一、LAMP环境搭建
编译安装详见 ---> LAMP编译安装
这里我们使用yum安装方式
1、安装apache,php[root@xss-platform ~]# yum install httpd -y
[root@xss-platform ~]# yum install php -y
2、测试php[root@xss-platform ~]# vim /var/www/html/index.php
phpinfo()
?>
[root@xss-platform ~]# systemctl start httpd
在这里要注意关闭防火墙或设置规则,关闭selinux
[root@xss-platform ~]# systemctl stop firewalld.service
3、安装mariadb数据库[root@xss-platform ~]# yum install mariadb mariadb-server
[root@xss-platform ~]# systemctl start mariadb
[root@xss-platform ~]# ss -tunlp | grep 3306
tcp LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=11905,fd=14))
测试连接
[root@xss-platform ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> exit;
Bye
设置mysql root用户登录密码
[root@xss-platform ~]# mysqladmin -uroot password ‘123456‘
修改root用户密码
[root@xss-platform ~]# mysqladmin -uroot -p123456 password ‘********‘
测试连接
[root@xss-platform ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]>
4、安装php-mysql,测试连接[root@xss-platform ~]# yum install php-mysql -y
[root@xss-platform ~]# systemctl reload httpd
二、安装xss-platform
1、上传xss-platform源码至apache默认根目录,源码网上有很多,自行谷歌[root@xss-platform ~]# cd /var/www/html
[root@xss-platform html]# ls
index.php XSS+Platform+.zip
[root@xss-platform html]# unzip XSS+Platform+.zip
[root@xss-platform html]# chown -R apache XSS
[root@xss-platform html]# chgrp -R apache XSS
[root@xss-platform html]# cd XSS
[root@xss-platform XSS]# ll
总用量 52
-rw-r--r--. 1 apache apache 667 8月 13 2016 authtest.php
-rw-r--r--. 1 apache apache 276 9月 19 2014 captcha.php
-rw-r--r--. 1 apache apache 1967 3月 25 21:37 config.php
-rw-r--r--. 1 apache apache 383 7月 4 2014 index.php
-rw-r--r--. 1 apache apache 2016 9月 19 2014 init.php
drwxr-xr-x. 4 apache apache 4096 8月 13 2016 libs
-rw-r--r--. 1 apache apache 26 8月 20 2012 robots.txt
drwxr-xr-x. 2 apache apache 28 8月 13 2016 scripts
drwxr-xr-x. 4 apache apache 4096 8月 13 2016 source
drwxr-xr-x. 2 apache apache 4096 8月 13 2016 templates_c
drwxr-xr-x. 3 apache apache 20 8月 13 2016 themes
-rw-r--r--. 1 apache apache 15938 1月 26 2014 xssplatform.sql
2、为xss平台做数据库准备[root@xss-platform XSS]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> CREATE USER xsser IDENTIFIED BY ‘123456‘;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE xss;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON xss.* TO ‘xsser‘@‘%‘ IDENTIFIED BY ‘123456‘;
Query OK, 0 rows affected (0.00 sec)
3、修改xss-platform配置文件,填入密码,修改url[root@xss-platform XSS]# vim config.php
/**
* config.php 系统配置:数据库连接、显示信息等
* ----------------------------------------------------------------
* OldCMS,site:http://www.oldcms.com
*/
/* 数据库连接 */
$config[‘dbHost‘]=‘192.168.2.108‘;//数据库地址
$config[‘dbUser‘]=‘root‘;//用户
$config[‘dbPwd‘]=‘djttdkx01‘;//密码
$config[‘database‘]=‘xss‘;//数据库名
$config[‘charset‘]=‘utf8‘;//数据库字符集
$config[‘tbPrefix‘]=‘oc_‘;//表名前缀
$config[‘dbType‘]=‘mysql‘;//数据库类型(目前只支持mysql)
/* 注册配置 */
$config[‘register‘]=‘invite‘;//normal,正常;invite,只允许邀请注册;close,关闭注册功能 注:当邀请开启时,未生成邀请码,邀请将不生效
$config[‘mailauth‘]=false;//注册时是否邮箱验证
/* url配置 */
$config[‘urlroot‘]=‘http://192.168.2.108/XSS‘;//网站 URL 路径
$config[‘urlrewrite‘]=False;//URL Rewrite
/* 存储配置 */
$config[‘filepath‘]=ROOT_PATH.‘/upload‘;//文件存储目录,结尾无‘/‘
$config[‘fileprefix‘]=$config[‘urlroot‘].‘/upload‘;//访问文件起始,结尾无‘/‘
/* 主题选择 */
$config[‘theme‘]=‘default‘;//主题选择
$config[‘template‘]=‘default‘;//模板选择
/* 显示设置 */
$config[‘show‘]=array(
‘sitename‘=>‘枫林sec内部XSS平台‘,//网站名
‘sitedesc‘=>‘盲打天下‘,//一句话简介
‘keywords‘=>‘xss‘,//keywords
‘description‘=>‘‘,//description
‘adminmail‘=>‘ohlinge@163.com‘//管理员邮箱
);
/* 积分等级设置 */
$config[‘point‘]=array(
‘award‘=>array(
‘publish‘=>2,
‘comment‘=>2,
‘invitereg‘=>10 //邀请注册奖励
)
);
/* 其它设置 */
$config[‘timezone‘]=‘Asia/Shanghai‘;//时区,如UTC
$config[‘expires‘]=3600;//过期时长(秒)
$config[‘debug‘]=false;//调试模式(是否显示程序、数据库等错误)
?>
4、将xss平台的初始数据导入mariadb[root@xss-platform XSS]# mysql -uroot -p xss
Enter password:
[root@xss-platform XSS]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> use xss
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [xss]> show tables;
+--------------------+
| Tables_in_xss |
+--------------------+
| oc_config |
| oc_invite_reg |
| oc_keepsession |
| oc_module |
| oc_project |
| oc_project_content |
| oc_remind |
| oc_session |
| oc_user |
+--------------------+
9 rows in set (0.00 sec)
MariaDB [xss]> update oc_module set code=REPLACE(code,‘http://xsser.me‘,‘http://192.168.2.108/xss‘);
Query OK, 3 rows affected (0.00 sec)
Rows matched: 5 Changed: 3 Warnings: 0
5、前台注册登录
声明:文中xss-platform来自于网上,xss-platform需邀请码注册