[목차]
1. DVWA 소개
2. DVWA 설치 및 환경 구성 - 리눅스(CentOS 7.x)
DVWA(Damn Vulnerable Web Application)란
취약점 진단 및 모의해킹 공부/실습을 할 수 있도록 만들어진 취약한 웹 어플리케이션이다.
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.
* 설치 관련 문서
https://github.com/ethicalhack3r/DVWA
* DVWA Download
git clone https://github.com/ethicalhack3r/DVWA
[DVWA 설치 및 환경구성]
① DVWA 파일 다운로드
# cd /var/www/html
# yum -y install wget
# wget https://github.com/ethicalhack3r/DVWA/archive/master.zip
② 다운로드 파일 압축 해제
# unzip master.zip
③ 심볼릭 링크 걸기
# ln -s DVWA-master dvwa
# ls -l
|
lrwxrwxrwx 1 root root 10 Feb 10:57 dvwa -> DVWA-master drwxr-xr-x 8 root root 4.0K Feb 10 2021 DVWA-master -rw-r--r-- 1 root root 1.4M Feb 10 10:54 master.zip |
④ 의존성 관계 패키지 다운로드 및 설치
httpd : Apache HTTP Server
mysql-server : The MySQL server and related files
php : PHP scripting language for creating dynamic web sites
php-mysql : A module for PHP applications that use MySQL databases
php-gd : A module for PHP applications for using the gd graphics library
# yum –y install httpd php php-mysql php-gd mariadb mariadb-server
(CentOS 6.X 이하의 경우는
# yum -y install httpd mysql-server php php-mysql php-gd )
⑤ ./config/cnofig.inc.php 파일 설정
MySQL 서버에 접속할 때 사용하는 정보 설정
# mv /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# vi /var/www/html/dvwa/config/config.inc.php
|
..... (중략) ..... # Database variables # WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. # Please use a database dedicated to DVWA. $_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = 'takudaddy'; ..... (중략) ..... |
암호 부분을 자유롭게 변경한다.
⑥ MySQL 기동
# systemctl restart mariadb
|
Stopping mysqld: [ OK ] Initializing MySQL database: WARNING: The host 'waf.example.com' could not be looked up with resolveip. This probably means that your libc libraries are not 100 % compatible with this binary MySQL version. The MySQL daemon, mysqld, should work normally with the exception that host name resolving will not work. This means that you should use IP addresses instead of hostnames when specifying MySQL privileges ! Installing MySQL system tables... OK Filling help tables... OK
To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h waf.example.com password 'new-password'
Alternatively you can run: /usr/bin/mysql_secure_installation
which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[ OK ] Starting mysqld: [ OK ] |
⑦ MySQL 기본 보안 설정
# mysql_secure_installation
|
Enter current password for root (enter for none): <ENTER> Set root password? [Y/n] Y New password: takudaddy Re-enter new password: takudaddy Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y |
mariadb 재기동
# systemctl enable --now mariadb
⑧ dvwa DB 생성
# mysql -u root -p
|
mysql> show databases; mysql> create database dvwa; mysql> grant all on dvwa.* to dvwa@localhost identified by 'takudaddy'; mysql> flush privileges; mysql> quit |
*참고
mysql> grant all on dvwa.* to dvwa@localhost identified by 'takudaddy';
이 부분을 아래 두 줄로 할 수도 있다.
mysql> create user dvwa@localhost identified by ‘soldesk1.’;
mysql> grant all on dvwa.* to dvwa@localhost;
⑨ 파일/디렉토리 퍼미션 문제 해결
Folder permissions
./hackable/uploads/ - Needs to be writable by the web service (for File Upload).
./external/phpids/0.6/lib/IDS/tmp/phpids_log.txt - Needs to be writable by the web service
(if you wish to use PHPIDS).
