【Environmental Construction】WAMP Environment + DVWA Vulnerability Testing Platform Construction Process
Table of contents
- 0 Preface
- 1 Introduction to WAMP Environment
- 2 Environment Deployment Process
- 3 Environment exercises and tests
- 4 Summary
- This section adopts the method of first deploying the WAMP environment on the win2008 virtual machine, and then installing the DVWA platform. This method is different from running a DVWA container on Docker. For the method of Docker creating a DVWA container, please refer to ” Building a DVWA Vulnerability Environment on Docker “.
- This method installs the official version, which is more powerful than the docker version.
1 Introduction to [WAMP] Environment
- WAMP environment: Apache+Mysql/MariaDB+Perl/PHP/Python under Windows, a group of open source software commonly used to build dynamic websites or servers, they are all independent programs, but because they are often used together, they have The higher and higher levels of compatibility together form a powerful web application platform.
- Advantages of using AMP integration software:
- Avoids inability to properly set up the environment due to lack of knowledge of AMP;
- The AMP environment can be quickly installed and set up, allowing us to start directly with the software we are really interested in, such as xoops;
- It is convenient to build a test environment, which is very helpful for testing “is it an AMP environment problem or a problem caused by XOOPS”, and the exclusion method can be used.
- The main WAMP integration environments are:
- WampServer Wamp
is the Windows Apache Mysql PHP integrated installation environment, that is, the server software of apache, php and mysql under the window. PHP extensions, Apache modules, turn on/off the mouse, and you don’t have to modify the configuration file yourself, WAMP will do it. There is no need to ask about the installation of php anymore, everything is done with WAMP, and this software is used more on the win platform.
XAMPP is a full-featured integrated environment with Chinese instructions, XAMPP is not just for Windows, but an easy-to-install Apache distribution for Linux, Windows, Mac OS X and Solaris. The package includes Apache server, MySQL, SQLite, PHP, Perl, FileZilla FTP Server, Tomcat, and more. The default installation opens all functions, and there are security problems, which require additional security settings.
integrates Apache, PHP, MySQL, and phpMyAdmin. It is relatively lightweight, and the version has not been updated for a long time.
In general, the above WAMP environments can basically meet the needs of beginners to configure the WAMP environment. For example, XAMPP and AppServ have various components, but they also feel that the file composition is more complicated, and beginners can’t understand it all at once. , like Digast Wamp Server, because it is a brand-new integrated environment, the program file configuration is more rigorous, the environment program size is moderate, and any directory can be customized, and the system will automatically configure parameters, which is especially suitable for beginners.
phpStudy supports 22 combinations to switch freely. This package integrates the latest Apache+Nginx+LightTPD+PHP+MySQL+phpMyAdmin+Zend Optimizer+Zend Loader, one-time installation, and can be used without configuration. It is a very convenient and easy-to-use PHP debugging environment. The program is only 35M green, small and simple, and has a special control panel. In short, learning PHP only needs one package.
- WampServer Wamp
2 Environment Deployment Process
Deploy the WAMP environment on the target machine (win2008R2SP1) to provide PHP programming and experimental needs.
The VC14 runtime library cannot be installed on the pure version of win2008R2, so the target machine adopts the win2008R2SP1 system.
2.2 [Virtual machine] installation win2008R2SP1
- Download the system ISO file, click https://msdn.itellyou.cn/ platform and select win2008R2SP1 to download. Select the operating system → select Windows Server 2008 R2 → select with Service Pack1 → click on the details to expand → copy the link to Thunder to start the download.
- Because there are many system versions that need to be used in the learning and practice process, it is recommended to create a folder in the D drive of the real machine and name it VM, which is mainly used to store our configured virtual machine. Create a subfolder under this folder and name it win2008R2SP1 to store the newly created virtual machine.
- Start the VM and click Create New Virtual Machine.
- Select “Typical” to configure the Windows family of systems and click Next.
- Select Install the operating system later, Next.
- Select windows, and select win2008R2 in the version, the next step.
- Name the virtual machine according to the system name, and select the path mentioned in the second step to save the virtual machine for easy management of all virtual machines.
- Conditionally, it is recommended to choose a larger disk size, and choose to store as a single file, the next step.
- You can customize the hardware facilities at this time, or you can modify it in the future use process, click Finish.
- Set the source of the virtual machine ISO file and click OK.
- Click the green triangle to start the virtual machine, start the system installation → pop up the following picture and click Next → start the installation.
- Select Enterprise Edition to install → Next.
- Check Accept the license and click Next.
- At this point, create a new virtual machine and select Custom Advanced.
- Divide the disk into two CDs after installation, click Next.
- Begin the long installation process.
- The first time you log in, you need to set a password, click OK.
- To set the password twice, click the arrow. A pop-up prompts that the password has been updated, click OK again to enter the system.
- The following interface pops up, indicating that the system has been installed.
- Other settings such as desktop icons, activating the system, turning off the firewall, disabling automatic updates, setting snapshots, etc. Please refer to ” Virtual Machine and Common System Configuration Steps “
2.3 Install phpstudy
- Download the phpstudy installation package. Go to its official website to download the required version. This tutorial downloads the 2018 version.
- Open win2008R2SP1 in the virtual machine. If there is a snapshot setting, restore it to the best state. Copy and paste the installation package downloaded above to the D drive of the system.
