KALI搭建DVWA

首先聲明一下我不太推薦kali來搭建DVWA，因為kali默認安裝的mysql的數據庫是mariaDB，DVWA使用那個mariaDB數據庫沒有root權限

步驟:

1. 首先去github上下載DVWA的安裝包，網址為：https://github.com/ethicalhack3r/DVWA

2. 將下載好的壓縮包解壓並改名為dvwa，然后將其復制到 /var/www/html 文件夾中

3. 打開終端，執行以下命令:
將apache2停止：service apache2 stop
給dvwa文件夾相應的權限：chmod -R 755 /var/www/html/dvwa
啟動mysql服務： service mysql start
打開mysql： mysql -u root -p
創建數據庫：create database dvwa;
退出mysql：exit
啟動apache2服務：service apache2 start
打開瀏覽器，在地址欄中輸入 127.0.0.1/dvwa (或者 localhost/dvwa) ,瀏覽器會自動跳轉到127.0.0.1/dvwa/setup.php 頁面，看來要大功告成了，點擊頁面下方
Create/Reset Database按鈕，竟然不能創建數據庫，提示 Could not connect to the MySQL service. Please check the config file. 原來是相應配置文件還沒有修改。
找到/var/www/html/dvwa/config文件夾，打開其中的config.inc.php文件，將$_DVWA[ 'db_password' ] = 'p@ssw0rd'; 這一行改為$_DVWA[ 'db_password' ] = '';

再次進入上述網址點擊Create/Reset Database按鈕，提示數據庫創建成功。接下來就可以進入DVWA演練平台進行練習了。默認用戶名為admin，密碼為password。

---

！！！！！！出現mysql數據庫連接失敗問題！！！！！！！！！
找到php配置文件修改 PHP function allow_url_include:修改為on
密碼設置為空
主要思路：kali的mysql默認安裝的mariaDB，DVWA使用那個mariaDB數據庫沒有root權限，我在這的解決方法是新建一個數據庫並且提權

下面是上次解決問題是的全程終端界面

##########################################################################################
root@kali:~# whichis php
bash: whichis: 未找到命令
root@kali:~# whereis php
php: /usr/bin/php /usr/bin/php7.2 /usr/lib/php /etc/php /usr/share/php7.2-mysql /usr/share/php7.2-readline /usr/share/php7.2-gd /usr/share/php7.2-json /usr/share/php7.2-common /usr/share/php7.2-opcache /opt/lampp/bin/php /usr/share/man/man1/php.1.gz
root@kali:~# cd /usr/bin/php
bash: cd: /usr/bin/php: 不是目錄
root@kali:~# cd /etc/php/
root@kali:/etc/php# ls
7.2
root@kali:/etc/php# cd 7.2/
root@kali:/etc/php/7.2# ls
apache2 cli mods-available
root@kali:/etc/php/7.2# cd apache2/
root@kali:/etc/php/7.2/apache2# ls
conf.d php.ini
root@kali:/etc/php/7.2/apache2# vi php.ini
root@kali:/etc/php/7.2/apache2# grepit
bash: grepit: 未找到命令
root@kali:/etc/php/7.2/apache2# cd /var/www/html/
root@kali:/var/www/html# ls
dvwa index.html index.nginx-debian.html
root@kali:/var/www/html# cd dvwa/
root@kali:/var/www/html/dvwa# ls
about.php dvwa index.php php.ini vulnerabilities
CHANGELOG.md external instructions.php README.md
config favicon.ico login.php robots.txt
COPYING.txt hackable logout.php security.php
docs ids_log.php phpinfo.php setup.php
root@kali:/var/www/html/dvwa# cd config/
root@kali:/var/www/html/dvwa/config# ls
config.inc.php
root@kali:/var/www/html/dvwa/config# vim config.inc.php
root@kali:/var/www/html/dvwa/config# mysql -u root -p abcd
Enter password:
ERROR 1049 (42000): Unknown database 'abcd'
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 43
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# vim config.inc.php
root@kali:/var/www/html/dvwa/config# service apache restart
Failed to restart apache.service: Unit apache.service not found.
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 35
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [mysql]> update user set password=PASSWORD('') where User='root';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)

MariaDB [mysql]> create database dvwa;
Query OK, 1 row affected (0.00 sec)

MariaDB [mysql]> quit
Bye
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 34
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create user dvwa;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# cd /var/www/html/dvwa/config/
root@kali:/var/www/html/dvwa/config# vi config.inc.php
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 34
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# mysql -u dvwa -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 35
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> showdatabases;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'showdatabases' at line 1
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

MariaDB [(none)]>
MariaDB [(none)]> quir
-> Ctrl-C -- exit!
Aborted
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> drop database dvwa;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> Ctrl-C -- exit!
Aborted
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config# GRANT ALL PRIVILEGES ON dvwa.* TO dvwa IDENTIFIED BY"";
bash: GRANT: 未找到命令
root@kali:/var/www/html/dvwa/config# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 36
Server version: 10.1.29-MariaDB-6 Debian buildd-unstable

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON dvwa.* TO dvwa IDENTIFIED BY"";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit
Bye
root@kali:/var/www/html/dvwa/config# service mysql restart
root@kali:/var/www/html/dvwa/config# service apache2 restart
root@kali:/var/www/html/dvwa/config#