BTS PenTesting Lab - Installation

最新推荐文章于 2022-03-01 14:40:42 发布

zrools

最新推荐文章于 2022-03-01 14:40:42 发布

阅读量1.1k

点赞数

分类专栏：漏洞演练系统文章标签： btslab 漏洞演练

本文链接：https://blog.csdn.net/zrools/article/details/50393228

版权

漏洞演练系统专栏收录该内容

10 篇文章 0 订阅

订阅专栏

漏洞类型

SQL Injection
XSS(includes Flash Based xss)
CSRF
Clickjacking
SSRF
File Inclusion
Code Execution
Insecure Direct Object Reference
Unrestricted File Upload vulnerability
Open URL Redirection
Server Side Includes(SSI) Injection and more…

下载地址

GitHub: https://github.com/breakthesec/btslab

环境

Kali Linux 默认集成环境

安装

Apache2

修改主机配置/etc/apache2/sites-enabled/btslab.conf，大致如下

这里写图片描述

# 第7行 后面SSI指令需要用到(解析.htaccess)
AllowOverride All

其他限制访问IP自己看需求配置

MySQL

root登录，创建一个用户(可选)

# service mysql start

# mysql -u root

mysql> insert into mysql.user(Host,User,Password) values("localhost","btslab",password("btslab"));

mysql> create database if not exists `btslab` default character set utf8 collate utf8_general_ci;

mysql> flush privileges;

mysql> grant all privileges on `btslab`.* to `btslab`@localhost identified by 'btslab';

mysql> flush privileges;

切换到/var/www/下载源码

# git clone https://github.com/breakthesec/btslab.git

修改btslab/config.php配置

这里写图片描述

重启apache2

# service apache2 restart

访问http://192.168.1.228/setup.php安装

这里写图片描述

# sed -i 's#/btslab##g' `find . -type f`

/var/www/
└── btslab
    ├── admin
    │   ├── adminlogin.php
    │   ├── admin.php
    │   ├── index.php
    │   ├── manageusers.php
    │   ├── MessageList.php
    │   └── messages.php
    ├── config.php
    ├── contact.php
    ├── footer.php
    ├── header.php
    ├── images
    │   ├── bg.png
    │   └── Thumbs.db
    ├── index.php
    ├── Installation-procedure.txt
    ├── lib
    │   └── loginverify.php
    ├── LICENSE
    ├── login.php
    ├── logout.php
    ├── myprofile.php
    ├── mysqlconnection.php
    ├── README.md
    ├── register.php
    ├── regprocess.php
    ├── robots.txt
    ├── setup.php
    ├── style.css
    └── vulnerability
        ├── avatar
        │   ├── default.jpg
        │   └── Thumbs.db
        ├── Change-Profile-Picture.php
        ├── clickjacking
        │   └── cj.php
        ├── cmd
        │   └── cmd.php
        ├── csrf
        │   ├── change-email.php
        │   └── changeinfo.php
        ├── dor
        │   ├── doc1.pdf
        │   └── download.php
        ├── forum.php
        ├── ForumPosts.php
        ├── forumUserList.php
        ├── lfi
        │   ├── file
        │   │   └── news.php
        │   └── LFI.php
        ├── phpinjection
        │   ├── challenge1.php
        │   └── challenge2.php
        ├── rfi
        │   ├── news.php
        │   └── RFI.php
        ├── sqli
        │   ├── blindsqli.php
        │   ├── ext1.html
        │   ├── ext2.html
        │   └── UserInfo.php
        ├── ssi
        │   ├── footer.txt
        │   ├── header.txt
        │   ├── ssi.php
        │   └── ssi.shtml
        ├── ssrf
        │   └── ssrf.php
        ├── upload.php
        ├── uploads
        │   └── Thumbs.db
        ├── url
        │   ├── forward.php
        │   └── open.php
        └── xss
            ├── dom.php
            ├── flash
            │   ├── exss.php
            │   ├── xss1.swf
            │   └── xss2.swf
            ├── postxss.php
            ├── xss1.php
            ├── xss2.php
            ├── xss3.php
            ├── xss4.php
            ├── xss-referer2.php
            ├── xss-referer.php
            └── xss-user-agent.php

21 directories, 69 files