CentOS_7环境下安装DVWA渗透环境完整步骤(Apache+MySQL)

1.安装虚拟机

这个最基本的就不多说了。

---

2. 环境配置

配置ssh

yum install openssh*

编辑ssh配置文件

vi /etc/ssh/sshd_config

把下面两行取消注释

PermitEmptyPasswords no
PasswordAuthentication yes

设置
不限制root用户登录ssh

PermitRootLogin yes

重启ssh

systemctl restart sshd.service

设置开机启动

systemctl enable sshd.service

添加防火墙策略

firewall-cmd –permanent –zone=public –add-service=ssh
firewall-cmd –reload

我们先更新一下cache（可选操作）

yum makecache

升级一下（可选操作）

yum update

---

3. 安装必要组件

安装Apache的服务器

yum install httpd

然后启动Apache

service httpd start

查看Apache状态

service httpd status

设置httpd在运行级别为2、3、4、5的情况下都是on的状态(如果发现测试php时网页显示源代码，尝试把此代码来一遍)

chkconfig –level 2345 httpd on
firewall-cmd –permanent –zone=public –add-service=httpd

---

安装MySQL

//因为最新版的linux系统开始，默认的是Mariadb
而不是mysql~//

检查系统是否装有mysql,返回空值则说明没有安装

rpm -qa |grep mysql

//yum install虽然可执行，但是只是用来更新Mariadb的//

wget http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm

安装mysql-community-release-el7-5.noarch.rpm

rpm -ivh mysql-community-release-el7-5.noarch.rpm

安装Mysql

yum install mysql-server

安装完成后再次查看MySQL

rpm -qa | grep mysql

如果报错内容含有

Error: Package: mysql-community-libs-5.6.35-2.el7.x86_64 (mysql56-community)
Requires: libc.so.6(GLIBC_2.17)(64bit)
Error: Package: mysql-community-server-5.6.35-2.el7.x86_64 (mysql56-community)
Requires: libc.so.6(GLIBC_2.17)(64bit)
Error: Package: mysql-community-server-5.6.35-2.el7.x86_64 (mysql56-community)
Requires: systemd
Error: Package: mysql-community-server-5.6.35-2.el7.x86_64 (mysql56-community)
Requires: libstdc++.so.6(GLIBCXX_3.4.15)(64bit)
Error: Package: mysql-community-client-5.6.35-2.el7.x86_64 (mysql56-community)
Requires: libc.so.6(GLIBC_2.17)(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

解决：

yum install glibc.i686
yum list libstdc++*

重置密码
首先登陆

mysql -u root

登录时有可能报这样的错：

ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock’ (2)

原因是/var/lib/mysql的访问权限问题。下面的命令把/var/lib/mysql的拥有者改为当前用户

chown -R root:root /var/lib/mysql

重启服务

service mysqld restart

登陆MySQL重置密码

mysql -u root
mysql > use mysql;
mysql > update user set password=password(‘123456’) where user=’root’;
mysql > exit;

重启Mysq服务

service mysqld restart

---

下载DVWA

wget https://github.com/ethicalhack3r/DVWA/archive/v1.9.tar.gz
cp v1.9.tar.gz /var/www/html/
cd /var/www/html
tar zxvf v1.9.tar.gz

---

安装PHP

yum install php.x86_64 php-mysql.x86_64 php-pear php-pear-DB php-gb

将虚拟机配置成桥接模式后，访问测试网页

http://x.x.x.x/dvwa/setup.php

根据红色的提示，设置环境

vim /etc/php.ini

配置内容

allow_url_fopen = On
allow_url_include = On

编辑配置文件

cd /var/www/html/dvwa/config
cp config.inc.php config.inc.php.bak #备份一下
vim config.inc.php

---

key可以是自己生成，地址是https://www.google.com/recaptcha/admin/create

$_DVWA[ 'db_server' ] = '127.0.0.1';
$_DVWA[ 'db_password' ] = 'mysqlpassword';
$_DVWA[ 'recaptcha_public_key' ] = '6LePqhAUAAAAAH6Bn2okO9-8G-zNw46PNhotV4Q6';
$_DVWA[ 'recaptcha_private_key' ] = '6LePqhAUAAAAAMVqhBbFr1NVA9H13FKyfAgBeZYx';

然后给予权限可写

cd /var/www/html/dvwa/hackable/
chmod 777 uploads
cd /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp
chmod 777 phpids_log.txt

如果最后还有问题调整一下安全级别

cd /var/www/html/dvwa/config
vim config.inc.php

---

$_DVWA[ 'default_security_level' ] = 'low';

友情提示
DVWA默认用户名：admin
DVWA默认密码：password