//DVWA 是一个用来进行安全脆弱性鉴定的Web应用平台可以手动调整靶机源代码的安全级别包含暴力破解、命令行注入、跨站请求伪造、文件包含、文件上传、SQL注入、XSS等漏洞。1下载安装包通过网盘分享的文件DVWA-master.zip链接:https://pan.baidu.com/s/1O6NS-t33NqyKilUjVyXvBA?pwdqrwq提取码: qrwq2使用Xftp将安装包上传到CentOS的“ /opt/lampp/htdocs ”目录下(3) 解压缩并修改名称为“ dvwa ”// bash cd /opt/lampp/htdocs/ unzip DVWA-master.zip mv DVWA-master dvwa4进行配置//bash # 1. 进入配置目录 cd /opt/lampp/htdocs/dvwa/config/ # 2. 复制配置文件 cp config.inc.php.dist config.inc.php # 3. 修改数据库密码 sed -i s/pssw0rd/123456/g config.inc.php # 4. 设置目录权限 chmod 777 /opt/lampp/htdocs/dvwa/hackable/uploads/ mkdir -p /opt/lampp/htdocs/dvwa/external/phpids/0.6/lib/IDS/tmp/ chmod 777 /opt/lampp/htdocs/dvwa/external/phpids/0.6/lib/IDS/tmp/ # 5. 修改 PHP 配置 sed -i s/allow_url_include Off/allow_url_include On/g /opt/lampp/etc/php.ini5重启XAMPP服务输入//bash /opt/lampp/lampp restart✅重启完成6启动浏览器访问安装首页http://192.168.111.128/dvwa/(ip地址为自己实际环境地址点击底部的“Create/Reset/Database”按钮进行安装。❌️如果出现这个错误是因为系统尝试用dvwa用户连接数据库但你的数据库用户是root。解决方案修改配置文件使用 root 用户1️⃣用正确的配置覆盖文件//bash cat /opt/lampp/htdocs/dvwa/config/config.inc.php EOF ?php # If you are having problems connecting to the MySQL database and all of the variables below are correct # try changing the db_server variable from localhost to 127.0.0.1. Fixes a problem due to sockets. # Thanks to digininja for the fix. # Database management system to use $DBMS MySQL; #$DBMS PGSQL; // Currently disabled # Database variables # WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. # Please use a database dedicated to DVWA. # # If you are using MariaDB then you cannot use root, you must use create a dedicated DVWA user. # See README.md for more information on this. $_DVWA array(); $_DVWA[ db_server ] 127.0.0.1; $_DVWA[ db_database ] dvwa; $_DVWA[ db_user ] root; $_DVWA[ db_password ] 123456; $_DVWA[ db_port ] 3306; # ReCAPTCHA settings # Used for the Insecure CAPTCHA module # Youll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ recaptcha_public_key ] ; $_DVWA[ recaptcha_private_key ] ; # Default security level # Default value for the security level with each session. # The default is impossible. You may wish to set this to either low, medium, high or impossible. $_DVWA[ default_security_level ] impossible; # Default PHPIDS status # PHPIDS is not ready for production environments, so is disabled by default. $_DVWA[ php_ids_status ] disabled; ? EOF2️⃣验证配置文件//bash # 查看文件内容应该只有一份且用户是 root cat /opt/lampp/htdocs/dvwa/config/config.inc.php | grep db_user3️⃣创建dvwa数据库//bash # 创建数据库 /opt/lampp/bin/mysql -u root -p123456 -e CREATE DATABASE IF NOT EXISTS dvwa; # 验证 /opt/lampp/bin/mysql -u root -p123456 -e SHOW DATABASES;4️⃣设置目录权限//bash # 设置上传目录权限 chmod 777 /opt/lampp/htdocs/dvwa/hackable/uploads/ # 创建并设置 PHPIDS 临时目录权限 mkdir -p /opt/lampp/htdocs/dvwa/external/phpids/0.6/lib/IDS/tmp/ chmod 777 /opt/lampp/htdocs/dvwa/external/phpids/0.6/lib/IDS/tmp/5️⃣重启XAMPP并访问//bash # 重启 /opt/lampp/lampp restart6️⃣重新点击按钮用户 admin 密码 password✅成功进来如果忘记密码可以输入以下命令进行重置//bash # 重置 admin 密码为 password /opt/lampp/bin/mysql -u root -p123456 -e USE dvwa; UPDATE users SET password MD5(password) WHERE user admin;