一、LAMP环境搭建
编译安装详见 ---> LAMP编译安装
这里我们使用yum安装方式
1、安装apache,php
1
2
|
[root@xss-platform ~]
# yum install httpd -y
[root@xss-platform ~]
# yum install php -y
|
2、测试php
1
2
3
4
5
6
7
8
|
[root@xss-platform ~]
# vim /var/www/html/index.php
phpinfo()
?>
[root@xss-platform ~]
# systemctl start httpd
在这里要注意关闭防火墙或设置规则,关闭selinux
[root@xss-platform ~]
# systemctl stop firewalld.service
|
3、安装mariadb数据库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@xss-platform ~]
# yum install mariadb mariadb-server
[root@xss-platform ~]
# systemctl start mariadb
[root@xss-platform ~]
# ss -tunlp | grep 3306
tcp LISTEN 0 50 *:3306 *:*
users
:((
"mysqld"
,pid=11905,fd=14))
测试连接
[root@xss-platform ~]
# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 3
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]>
exit
;
Bye
设置mysql root用户登录密码
[root@xss-platform ~]
# mysqladmin -uroot password '123456'
修改root用户密码
[root@xss-platform ~]
# mysqladmin -uroot -p123456 password '********'
测试连接
[root@xss-platform ~]
# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 12
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]>
|
4、安装php-mysql,测试连接
1
2
|
[root@xss-platform ~]
# yum install php-mysql -y
[root@xss-platform ~]
# systemctl reload httpd
|
二、安装xss-platform
1、上传xss-platform源码至apache默认根目录,源码网上有很多,自行谷歌
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@xss-platform ~]
# cd /var/www/html
[root@xss-platform html]
# ls
index.php XSS+Platform+.zip
[root@xss-platform html]
# unzip XSS+Platform+.zip
[root@xss-platform html]
# chown -R apache XSS
[root@xss-platform html]
# chgrp -R apache XSS
[root@xss-platform html]
# cd XSS
[root@xss-platform XSS]
# ll
总用量 52
-rw-r--r--. 1 apache apache 667 8月 13 2016 authtest.php
-rw-r--r--. 1 apache apache 276 9月 19 2014 captcha.php
-rw-r--r--. 1 apache apache 1967 3月 25 21:37 config.php
-rw-r--r--. 1 apache apache 383 7月 4 2014 index.php
-rw-r--r--. 1 apache apache 2016 9月 19 2014 init.php
drwxr-xr-x. 4 apache apache 4096 8月 13 2016 libs
-rw-r--r--. 1 apache apache 26 8月 20 2012 robots.txt
drwxr-xr-x. 2 apache apache 28 8月 13 2016 scripts
drwxr-xr-x. 4 apache apache 4096 8月 13 2016
source
drwxr-xr-x. 2 apache apache 4096 8月 13 2016 templates_c
drwxr-xr-x. 3 apache apache 20 8月 13 2016 themes
-rw-r--r--. 1 apache apache 15938 1月 26 2014 xssplatform.sql
|
2、为xss平台做数据库准备
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@xss-platform XSS]
# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 13
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]> CREATE USER xsser IDENTIFIED BY
'123456'
;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE xss;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON xss.* TO
'xsser'
@
'%'
IDENTIFIED BY
'123456'
;
Query OK, 0 rows affected (0.00 sec)
|
3、修改xss-platform配置文件,填入密码,修改url
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
[root@xss-platform XSS]
# vim config.php
/**
* config.php 系统配置:数据库连接、显示信息等
* ----------------------------------------------------------------
* OldCMS,site:http:
//www
.oldcms.com
*/
/* 数据库连接 */
$config[
'dbHost'
] =
'192.168.2.108'
;
//
数据库地址
$config[
'dbUser'
] =
'root'
;
//
用户
$config[
'dbPwd'
] =
'djttdkx01'
;
//
密码
$config[
'database'
] =
'xss'
;
//
数据库名
$config[
'charset'
] =
'utf8'
;
//
数据库字符集
$config[
'tbPrefix'
] =
'oc_'
;
//
表名前缀
$config[
'dbType'
] =
'mysql'
;
//
数据库类型(目前只支持mysql)
/* 注册配置 */
$config[
'register'
] =
'invite'
;
//normal
,正常;invite,只允许邀请注册;close,关闭注册功能 注:当邀请开启时,未生成邀请码,邀请将不生效
$config[
'mailauth'
] =
false
;
//
注册时是否邮箱验证
/* url配置 */
$config[
'urlroot'
] =
'http://192.168.2.108/XSS'
;
//
网站 URL 路径
$config[
'urlrewrite'
] =False;
//URL
Rewrite
/* 存储配置 */
$config[
'filepath'
] =ROOT_PATH.
'/upload'
;
//
文件存储目录,结尾无
'/'
$config[
'fileprefix'
] =$config[
'urlroot'
].
'/upload'
;
//
访问文件起始,结尾无
'/'
/* 主题选择 */
$config[
'theme'
] =
'default'
;
//
主题选择
$config[
'template'
] =
'default'
;
//
模板选择
/* 显示设置 */
$config[
'show'
]=array(
'sitename'
=>
'枫林sec内部XSS平台'
,
//
网站名
'sitedesc'
=>
'盲打天下'
,
//
一句话简介
'keywords'
=>
'xss'
,
//keywords
'description'
=>
''
,
//description
);
/* 积分等级设置 */
$config[
'point'
]=array(
'award'
=>array(
'publish'
=>2,
'comment'
=>2,
'invitereg'
=>10
//
邀请注册奖励
)
);
/* 其它设置 */
$config[
'timezone'
] =
'Asia/Shanghai'
;
//
时区,如UTC
$config[
'expires'
] =3600;
//
过期时长(秒)
$config[
'debug'
] =
false
;
//
调试模式(是否显示程序、数据库等错误)
?>
|
4、将xss平台的初始数据导入mariadb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@xss-platform XSS]
# mysql -uroot -p xss < xssplatform.sql
Enter password:
[root@xss-platform XSS]
# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 15
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]> use xss
Reading table information
for
completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [xss]> show tables;
+--------------------+
| Tables_in_xss |
+--------------------+
| oc_config |
| oc_invite_reg |
| oc_keepsession |
| oc_module |
| oc_project |
| oc_project_content |
| oc_remind |
| oc_session |
| oc_user |
+--------------------+
9 rows
in
set
(0.00 sec)
MariaDB [xss]> update oc_module
set
code=REPLACE(code,
'http://xsser.me'
,
'http://192.168.2.108/xss'
);
Query OK, 3 rows affected (0.00 sec)
Rows matched: 5 Changed: 3 Warnings: 0
|
5、前台注册登录
声明:文中xss-platform来自于网上,xss-platform需邀请码注册
本文转自 元婴期 51CTO博客,原文链接:http://blog.51cto.com/jiayimeng/1910374