xss-platform

一、LAMP环境搭建

编译安装详见  ---> LAMP编译安装

这里我们使用yum安装方式

1、安装apache，php

[root@xss-platform ~] # yum install httpd -y
[root@xss-platform ~] # yum install php -y

2、测试php

[root@xss-platform ~] # vim /var/www/html/index.php

    phpinfo()
?>

[root@xss-platform ~] # systemctl start httpd
在这里要注意关闭防火墙或设置规则，关闭selinux
[root@xss-platform ~] # systemctl stop firewalld.service

3、安装mariadb数据库

[root@xss-platform ~] # yum install mariadb mariadb-server
[root@xss-platform ~] # systemctl start mariadb
[root@xss-platform ~] # ss -tunlp | grep 3306
tcp    LISTEN     0      50        *:3306                  *:*                    users :(( "mysqld" ,pid=11905,fd=14))

测试连接
[root@xss-platform ~] # mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection  id  is 3
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type  'help;'  or  '\h'  for  help. Type  '\c'  to  clear  the current input statement.

MariaDB [(none)]>  exit ;
Bye

设置mysql root用户登录密码
[root@xss-platform ~] # mysqladmin -uroot password '123456'
修改root用户密码
[root@xss-platform ~] # mysqladmin -uroot -p123456 password '********'

测试连接
[root@xss-platform ~] # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection  id  is 12
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type  'help;'  or  '\h'  for  help. Type  '\c'  to  clear  the current input statement.

MariaDB [(none)]>

4、安装php-mysql，测试连接

[root@xss-platform ~] # yum install php-mysql -y
[root@xss-platform ~] # systemctl reload httpd

二、安装xss-platform

1、上传xss-platform源码至apache默认根目录，源码网上有很多，自行谷歌

[root@xss-platform ~] # cd /var/www/html
[root@xss-platform html] # ls
index.php  XSS+Platform+.zip
[root@xss-platform html] # unzip XSS+Platform+.zip
[root@xss-platform html] # chown -R apache XSS
[root@xss-platform html] # chgrp -R apache XSS
[root@xss-platform html] # cd XSS
[root@xss-platform XSS] # ll
总用量 52
-rw-r--r--. 1 apache apache   667 8月  13 2016 authtest.php
-rw-r--r--. 1 apache apache   276 9月  19 2014 captcha.php
-rw-r--r--. 1 apache apache  1967 3月  25 21:37 config.php
-rw-r--r--. 1 apache apache   383 7月   4 2014 index.php
-rw-r--r--. 1 apache apache  2016 9月  19 2014 init.php
drwxr-xr-x. 4 apache apache  4096 8月  13 2016 libs
-rw-r--r--. 1 apache apache    26 8月  20 2012 robots.txt
drwxr-xr-x. 2 apache apache    28 8月  13 2016 scripts
drwxr-xr-x. 4 apache apache  4096 8月  13 2016  source
drwxr-xr-x. 2 apache apache  4096 8月  13 2016 templates_c
drwxr-xr-x. 3 apache apache    20 8月  13 2016 themes
-rw-r--r--. 1 apache apache 15938 1月  26 2014 xssplatform.sql

2、为xss平台做数据库准备

[root@xss-platform XSS] # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection  id  is 13
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type  'help;'  or  '\h'  for  help. Type  '\c'  to  clear  the current input statement.

MariaDB [(none)]> CREATE USER xsser IDENTIFIED BY  '123456' ;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE xss;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON xss.* TO  'xsser' @ '%'  IDENTIFIED BY  '123456' ;
Query OK, 0 rows affected (0.00 sec)

3、修改xss-platform配置文件，填入密码，修改url

[root@xss-platform XSS] # vim config.php

/**
 * config.php 系统配置：数据库连接、显示信息等
 * ----------------------------------------------------------------
 * OldCMS,site:http: //www .oldcms.com
 */

/* 数据库连接 */
$config[ 'dbHost' ]       = '192.168.2.108' ;            // 数据库地址
$config[ 'dbUser' ]       = 'root' ;                     // 用户
$config[ 'dbPwd' ]        = 'djttdkx01' ;    // 密码
$config[ 'database' ]     = 'xss' ;                  // 数据库名
$config[ 'charset' ]      = 'utf8' ;                 // 数据库字符集
$config[ 'tbPrefix' ]     = 'oc_' ;                  // 表名前缀
$config[ 'dbType' ]       = 'mysql' ;                // 数据库类型(目前只支持mysql)

/* 注册配置 */
$config[ 'register' ]     = 'invite' ;               //normal ,正常;invite,只允许邀请注册;close,关闭注册功能 注：当邀请开启时,未生成邀请码,邀请将不生效
$config[ 'mailauth' ]     = false ;                  // 注册时是否邮箱验证

/* url配置 */
$config[ 'urlroot' ]      = 'http://192.168.2.108/XSS' ;         // 网站 URL 路径
$config[ 'urlrewrite' ]   =False;                  //URL  Rewrite

/* 存储配置 */
$config[ 'filepath' ]     =ROOT_PATH. '/upload' ;            // 文件存储目录,结尾无 '/'
$config[ 'fileprefix' ]   =$config[ 'urlroot' ]. '/upload' ;   // 访问文件起始,结尾无 '/'

/* 主题选择 */
$config[ 'theme' ]        = 'default' ;              // 主题选择
$config[ 'template' ]     = 'default' ;              // 模板选择

/* 显示设置 */
$config[ 'show' ]=array(
    'sitename'           => '枫林sec内部XSS平台' ,         // 网站名
    'sitedesc'           => '盲打天下' ,                     // 一句话简介
    'keywords'           => 'xss' ,                  //keywords
    'description'        => '' ,                     //description
    'adminmail'          => '[email protected]'       // 管理员邮箱
);

/* 积分等级设置 */
$config[ 'point' ]=array(
    'award' =>array(
        'publish'        =>2,
        'comment'        =>2,
        'invitereg'      =>10                     // 邀请注册奖励
    )
);

/* 其它设置 */
$config[ 'timezone' ]     = 'Asia/Shanghai' ;        // 时区，如UTC
$config[ 'expires' ]      =3600;                   // 过期时长(秒)
$config[ 'debug' ]        = false ;                  // 调试模式(是否显示程序、数据库等错误)
?>

4、将xss平台的初始数据导入mariadb

[root@xss-platform XSS] # mysql -uroot -p xss < xssplatform.sql
Enter password:

[root@xss-platform XSS] # mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection  id  is 15
Server version: 5.5.52-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type  'help;'  or  '\h'  for  help. Type  '\c'  to  clear  the current input statement.

MariaDB [(none)]> use xss
Reading table information  for  completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [xss]> show tables;
+--------------------+
| Tables_in_xss      |
+--------------------+
| oc_config          |
| oc_invite_reg      |
| oc_keepsession     |
| oc_module          |
| oc_project         |
| oc_project_content |
| oc_remind          |
| oc_session         |
| oc_user            |
+--------------------+
9 rows  in  set  (0.00 sec)

MariaDB [xss]> update oc_module  set  code=REPLACE(code, 'http://xsser.me' , 'http://192.168.2.108/xss' );
Query OK, 3 rows affected (0.00 sec)
Rows matched: 5  Changed: 3  Warnings: 0

5、前台注册登录

声明：文中xss-platform来自于网上，xss-platform需邀请码注册

本文转自 元婴期 51CTO博客，原文链接:http://blog.51cto.com/jiayimeng/1910374