CentOS防火墙、Xampp、修改DVWA默认级别

0. 概述

漏扫工具扫描DVWA，没扫到SQL注入，分析发现是DVWA默认为impossible级别，想要检验漏扫工具的能力，将DVWA手动调整为low级别，以下是进行操作用到的一些操作，防火墙命令其实没有用到，列在这里当做备用吧。

将DVWA默认级别设置为low，AppScan扫描到的结果如下：

1. CentOS7防火墙常用命令

关闭防火墙

systemctl stop firewalld.service

启动防火墙

systemctl start firewalld.service

重启防火墙

systemctl restart firewalld.service

查看防火墙状态

systemctl status firewalld.service

2. Xampp常用命令

启动Xampp

/opt/lampp/xampp start

停止Xampp

/opt/lampp/xampp stop

重启Xampp

/opt/lampp/xampp restart

3. 修改DVWA默认级别

通过修改配置文件来完成。

vim lampp/htdocs/DVWA-1.9/config/config.inc.php

修改第32行值为”low”

……
 13 #   Please use a database dedicated to DVWA.
 14 $_DVWA = array();
 15 $_DVWA[ 'db_server' ]   = '127.0.0.1';
 16 $_DVWA[ 'db_database' ] = 'dvwa';
 17 $_DVWA[ 'db_user' ]     = 'root';
 18 $_DVWA[ 'db_password' ] = 'toor';
 19 
 20 # Only used with PostgreSQL/PGSQL database selection.
 21 $_DVWA[ 'db_port '] = '5432';
 22 #$_DVWA[ 'db_port '] = '3690';
 23 # ReCAPTCHA settings
 24 #   Used for the 'Insecure CAPTCHA' module
 25 #   You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create
 26 $_DVWA[ 'recaptcha_public_key' ]  = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg';
 27 $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ';
 28 
 29 # Default security level
 30 #   Default value for the secuirty level with each session.
 31 #   The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'.
 32 $_DVWA[ 'default_security_level' ] = 'low';
 33 
 34 # Default PHPIDS status
 35 #   PHPIDS status with each session.
:wq
……

设置完成后要重启服务，使用第二节的Xampp常用命令来完成。

---

秋风木叶 2020-8-17