PHP靶场-bWAPP环境搭建
<h1>0x00 靶场介绍</h1><p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">bwapp是一款非常好用的漏洞演示平台,包含有100多个漏洞。开源的php应用后台Mysql数据库。</span></p>
<p> </p>
<h1><span style="font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; text-align: start; white-space: pre-wrap">0x01 安装</span></h1>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">BWAPP有两种安装方式,一种是单独安装,需部署在Apache+PHP+Mysql环境下;一种是虚拟机导入,下载后直接用VMWare打开即可。</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">下面分别介绍两种方式的安装方法。</span></p>
<p> </p>
<h2> </h2>
<h2>1. 单独安装</h2>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">由于需要部署在<code style="box-sizing: border-box; font-family: var(--monospace); vertical-align: initial; border: 1px solid rgba(231, 234, 237, 1); border-radius: 3px; padding-right: 2px; padding-left: 2px; font-size: 0.9em">Apache+PHP+Mysql</code>环境下,我们可以直接使用集成环境,这里笔者使用的是PHPStudy,PHPStudy的安装及使用在此就不做介绍了。</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(1)下载链接:</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; word-break: break-all; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">https://sourceforge.net/projects/bwapp/files/latest/download</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(2)安装步骤:</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">A.下载后解压文件,将文件放在WWW目录下</span></p>
<p> </p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">B.在admin/settings.php下更改数据库连接设置</span></p>
<p><span style="color: inherit; line-height: inherit; box-sizing: border-box; font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528162536175-2065855420.png" alt=""></span></p>
<p> </p>
<p> </p>
<p> <span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">同时也能在文件下方看到默认登录账户名及密码,可按需更改</span></p>
<p><span style="font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528162605471-275946947.png" alt=""></span></p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">C.运行PHPStudy,然后在浏览器打开<span style="box-sizing: border-box; word-break: break-all; text-align: start; white-space: pre-wrap">http://127.0.0.1/bWAPP/install.php</span></span></p>
<p> </p>
<p><span style="font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><span style="box-sizing: border-box; font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><span style="box-sizing: border-box; word-break: break-all; font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528162640788-719087460.png" alt=""></span></span></span></p>
<p> </p>
<p> </p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">点击here创建数据库</span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">D.安装成功,进入靶场主界面</span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(3)使用方法:</span></p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">账户名及密码:<code style="box-sizing: border-box; font-family: var(--monospace); vertical-align: initial; border: 1px solid rgba(231, 234, 237, 1); border-radius: 3px; padding-right: 2px; padding-left: 2px; font-size: 0.9em">bee/bug</code></span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">可在右上方选择漏洞和安全级别进行测试</span></p>
<p><span style="font-family: "Open Sans", "Clear Sans", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 16px; orphans: 4; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528162725723-1707153664.png" alt=""></span></p>
<p> </p>
<p> </p>
<p> </p>
<h2>2. 虚拟机安装</h2>
<p><span style="color: inherit; line-height: inherit; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">虚拟机版本能够测试的漏洞更多,比如破壳漏洞,心脏滴血漏洞等在单独安装的环境下无法测试。</span></p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(1)下载链接:</span></p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt">https://sourceforge.net/projects/bwapp/files/bee-box/bee-box_v1.6.7z/download</span></p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(2)安装步骤</span></p>
<p> </p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">下载后解压,打开VMWare,在打开虚拟机选项中进入bee-box文件选择bee-box.vmx即可。选择NAT模式,开启虚拟机即可进入主界面</span></p>
<p> <img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528170741841-1557294149.png" alt=""></p>
<p> </p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">(3)使用方法:</span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">登录:bee/bug;安全等级可选;低-中-高</span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">方法一:直接在bee-box虚拟机中使用,点击bWAPP-Start即可进入登陆页面,登录后在右上方找到XXE漏洞,选择测试等级</span></p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528171225584-2009735910.png" alt=""></span></p>
<p> </p>
<p><span style="font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap"></span></p>
<p> </p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap">方法二:查看虚拟机IP,在物理机浏览器访问<code style="box-sizing: border-box; font-family: var(--monospace); vertical-align: initial; border: 1px solid rgba(231, 234, 237, 1); border-radius: 3px; padding-right: 2px; padding-left: 2px; font-size: 0.9em">http://虚拟机IP地址/bWAPP/login.php</code>进行登录,登录后在右上方找到XXE漏洞,选择测试等级</span></p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap"><img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528171321418-1957462731.png" alt=""></span></p>
<p> </p>
<p><span style="box-sizing: border-box; font-family: Microsoft YaHei; font-size: 14pt; text-align: start; white-space: pre-wrap"></span></p>
<p> <img src="https://img2020.cnblogs.com/blog/1937992/202005/1937992-20200528171403805-396434057.png" alt=""></p>
<p> </p>
<p> </p>
<p style="text-align: center"> </p><br><br>
来源:https://www.cnblogs.com/zzjdbk/p/12981726.html
頁:
[1]