1. Purpose of the experiment
1. Use the PHP development environment integration tool XAMPP to build a DVWA shooting range.
2. Use PHP development environment integration tool phpstudy to build a DVWA shooting range.
2. Experimental principle
XAMPP is a cross-platform PHP development environment tool that integrates Apache, MySQL, PHP and other environments. XAMPP can run on various operating systems such as Windows, Mac, Linux, etc. Therefore, if you need to use a PHP development environment on multiple operating systems, xampp will be more suitable for your needs.
phpstudy is a PHP development environment tool specially designed for Windows platform, integrating Apache, Nginx, FTP, MySQL, PHP and other environments. Phpstudy pays more attention to user experience, providing a better interactive interface and more integrated environments.
Note: Although phpstudy only has a Windows version at the beginning, it has launched a linux version and a mac version so far. So choosing phpstudy now has an advantage in user experience compared to XAMPP.
DVWA-master is an open source software for learning and testing web application vulnerabilities. The full name of DVWA is "Damn Vulnerable Web Application", which means "web application that can be attacked". DVWA-master is the DVWA shooting range to be built in this experiment.
3. Experimental environment
Tool software: VMware, XAMPP, phpstudy, DVWA-master
Experiment preparation: virtual machine Windows 10
4. Experimental content (experimental steps, test data, etc.)
The steps to build a DVWA shooting range with XAMPP and phpstudy are similar, only the path is different.
This experiment gives the construction steps and error-reporting solutions when building a DVWA shooting range in XAMPP, and only gives the building steps when building a DVWA shooting range in phpstudy.
If there is an error when building a DVWA shooting range with phpstudy, please refer to the first part of the experiment on building a DVWA shooting range with XAMPP.
(1) Use the PHP development environment tool XAMPP to build a DVWA shooting range ( including the solution to the error report )
Start the Windows 10 virtual machine
Download XAMPP, install XAMPP
Open XAMPP, start Apache service and MySQL service
Download DVWA-master, unzip DVWA-master
Rename the decompressed DVWA-master to dvwa, copy the dvwa folder
Enter the path xampp\htdocs , paste
Open the Firefox browser and visit http://localhost/dvwa/setup.php
Enter the setting check interface of DVWA shooting range
Error 1 occurs :
DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment.
Solve error 1 :
Enter the path xampp\htdocs\dvwa\config
Rename the config.inc.php.dist file to the config.inc.php file
Or copy the config.inc.php.dist file, paste it to generate a copy and rename it
Either method is fine, it doesn't matter
After saving, refresh the browser and successfully enter the setting check interface of the DVWA shooting range
No error pops up, error 1 is successfully resolved
Scroll down to the bottom of the DVWA range homepage
Click Create / Reset Database
Error 2 occurs :
Could not connect to the MySQL service.Please check the config file.
Solve error 2 :
Enter the path xampp\htdocs\dvwa\config
Open the config.inc.php file with a text editor
Find $_DVWA['db_password']
Change the password to root , as shown below:
After saving, click on Create / Reset Database
No error pops up, error 2 is successfully resolved
Also in the config.inc.php file
Pull down to find $_DVWA[ 'recaptcha_public_key' ] and $_DVWA[ 'recaptcha_private_key' ]
Fill in the following two key values into recaptcha_public_key and recaptcha_private_key respectively
6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg
6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQOf course, it is also possible to visit https://www.google.com/reca to obtain the key value as prompted
Pull down to find $_DVWA[ 'default_security_level' ]
The default security level level can be changed to low to facilitate subsequent SQL injection
After saving, refresh the browser, there is a red error report on the DVWA homepage
Error 3 occurs :
PHP function allow_url_include: Disabled
Solve error 3 :
Enter the path xampp\php
Open the php.ini file with a text editor
Change the Off to On of the allow_url_include item
After saving, refresh your browser
No standard red error, error 3 successfully resolved
Click Create/Reset Database again, and click login to log in to the DVWA shooting range
Enter the DVWA shooting range login interface
Enter the default username admin
Enter the default password password
Successfully entered the main interface of the DVWA shooting range, and the DVWA shooting range has been built
(2) Use the PHP development environment tool phpstudy to build a DVWA shooting range
Start the Windows 10 virtual machine
1. Download phpstudy, install phpstudy
Open phpstudy, start Apache service and MySQL service
2. Download DVWA-master, unzip DVWA-master
Rename the decompressed DVWA-master to DVWA, copy the DVWA folder
Enter the path phpstudy\www , paste
3. Enter the path phpstudy\Extensions\php\php7.3.4nts
Open the php.ini file with a text editor
Change the Off to On of the allow_url_include item
4. Enter the path phpstudy\www\DVWA\config
Rename the config.inc.php.dist file to the config.inc.php file
5. Find $_DVWA[ 'db_password' ] = 'p@ssw0rd' in the file;
Change p@ssw0rd to root
6. Find recaptcha_public_key and recaptcha_private_key in this file
Fill in the following two key values into recaptcha_public_key and recaptcha_private_key respectively
6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg
6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ7. Open the Firefox browser and visit http://localhost/dvwa/setup.php
Click Create / Reset Database, click login
Enter the DVWA shooting range login interface
Enter the default username admin
Enter the default password password
Successfully entered the main interface of the DVWA shooting range, and the DVWA shooting range has been built
5. Experimental experience
The steps to build a DVWA shooting range with XAMPP and phpstudy are similar, but the path of the file is different. For the error report of building a DVWA shooting range with phpstudy, you can refer to some experiments on building a DVWA shooting range with XAMPP.