Damn Vulnerable Web Application,DVWA. The aim of DVWA is to practice some of the most common web vulnerability, with various difficultly levels, with a simple straightforward interface.
使用工具
Ubuntu 18,Xshell 7,Chrome
1、Xshell连接Ubuntu
自行安装好Ubuntu后,用Xshell连接可以进入全命令行界面。
1.1、Xshell配置复制/粘贴快捷键
Xshell没有自带的的Ctrl+V快捷键,需要我们自己设置。选中选项栏中的"工具"->"选项"->"键盘和鼠标"->"编辑"。(Ctrl+C不建议设置,会和中断执行快捷键冲突)
粘贴:"新建"->按"Ctrl+V"->"类型"下拉栏中选择"菜单"->在新出现的"菜单"下拉栏中找到"[编辑]粘贴"
1.2、新建会话
$ ip a #查看ip的所有相关信息
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8a:72:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.xx.xxx/24 brd 192.168.xx.255 scope global dynamic noprefixroute enp2s0
valid_lft 1455sec preferred_lft 1455sec
inet6 fe80::7542:121f:247:a352/64 scope link noprefixroute
valid_lft forever preferred_lft forever
新建会话,名称为ubuntu,主机为ubuntu的IPv4地址192.168.xx.xxx,连接,进入后输入用户密码即可。
2、在ubuntu上安装docker
参考:https://yeasy.gitbook.io/docker_practice/install/ubuntu
-
卸载旧版本:
$ sudo apt-get remove docker \ docker-engine \ docker.io -
使用APT安装:
$ sudo apt-get update $ sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release -
为了确认所下载软件包的合法性,需要添加软件源的 GPG 密钥:
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg -
然后向 sources.list 中添加 Docker 软件源:
$ echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null -
安装docker:
$ sudo apt-get update $ sudo apt-get isntall docker-ce docker-ce-cli containerd.io
可能遇到lock问题,通过sudo rm /var/.../lock,或者杀进程即可
-
将用户加入docker组中
如果不将用户加入docker组中再执行docker的命令,会报"docker: Got permission denied while tryint to connect to the Docker demon ... connect: permission denied."
$ sudo groupadd docker $ sudo usermod -aG docker $cara # $ sudo gpasswd -a cara docker -
测试Docker是否安装正确
$ docker run --rm hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world b8dfde127a29: Pull complete ...... For more examples and ideas, visit: https://docs.docker.com/get-started/
Ubuntu安装其他所需插件
查看信息
$ whoami #查看当前登录的用户
$ ip a #查看ip的所有相关信息
$ lsof #lsof: "列出打开文件(lists openfiles)",加上适当的选项后可以替代netstat和ps的工作
$ ps -ef | grep ssh #查询和ssh有关的进程信息。ps:process status
netstat
$ sudo apt install net-tools #安装netstat
$ netstat -nat | grep LISTEN #搜索LISTEN相关的网络连接
ssh
$ sudo apt install openssh-server #安装ssh
proxychains
$ sudo apt search proxychains #搜索proxychains代理程序
$ sudo apt install proxychains4
$ sudo vim /etc/proxychains4.conf #修改proxychains4的配置文件
$ proxychains4 curl -v cip.cc #查看IP、运营商等信息,检查是否成功kx上网
python
$ sudo apt install python #pip和后续使用SQLMap都要用到
3、克隆vulhub
#$ git clone https://github.com/vulhub/vulhub #用本地网络git clone,由于墙下载会非常慢
$ proxychains4 git clone https://github.com/vulhub/vulhub #用代理下载(需要自己kx上网)
3.1、克隆到本地后,配置vulhub:
$ cd ~
$ cd vulhub/
$ ls
activemq contributors.md elasticsearch gitlist java libssh
apereo-cas contributors.zh-cn.md electron glassfish jboss LICENSE
appweb couchdb fastjson goahead jenkins liferay-por
aria2 discuz ffmpeg gogs jetty log4j
base django flask h2database jira magento
bash dns flink hadoop jmeter mini_httpd
celery docker ghostscript httpd joomla mojarra
cgi drupal git imagemagick jupyter mongo-expre
coldfusion dubbo gitea influxdb kibana mysql
confluence ecshop gitlab jackson laravel nexus
$
$ cd activemq/
$ ls
CVE-2015-5254 CVE-2016-3088
$ cd CVE-2015-5254/
$ ls
1.png 2.png 3.png 4.png docker-compose.yml README.md README.zh-cn.md
$
3.2、安装docker-compose
$ sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compame -m) -o /usr/local/bin/docker-compose #安装docker-compose
$ sudo chmod +x /usr/loca
$ source ~cara/.bashrc #修改source,否则仍无法使用docker-compose
$ docker-compose up -d #-d是在后台,
Creating network "cve-2015-5254_default" with the default driver
Pulling activemq (vulhub/activemq:5.11.1)...
