一、简介
渗透学习中经常会用到到靶场,这里综合了几个常用的靶场,分享一下。
二、搭建
搭建在centos中,主要是对DVWA做配置
安装Apache(httpd)
yum install httpd httpd-devel httpd-manual httpd-tools
启动apache并设置开机自启
systemctl start httpd # 开启apache
systemctl enable httpd # 设置开机自启
systemctl status httpd # 查看apache状态
安装Mysql
yum install mariadb-server
启动Mysql并设置开机自启
systemctl start mariadb # 开启mariadb
systemctl enable mariadb # 设置开机自启
systemctl status mariadb # 查看mariadb状态
配置Mysql数据库
初始化mysql数据库(全部回车确认)
mysql_secure_installation
设置mysql密码(非操作系统密码)
配置
mysql -uroot -p
create database dvwa; # 创建数据库
grant all privileges on *.* to dvwa@localhost identified by 'dvwa'; # 创建用户
安装PHP
(php-fpm php-mysqlnd不装,其他均可)
yum install php php-common php-cli php-devel php-gd php-ldap php-mbstring php-mysql php-pdo php-pear php-xml php-pgsql php-process php-snmp php-soap
重启apache使php生效(php不是独立软件,依附apache)
systemctl restart httpd
配置
vim /etc/php.ini
修改allow_url_include=Off为allow_url_include=On
安装DVWA
wget https://github.com/ethicalhack3r/DVWA/archive/master.zip
解压并复制到/var/www/html目录
配置
cd /var/www/html/config/
cp config.inc.php.dist config.inc.php # /DVWA/config目录下
vim config.inc.php
# 修改用户密码为数据库用户密码(root:xxx)
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
chown -R apache:apache /var/www/html/
vim /etc/php.ini # 修改apache配置文件(文件上传会用到)
allow_url_include = On
systemctl restart httpd # 重启apache
三、访问环境
http://虚拟机IP
sql-lab和dvwa都需要初始化
DVWA密码 admin:password