- Double-click to run the software, decompress it first, and modify the decompression path to the C drive.
- Start the software, it is prompted that the system lacks the runtime libraries of VC9, VC11 and VC14, download it from the Baidu network disk: https://pan.baidu.com/s/1vkp_lW985sk8oivJHWfUfQ Password: qxtb
- Copy the decompressed folder to the virtual machine, right-click to install the required runtime library as an administrator.
- The installation process requires consent to the license.
- Exit the phpstudy program, find the startup program in the decompression path and open it again, and the error message that the VC runtime library is missing will no longer pop up. It is recommended to create a shortcut to the program to the desktop.
- Click the Start button to start the software normally.
- In C:\phpStudy\PHPTutorial, you can find the directory for each tool.
2.4 Configuring MySQL
- Purpose: To facilitate the direct operation of MySQL on the system command line, the path of MySQL needs to be added to the system variable.
- In the installed phpstudy directory, find the MySQL installation directory, enter the bin folder, and copy the full path for later use.
- Right-click Computer→Properties→Advanced System Settings→Advanced→Environment Variables.
- Find Path→Select→Edit in System Variables.
- At the end of the value, enter a semicolon for the English state, and then paste the MySQL path copied above. Keep clicking OK.
- Open the cmd window, enter the command mysql -uroot -proot, log in to the database, and check the feedback to determine whether it is successful. As shown in the figure below, the MySQL path is successfully deployed.
2.5 Install DVWA
- Purpose: To conduct vulnerability testing exercises.
- Download: Visit the official website https://dvwa.co.uk/ and click here at the bottom of the page to download.
- Unzip the compressed file. It is recommended to rename the compressed folder to DVWA, which will be easier to access in the future.
- Copy and paste the DVWA folder to the root directory of the phpstudy website, which is the WWW folder. (Because I have other content installed in this folder, don’t worry about it)
- In the DVWA\config folder, make a copy of config.inc.php.dist and name it config.inc.php, open config.inc.php and modify the following parameters.
$_DVWA [ 'db_server' ] = '127.0.0.1' ; #Database address $_DVWA [ 'db_database' ] = 'dvwa' ; #Database name $_DVWA [ 'db_user' ] = 'root' ; #Database username $_DVWA [ 'db_password' ] = 'root' ; #Database password
2.6 Install Visual Studio Code
- Purpose: This tool is only for the convenience of editing files, you can edit it with Notepad without installing it.
- I originally wanted to install notepad++ as an editor. When I searched, I saw that the software was banned for insulting China in 2020. Here, Visual Studio Code is used as the editor.
- Go to [https://visualstudio.microsoft.com/zh-hans/] to find the software installation package suitable for your platform at the following location. Here, select the installation package for the Windows platform to download and install.
- Right-click to run the installation package as an administrator, and click OK when the following prompt pops up.
- Select Agree and click OK.
- Keep the default installation path and click Next.
- Cross-border mode, click Next.
- ①Add the “Open via code” operation to the Windows Explorer file context menu
②Add the “Open via code” operation to the Windows Explorer directory context menu
Description: ①②Check it, you can right-click on the file or directory, Select Open with VScode.
③Register code as an editor of a supported file type
Note: By default, VScode is used to open text-type files such as txt, py, etc. It is generally recommended not to check.
Make all the code files supported by VScode become open by default in VScode, and the file icon will also change accordingly, which is easy to identify.
④Add to PATH (it will take effect after restarting)
Description: This step is the default, check it, you can use it directly without configuring environment variables.
- start installation.
- After the installation is complete, it is finished. Click here to install the Simplified Chinese support package.
- After the Chinese package is installed, click restart, and you can see that it is a simplified Chinese interface.
3 Environment exercises and tests
3.1 Edit batch files to facilitate query ip information
Create a new text file on the desktop, name it ip.bat, right-click the file to open it with code, and enter the following command.
Double-click the file to query the local ip address.
3.2 Edit the batch file to facilitate the query of the local port number
Create a new text file on the desktop, name it tcp_port.bat, right-click the file to open it with code, and enter the following command.
netstat -what -p tcp pause
Double-click the file to query the tcp port opened by the machine.
3.3 Open phpstudy and verify
- Start phpstudy.
- Double-click tcp_port.bat. You can see that some ports have been added.
- Enter the IP address of the virtual machine in the browser, access the web page, and the word hello world pops up, indicating that the access is successful.
- Click “Other Options Menu” to set various files. Check out PHP Probes.
- Swipe to the bottom of the web page, enter the default account and password in the MySQL database, both are root, and click Detect.
- A pop-up prompts that the database connection is normal.
3.4 Verify DVWA installation result
- In the virtual machine, open the browser and enter 127.0.0.1/dvwa to see that the vulnerable platform is accessed. The default login account is admin and the password is password. (Before this page appears, there is also a page prompting which functions have been successfully installed and which ones have failed. It cannot be reproduced. Some failures will be supplemented and improved in the future.)
- After logging in, you can see the following interface, the left side is a loophole level, where you can set the difficulty, a total of 4 difficulties.
- Master the method of virtual machine installation system;
- Master the method of deploying WAMP environment;
- Learn how to deploy DVWA.