首先声明一下我不太推荐kali来搭建DVWA,因为kali默认安装的mysql的数据库是mariaDB,DVWA使用那个mariaDB数据库没有root权限
步骤:
1. 首先去github上下载DVWA的安装包,网址为:https://github.com/ethicalhack3r/DVWA
2. 将下载好的压缩包解压并改名为dvwa,然后将其复制到 /var/www/html 文件夹中
3. 打开终端,执行以下命令:
将apache2停止:service apache2 stop
给dvwa文件夹相应的权限:chmod -R 755 /var/www/html/dvwa
启动mysql服务: service mysql start
打开mysql: mysql -u root -p
创建数据库:create database dvwa;
退出mysql:exit
启动apache2服务:service apache2 start
打开浏览器,在地址栏中输入 127.0.0.1/dvwa (或者 localhost/dvwa) ,浏览器会自动跳转到127.0.0.1/dvwa/setup.php 页面,看来要大功告成了,点击页面下方
Create/Reset Database按钮,竟然不能创建数据库,提示 Could not connect to the MySQL service. Please check the config file. 原来是相应配置文件还没有修改。
找到/var/www/html/dvwa/config文件夹,打开其中的config.inc.php文件,将$_DVWA[ 'db_password' ] = 'p@ssw0rd'; 这一行改为$_DVWA[ 'db_password' ] = '';
再次进入上述网址点击Create/Reset Database按钮,提示数据库创建成功。接下来就可以进入DVWA演练平台进行练习了。默认用户名为admin,密码为password。
!!!!!!出现mysql数据库连接失败问题!!!!!!!!!
找到php配置文件修改 PHP function allow_url_include:修改为on
密码设置为空
主要思路:kali的mysql默认安装的mariaDB,DVWA使用那个mariaDB数据库没有root权限,我在这的解决方法是新建一个数据库并且提权
下面是上次解决问题是的全程终端界面
##########################################################################################
root@kali:~# whichis php
bash: whichis: 未找到命令
root@kali:~# whereis php
php: /usr/bin/php /usr/bin/php7.2 /usr/lib/php /etc/php /usr/share/php7.2-mysql /usr/share/php7.2-readline /usr/share/php7.2-gd /usr/share/php7.2-json /usr/share/php7.2-common /usr/share/php7.2-opcache /opt/lampp/bin/php /usr/share/man/man1/php.1.gz
root@kali:~# cd /usr/bin/php
bash: cd: /usr/bin/php: 不是目录
root@kali:~# cd /etc/php/
root@kali:/etc/php# ls
7.2
root@kali:/etc/php# cd 7.2/
root@kali:/etc/php/7.2# ls
apache2 cli mods-available
root@kali:/etc/php/7.2# cd apache2/
root@kali:/etc/php/7.2/apache2# ls
conf.d php.ini
root@kali:/etc/php/7.2/apache2# vi php.ini
root@kali:/etc/php/7.2/apache2# grepit
bash: grepit: 未找到命令
root@kali:/etc/php/7.2/apache2# cd /var/www/html/
root@kali:/var/www/html# ls
dvwa index.html index.nginx-debian.html
root@kali:/var/www/html# cd dvwa/
root@kali:/var/www/html/dvwa# ls
about.php dvwa index.php php.ini vulnerabilities
CHANGELOG.md external instructions.php README.md
config favicon.ico login.php robots.txt
COPYING.txt hackable logout.php security.php
docs ids_log.php phpinfo.php setup.php
root@kali:/var/www/html/dvwa# cd config/
root@kali:/var/www/html/dvwa/config# ls
config.inc.php
root@kali:/var/www/html/dvwa/config# vim config.inc.php
root@kali:/var/www/html/dvwa/config# mysql -u root -p abcd
Enter password:
ERROR 1049 (42000): Unknown database 'abcd'
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 43
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# vim config.inc.php
root@kali:/var/www/html/dvwa/config# service apache restart
Failed to restart apache.service: Unit apache.service not found.
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 35
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> update user set password=PASSWORD('') where User='root';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> create database dvwa;
Query OK, 1 row affected (0.00 sec)
MariaDB [mysql]> quit
Bye
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 34
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> create user dvwa;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# cd /var/www/html/dvwa/config/
root@kali:/var/www/html/dvwa/config# vi config.inc.php
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 34
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# mysql -u dvwa -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 35
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> showdatabases;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'showdatabases' at line 1
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> quir
-> Ctrl-C -- exit!
Aborted
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 36
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> drop database dvwa;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# GRANT ALL PRIVILEGES ON dvwa.* TO dvwa IDENTIFIED BY"";
bash: GRANT: 未找到命令
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 36
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MariaDB [(none)]> GRANT ALL PRIVILEGES ON dvwa.* TO dvwa IDENTIFIED BY"";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config#