# chown apache /var/www/html/dvwa/hackable/uploads
# chown apache /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
⑩ php.ini 파일 설정
PHP configuration:
allow_url_include = on : Allows for Remote File Inclusions (RFI)
allow_url_fopen = on : Allows for Remote File Inclusions (RFI)
safe_mode = off : (If PHP <= v5.4) Allows for SQL Injection (SQLi)
magic_quotes_gpc = off : (If PHP <= v5.4) Allows for SQL Injection (SQLi)
display_errors = off : (Optional) Hides PHP warning messages to make it less verbose
# find / -name php.ini -type f
|
/var/www/html/DVWA-1.9/php.ini /etc/php.ini |
# vi /var/www/html/dvwa/php.ini
|
; This file attempts to overwrite the original php.ini file. Doesnt always work. [수정전] magic_quotes_gpc = Off allow_url_fopen on allow_url_include on [수정후] magic_quotes_gpc = Off allow_url_fopen = On # (On 첫 글자는 대문자가 정석이다!) allow_url_include = On safe_mode = Off magic_qutes_gpc = Off display_errors = Off |
# cat /etc/php.ini | grep allow_url_include
|
allow_url_include = On |
⑪ reCaptcha 설정
사이트에서 제공되는 내용
-------------------------------------------------------------------------------------
File: config/config.inc.php:
- $_DVWA[ 'recaptcha_public_key' ]
- $_DVWA[ 'recaptcha_private_key' ]
These values need to be generated from: https://www.google.com/recaptcha/admin/create
-------------------------------------------------------------------------------------
구글(www.google.com)에 ID/PASS 접속한다.
아래 사이트에서 site key(public key)/secret key(private key) 생성한다.
- https://www.google.com/recaptcha/admin/create
https://www.google.com/recaptcha/admin 사이트을 방문하여 reCaptcha 값을 만든다.
- cnfig.inc.php 파일에 만든 내용을 복사하여 설정한다.
- site key(public key)/secret key(private key)
# vi /var/www/html/dvwa/config/config.inc.php
|
# ReCAPTCHA settings # Used for the 'Insecure CAPTCHA' module # You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create $_DVWA[ 'recaptcha_public_key' ] = '6LfdjWcUAAAAAHzTRK7U5fgbUQJPRUjv-S6RkN5u'; $_DVWA[ 'recaptcha_private_key' ] = '6LfdjWcUAAAAAKPaCs_EkiGcOUPXA40tU4bf-Sam'; |
# systemctl enable httpd
# systemctl restart httpd
⑫ DVWA 셋업 페이지에서 내용을 확인
# firefox http://127.0.0.1/dvwa/setup.php &
*내용 중 빨간색이 많이 뜬다.
Disabled 부분은 거의 다 수정해야 함
*수정 할 부분
# vi /etc/php.ini
allow_url_include = On
# cd /var/www/html/dvwa
# chown apache config
# systemctl restart httpd
"Create / Reset Database" 클릭한다.
F5번으로 페이지 새로고침을 하면
로그인 화면으로 자동 이동한다.
⑬ 로그인
- http://127.0.0.1/dvwa/login.php
- ID/PASS: admin/password 로그인
⑭ Security Level의 기본값을 low로 바꾸기(취약한 서버 구성)
좌측 메뉴 하단 [DVWA Security] 선택 -> Leverl [Low] -> [Submit] 선택
또는
# vi /var/www/html/dvwa/config/config.inc.php
|
# Default security level # Default value for the secuirty level with each session. # The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'. $_DVWA[ 'default_security_level' ] = 'low'; |
Security Level이 'low' 설정 되었다면 웹페이지를 새로 띄워서 확인한다.
# firefox http://127.0.0.1/dvwa/login.php &
환경 구축 및 설정 완료
'WEB 진단 > WEB 진단' 카테고리의 다른 글
| SQL Injection for beginner by rubiya (0) | 2021.02.12 |
|---|---|
| 웹 모의해킹 실습 서버 [DVWA] 소개 및 설치 방법 (0) | 2021.02.10 |
| 웹 모의해킹 실습 서버 [OWASP Juice Shop] 소개 및 설치 방법 (0) | 2021.02.03 |
| 웹 모의해킹 실습 서버 [XVWA] 소개 및 설치 방법 (0) | 2021.02.01 |
| 웹 모의해킹 실습 서버 [Webgoat] 소개 및 설치 방법 (0) | 2021.02.01 |