5.11.1: Pulling from vulhub/activemq
3e731ddb7fc9: Pull complete
47cafa6a79d0: Pull complete
79fcf5a213c7: Pull complete
b51142f4538b: Pull complete
d76b34844960: Pull complete
Digest: sha256:ebdbf7b2960520fc59b345a073732ac66020a4e1a3126f1facc19767aa069a0b
Status: Downloaded newer image for vulhub/activemq:5.11.1
Creating cve-2015-5254_activemq_1 ... done
$ cat docker-compose.yml
4、在docker里装入vulhub镜像
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
$ docker search dvwa
NAME DESCRIPTION STARS
citizenstig/dvwa Docker container for Damn Vulnerable Web App… 66
infoslack/dvwa 11
garland/dvwa Damn Vulnerable Web Application in a Docker … 7
cytopia/dvwa DVWA (Damn Vulnerable Web Application) with … 4
astronaut1712/dvwa Docker for DVWA LAB: https://github.com/Rand… 3
utspark/dvwa_frontend 3
opussolutions/dvwa 2
acgpiano/dvwa latest dvwa 2
benoitg/dvwa Damn Vulnerable Web Application https://gith… 2
sqreen/dvwa A deliberately vulnerable PHP test applicati… 2
liniker/dvwa DVWA 2
imfht/dvwa-nologin dvwa without login 1
jechoi/dvwa Instantly runnable DVWA to practice web atta… 1
sagikazarmark/dvwa DVWA (Damn Vulnerable Web Application) Docke… 1
gjuniioor/dvwa Damn Vulnerable Web Application (DVWA) on Do… 1
ishangirdhar/dvwabricks Docker container for Bricks & DVWA web appli… 0
aracloud/dvwa 0
santosomar/dvwa DVWA Container for Cybersecurity Training 0
soheileizadi/dvwa 0
cyberxsecurity/dvwa 0
waiyanwinhtain/dvwa 0
arco/dvwa Simple modifications on DVWA 0
c0ny1/dvwa dvwa镜像 0
howiehowerton/dvwa-howie 0
rbenavente/dvwa-fargate 0
$
$ docker pull citizenstig/dvwa
Using default tag: latest
latest: Pulling from citizenstig/dvwa
8387d9ff0016: Pull complete
......
Digest: sha256:1c0ab894f0bf41351519c8388a282c0a178216e9ce8f0399a162472070379dc6
Status: Downloaded newer image for citizenstig/dvwa:latest
docker.io/citizenstig/dvwa:latest
$
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 4 months ago 13.3kB
citizenstig/dvwa latest d9c7999da701 3 years ago 466MB
$ docker run -d d9 #d9指代d9c7999da701
60ba2432551a6e15e0cafab1462f7d3352007b9fd1449126c8d6af34998a7390
$
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
60ba2432551a d9 "/run.sh" 9 seconds ago Up 5 seconds 80/tcp, 3306/t
$ curl -v 127.0.0.1:80
* Rebuilt URL to: 127.0.0.1:80/
* Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 80 failed: 拒绝连接
* Failed to connect to 127.0.0.1 port 80: 拒绝连接
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 80: 拒绝连接
# 拒绝连接,即失败,因为还没有设置映射端口
$
$ docker stop 60 #60指代60ba2432551a,它的IMAGE为d9,说明是我们启动的那个
$ docker rm 60
$ docker ps #输出略
$ docker images
doREPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest d1165f221234 4 months ago 13.3kB
vulhub/activemq 5.11.1 0174d4ad1922 2 years ago 419MB
citizenstig/dvwa latest d9c7999da701 3 years ago 466MB
$ docker run -d -p 80:80 -p 3306:3306 d9
107f3c9707c0e19fd5ba77fb9d8b609319b1761ff6f80cfc63579ac5e6a833d5
# 配置成功
配置成功后,在本机上输入ubuntu的ip即可进入DVWA页面
默认账号:admin
密码:password