DVWA靶场Kali

安装

root@kali:~# apt -y install apache2 mariadb-common mariadb-server php php-mysql php-gd
root@kali:~# systemctl enable apache2 && systemctl restart apache2
root@kali:~# systemctl enable mysql && systemctl restart mysql

设置数据库密码

root@kali:~# mysql
MariaDB [(none)]> create database dvwa character set utf8;
MariaDB [(none)]> show databases;
MariaDB [(none)]> grant all privileges on *.* to dvwa@127.0.0.1 identified by "123456";
MariaDB [(none)]> flush privileges;

下载dvwa,然后备份

root@kali:~# git clone https://github.com/lscq/dvwa.git
root@kali:~# cp -r dvwa /var/www/html/
root@kali:~# cd /var/www/html/
root@kali:/var/www/html# chmod 755 -R dvwa
root@kali:~# cp /etc/php/7.3/apache2/php.ini /etc/php/7.3/apache2/php.ini.bak
root@kali:~# cd /var/www/html/dvwa/config/
root@kali:/var/www/html/dvwa/config# cp config.inc.php.dist config.inc.php

修改配置文件

root@kali:~# vim /etc/php/7.3/apache2/php.ini
allow_url_include = On
root@kali:~# vim /var/www/html/dvwa/config/config.inc.php
$_DVWA[ 'db_password' ] = '123456';
$_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';

防火墙

root@kali:~# systemctl restart apache2
root@kali:~# iptables -F

打开浏览器：http://ip/dvwa/setup.php

默认用户：admin 默认密码：password