This is the second day of my participation in the August Text Challenge.More challenges in August
DVWA range -windowsXP building method
DVWA (Damn Vulnerable Web App) is a PHP/MySql based Web application designed to provide a legal environment for security professionals to test their professional skills and tools and help Web developers better understand the process of Web application security.
I. Environmental description
Host: WindowsXP, firewall has been closed, remote desktop has been opened. Integrated test environment XAMPP-Win32-8.2-6-VC9 DVWA version: 1.9
2. Reference links
www.cnblogs.com/amberly/p/6… Blog.csdn.net/qq_41617034… www.cnblogs.com/layerlearne… www.cnblogs.com/wildernessd…
Three, software download
1, 2, download, download XAMPPhttps://www.apachefriends.org/download.html DVWA (www.dvwa.co.uk/).
Iv. Environment installation and configuration
1. Install XAMPP
Select the installation location during the installation process, and leave everything else as default until the installation is complete.
As shown, the installation path with the startup panel. Already integrated with Apache and mysql
2. Configure XAMPP
Click start to start Apache and MySQL. After a while, enter 127.0.0.1/ phpMyadmin in your browser to enter the MySQL database. We are not required to enter the account and password to log in to the MySQL database, because the passwords of other accounts such as the root account of MySQL are empty by default. You can choose Account > Change Permission > Change Password to change a user password. The process is shown in the screenshot.
The password of root is root
(2) The connection failed when refreshing the browser. This is because we just changed the root password of MySQL, but the default password for phpMyadmin to communicate with MySQL is still the original empty password, which has not been updated into the password we use now. The solution is
Open the xampp \ phpMyAdmin \ config inc. PHP
Enter the root password in the previous step.
$cfg['Servers'] [$i] ['password'] = ' ';
Copy the codeRefresh your browser again and you can login to 127.0.0.1/ phpMyadmin.
3. Deploy and configure DVWA
Copy the downloaded DVWA compressed package to xampp\htdocs directory, unzip, remove the nested folder generated by compression, and change the default file name of DVWA to DVWA. Modify the initial configuration file by typing 127.0.0.1/dvwa in the browser and press Enter, or by typing IP/dvwa of the host computer on another machine
Display error: “DVWA System error – the config file not found. Copy the config/config. Inc., a PHP. The dist to config/config. Inc., PHP and configure the to DVWA system error – configuration file not found. Copy the configuration/config.inc. Php.dist to/config.inc. PHP and configure your environment. Following this tip, we go to the directory where dvwa was placed, open the config directory, and rename /config.inc.php.dist as /config.inc. PHP (i.e., remove.dist), as shown in the figure
Then refresh http://127.0.0.1/dvwa to open dvWA:
4. Several wrong solutions
ip:80/dvwa/setup.php
(1)PHP function allow_url_include disabled
Open /xampp/ PHP /php.ini and find
Allow_url_include = Off instead
allow_url_include=On
After the modification is saved, restart the Apache service.
As shown in figure.
(2)Could not connect to the mysql service. please check the config file
Open/xampp/htdocs/dvwa/config/config. Inc., PHP, will be
DVWA[‘ dbuser ‘] = ‘root’ _DVWA[‘db_user’] = ‘root’DVWA[‘ dbuser ‘] = ‘root’ _DVWA[”db_password] = ‘p@ssw0rd
DVWA [‘ dbuser ‘] = ‘root’; _DVWA[ ‘db_user’ ] = ‘root’; DVWA [‘ dbuser ‘] = ‘root’; _DVWA[ ‘db_password’ ] = ‘root’;
As shown in figure
(3)reCAPTCHA key:Missing
Open/xampp/htdocs/dvwa/config/config. Inc., PHP, will be
$_DVWA[ 'recaptcha_public_key' ] = ' ';
$_DVWA[ 'recaptcha_private_key' ] = ' ';
Copy the codeInstead of
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
Copy the codeAs shown in figure
5. Password description
Vm username admin Password admin
Dvwa Access mode: http://ip:80/dvwa User name admin Password password