This is the fourth day of my participation in the August More text Challenge. For details, see:August is more challenging
DVWA Range – Docker container installation and construction method
Damn Vulnerable Web App DVWA (Damn Vulnerable Web App) is a PHP/MySql based Web application designed to provide a legitimate environment for security professionals to test their skills and tools, and to help Web developers better understand the Web application security process.
Refer to the link
Set up post: www.cnblogs.com/sym945/p/11…
The official container: hub.docker.com/r/vulnerabl…
Environment description
Docker: 19.03.3 DVWA Version: Latest, DIGEST: Dae203fe1164, Linux/AMd64, check dockfile, this version of DVWA image is based on FROM Debian :9.2 Host image: 64 version, you can consider later to 32GB or 16G version of the image
The installation process
Note: The following commands are run as the root user
Install and configure Docker
1. Update the source
apt-get update && apt-get upgrade && apt-get clean
Copy the code2. Install the Docker
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
Copy the code3. Configure Docker acceleration
vi /etc/docker/daemon.json
Copy the codeAdd the following
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]}Copy the codeRestart Docker and view Docker information
systemctl daemon-reload
systemctl restart docker
docker info
Copy the codeDownload and install DVWA
1. Search for DVWA images
docker search dvwa
docker search web-dvwa
Copy the code2. Install DVWA
Docker pull vulnerables/ web-DVwa # The latest version installed hereCopy the codeIs equivalent to
docker pull vulnerables/web-dvwa:latest
Copy the codeThe official latest version was updated a year ago, and the other version, version 1.9, was updated three years ago.
Docker pull vulnerables/web - dvwa: 1.9Copy the code3. Check the docker image list
docker images
Copy the code4. Run the DVWA container
docker run --rm -it -p 10080:80 vulnerables/web-dvwa
Copy the code5. Check whether the host port used by the container is opened
netstat -ntulp |grep 10080
Copy the codeIf the display is normal, then the INSTALLATION of THE DVWA target drone is completed. Further configuration is needed to complete the installation.
Configure the DVWA environment
1. If the target is the host of the desktop environment, you can directly access it through http://127.0.0.1:10080. In other machines, you can use the IP address and port of the host to access it. http://IP:10080
Initial account: admin Initial password: password
2. Create a database
Click Create/Reset Database to Create the Database and click Login
other
Attached: dockerfile file
FROM Debian :9.2 LABEL Maintainer "[email protected]" RUN apt-get update && \ apt-get upgrade -y && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ debconf-utils && \ echo mariadb-server mysql-server/root_password password vulnerables | debconf-set-selections && \ echo mariadb-server mysql-server/root_password_again password vulnerables | debconf-set-selections && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ apache2 \ mariadb-server \ php \ php-mysql \ php-pgsql \ php-pear \ php-gd \ && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* COPY php.ini /etc/php5/apache2/php.ini COPY dvwa /var/www/html COPY config.inc.php /var/www/html/config/ RUN chown www-data:www-data -R /var/www/html && \ rm /var/www/html/index.html RUN service mysql start && \ sleep 3 && \ mysql -uroot -pvulnerables -e "CREATE USER app@localhost IDENTIFIED BY 'vulnerables'; CREATE DATABASE dvwa; GRANT ALL privileges ON dvwa.* TO 'app'@localhost;" EXPOSE 80 COPY main.sh / ENTRYPOINT ["/main.sh"]Copy the code