_key' ] = '';
We found that the contents of the public key and private key are empty - We can find the solution directly by Baidu these two messages, and the friendly people provided the key
$DVWA[ 'recaptcha_public_key']='6LdJJlUUAAAAAH1Q6cTpZRQ2Ah8VpyzhnffD0mBb'; $DVWA[ 'recaptcha_private_key' ] = '6LdJJlUUAAAAAM2a3HrgzLczqdYp4g05EqDs-W4K'
;
Seven, the final effect