1.vmware安装centos7+lnmp
lnmp环境搭建成功验证:
浏览器输入虚拟机ip(ip add查看虚拟机ip)
进入此页面则lnmp安装成功
2.导入靶机web项目
把项目文件夹复制至lnmp默认路径下
尝试访问 :192.168.10.114/web/
可以成功访问,但里面的php文件跟lnmp环境php版本不兼容,需要修改一下,以此类推对php文件进行修改。(不兼容php语句如下图)
修改后:
// An highlighted block
<!DOCTYPE html><!--STATUS OK--><html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>欢迎来到sql4</title>
</head>
<body>
<h1 align=center>sql4没那么简单了!!!</h1>
<h2 align=center>用户 ID:</h2>
<form align=center action="#" method="GET">
<input type="text" name="id">
<input type="submit" name="Submit" value="提交">
</form>
<center><img src=sql1.png></center>
<form align=center action="#" method="POST">
flag:<input type="text" name="flag">
<input type="submit" name="Submit2" value="提交">
</form>
<?php
if (isset($_GET['Submit']))
{
$id = $_GET['id'];
$id = str_replace(" ","","$id"); //过滤空格
$id = str_replace("select","","$id"); //过滤select
$id = str_replace(",", "", "$id"); //过滤逗号
$db_connect=mysqli_connect("localhost","root","123456","sql4") or die("Unable to connect to the MySQL!");
$getid = "SELECT name,age FROM user WHERE Id = '$id'";
$result = $db_connect->query($getid) or die('<pre>' . mysqli_error($db_connect) . '</pre>' );
if ($result->num_rows > 0) {
// 输出数据
while($row = $result->fetch_assoc()) {
$name = $row["name"];
$age = $row["age"];
echo '<pre>';
echo "<h2 align=center>ID:$id<br>name:$name<br>age:$age</h2>";
echo '</pre>';
}
} else {
echo("错误描述: " . mysqli_error($db_connect));
}
$db_connect->close();
}
if (isset($_POST['Submit2']))
{
$flag=$_POST['flag'];
if ($flag == '%66%6C%61%67%7B%69%74%20%69%73%20%76%65%72%79%20%68%61%72%64%7D')
{
echo "<script>alert('完成的不错,进入sql第五关.');location.href='sql_blind.php';</script>";
}
}
?>
<br/>
<br/>
<br/>
</body>
</html>
相关的数据库SQL文件在web文件夹的database下
至此已能够在本地愉快的打靶咯~
3.花生壳内网穿透
在此基础上用花生壳做内网穿透,进行外网打靶
配置映射ip和端口
尝试访问
访问成功!!!