§1.1 靶场:虚拟机CentOS7.8(192.168.112.100)
百度网盘链接:
https://pan.baidu.com/s/13sihp9ycrmPzOS78Cpm90Q?pwd=lch1
提取码:lch1
内容提要:
1.虚拟机CentOS7.8(192.168.112.100)
(1)DVWA
(2)sqli-labs
(3)sqlmap
(4)login&loginPHP
(5)Firefox81.0.2&hackbar2.1.3-master
2.Rocky Linux下载及安装
3.阿里云主机CentOS7.8(139.196.115.175)
1.虚拟机CentOS7.8(192.168.112.100)
虚拟机CentOS7.8(192.168.112.100),用VMware Workstation 15.5.1打开,可以使用DVWA、sqli-labs、sqlmap、login、loginPHP等练习Web安全(SQL Injection,文件上传漏洞,文件包含漏洞,CSRF,XSS,命令注入……)。
登录用户名:root,密码:123456
●VMware15.5.1:
编辑→虚拟网络编辑器→VMnet8→112网段→确定:
●Xshell5:
●虚拟机CentOS7.8(192.168.112.100):
(1)DVWA-master
DVWA-master.zip
URL: http://192.168.112.100/DVWA-master/index.php
用户名/密码: admin/password
服务器端:
(1)SQL注入(SQL Injection)
(2)文件包含(File Inclusion)
(3)文件上传解析(File Upload)
客户端:
(4)CSRF 跨站点请求伪造(Cross-Site Request Forgery)
(5)XSS 跨站脚本攻击(Cross Site Scripting)
(2)sqli-labs
sqli-labs-master.zip
URL: http://192.168.112.100/sqli-labs/index.html
(3)sqlmap
sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz
# sqlmap
(4)login&loginPHP
login.zip&loginPHP.zip
URL: http://192.168.112.100/login/bp.php
URL: http://192.168.112.100/login/login.php
URL: http://192.168.112.100/loginPHP/login.php
(5)Firefox81.0.2&hackbar2.1.3-master
Firefox-latest-x86_64.tar.bz2
hackbar2.1.3-master.zip
Firefox, <F12>
(CentOS7.8的DNS已设置为202.103.24.68(武汉DNS),可以改为8.8.8.8或114)
=================================
课外拓展:
※2.Rocky Linux下载及安装
Red Hat CentOS8停更!2021年底结束。CentOS7在2024年停止维护!IBM收购Red Hat!
2019.9 CentOS 8 Stream是 Centos 8 之后一个滚动发布的 Linux 发行版
2021.12.31 CentOS 8 Stream不稳定!最新CentOS8到2021年底。
https://mirrors.aliyun.com/centos/8-stream/isos/x86_64/
CentOS-Stream-8-x86_64-20220519-dvd1.iso 10.6 GB 2022-05-19 23:54
以前:Fedora-->RHEL-->CentOS
RHEL的下游
改为:Fedora-->CentOS Stream-->RHEL
RHEL的上游
Rocky Linux,社区版的企业OS(Enterprise Linux, the community way.以社区方式驱动的企业Linux)
2020.12.10
2021.05.01 8.3 Rocky-8.3-x86_64-dvd1.iso(9GB) RHEL替代方案
2021.11.15 8.5 Rocky-8.5-x86_64-dvd1.iso(10GB)
2022.03.16 8.6 Rocky-8.6-x86_64-dvd1.iso(10.4GB)
(1)下载
http://download.rockylinux.org/pub/rocky/
阿里镜像站:
https://developer.aliyun.com/mirror/rockylinux?spm=a2c6h.13651102.0.0.1a681b11AFSnRb #Rocky Linux镜像简介、配置方法、相关链接
https://mirrors.aliyun.com/rockylinux/8.6/isos/x86_64/
Rocky-8.6-x86_64-dvd1.iso 10.4GB 2022-05-16 06:21
(2)安装
NAT模式:112网段
硬盘:100G
显示器:指定显示器设置:800×600
带GUI的服务器,附加软件:开发工具
NVMe
分区:LVM 磁盘:/dev/nvme0n1,/dev/nvme0n1
物理卷(分区):/dev/nvme0n1p1 /boot 1G
物理卷(分区):/dev/nvme0n1p2
卷组:rl
逻辑卷:home,root,swap /home, /, swap
分区:标准分区
/dev/sda1 /boot 1G xfs (CentOS7或8 1GB ,CentOS6 200M)
/dev/sda2 2G swap
/dev/sda3 / 17G xfs
关闭KDUMP
root密码:123456,普通用户wgxy/123456
网络:IP:192.168.112.201/24,GW:192.168.112.2
1456个包 20min
即时验证测试:
(1)网络
# ip a #ens160:192.168.112.201/24 virbr0:192.168.122.1/24
# ip route #192.168.112.2
# cat /etc/resolv.conf #192.168.112.2
# ping baidu.com
(2)yum源
# cd /etc/yum.repos.d/
# ll
# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
# dnf makecache
# vi local.repo
[DVD]
name=Rocky8.6
baseurl=file:///media/BaseOS/
enabled=1
gpgcheck=0
# vi /etc/fstab
# /dev/sr0 /media iso9660 defaults,loop,ro 0 0
# mount -a
# yum clean all
# yum makecache;yum repolist all
# yum -y install tree vim lrzsz net-tools unzip #dnf
# rpm -qa | wc -l #查看已安装了多少个包
1457 1468
# yum list | wc -l
2562 7130
# lscpu #查看是否支持虚拟化
# free -m #内存1.5G,swap4G
# df -hT #硬盘空间剩59GB
快照1
3.阿里云主机CentOS7.8(139.196.115.175)
云主机CentOS7.8(139.196.115.175),安装DVWA、sqli-labs、sqlmap等练习Web安全(SQL Injection,文件上传漏洞,文件包含漏洞,CSRF,XSS,命令注入...):
(1)DVWA-master
DVWA-master.zip
URL: http://139.196.115.175/DVWA-master/index.php
用户名/密码: admin/password
(2)sqli-labs
sqli-labs-master.zip
URL: http://139.196.115.175/sqli-labs/index.html
(3)sqlmap
sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz
# sqlmap
(4)login&loginPHP
login.zip loginPHP.zip
URL: http://139.196.115.175/login/bp.php
URL: http://139.196.115.175/login/login.php
URL: http://139.196.115.175/loginPHP/login.php
