一、LAMP环境搭建
编译安装详见 ---> LAMP编译安装
这里我们使用yum安装方式
1、安装apache,php
[[email protected] ~]# yum install httpd -y [[email protected] ~]# yum install php -y
2、测试php
[[email protected] ~]# vim /var/www/html/index.php <?php phpinfo() ?> [[email protected] ~]# systemctl start httpd 在这里要注意关闭防火墙或设置规则,关闭selinux [[email protected] ~]# systemctl stop firewalld.service
3、安装mariadb数据库
[[email protected] ~]# yum install mariadb mariadb-server
[[email protected] ~]# systemctl start mariadb
[[email protected] ~]# ss -tunlp | grep 3306
tcp LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=11905,fd=14))
测试连接
[[email protected] ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> exit;
Bye
设置mysql root用户登录密码
[[email protected] ~]# mysqladmin -uroot password ‘123456‘
修改root用户密码
[[email protected] ~]# mysqladmin -uroot -p123456 password ‘********‘
测试连接
[[email protected] ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]>
4、安装php-mysql,测试连接
[[email protected] ~]# yum install php-mysql -y [[email protected] ~]# systemctl reload httpd
二、安装xss-platform
1、上传xss-platform源码至apache默认根目录,源码网上有很多,自行谷歌
[[email protected] ~]# cd /var/www/html [[email protected] html]# ls index.php XSS+Platform+.zip [[email protected] html]# unzip XSS+Platform+.zip [[email protected] html]# chown -R apache XSS [[email protected] html]# chgrp -R apache XSS [[email protected] html]# cd XSS [[email protected] XSS]# ll 总用量 52 -rw-r--r--. 1 apache apache 667 8月 13 2016 authtest.php -rw-r--r--. 1 apache apache 276 9月 19 2014 captcha.php -rw-r--r--. 1 apache apache 1967 3月 25 21:37 config.php -rw-r--r--. 1 apache apache 383 7月 4 2014 index.php -rw-r--r--. 1 apache apache 2016 9月 19 2014 init.php drwxr-xr-x. 4 apache apache 4096 8月 13 2016 libs -rw-r--r--. 1 apache apache 26 8月 20 2012 robots.txt drwxr-xr-x. 2 apache apache 28 8月 13 2016 scripts drwxr-xr-x. 4 apache apache 4096 8月 13 2016 source drwxr-xr-x. 2 apache apache 4096 8月 13 2016 templates_c drwxr-xr-x. 3 apache apache 20 8月 13 2016 themes -rw-r--r--. 1 apache apache 15938 1月 26 2014 xssplatform.sql
2、为xss平台做数据库准备
[[email protected] XSS]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 13 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. MariaDB [(none)]> CREATE USER xsser IDENTIFIED BY ‘123456‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> CREATE DATABASE xss; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON xss.* TO ‘xsser‘@‘%‘ IDENTIFIED BY ‘123456‘; Query OK, 0 rows affected (0.00 sec)
3、修改xss-platform配置文件,填入密码,修改url
[[email protected] XSS]# vim config.php <?php /** * config.php 系统配置:数据库连接、显示信息等 * ---------------------------------------------------------------- * OldCMS,site:http://www.oldcms.com */ /* 数据库连接 */ $config[‘dbHost‘] =‘192.168.2.108‘; //数据库地址 $config[‘dbUser‘] =‘root‘; //用户 $config[‘dbPwd‘] =‘djttdkx01‘; //密码 $config[‘database‘] =‘xss‘; //数据库名 $config[‘charset‘] =‘utf8‘; //数据库字符集 $config[‘tbPrefix‘] =‘oc_‘; //表名前缀 $config[‘dbType‘] =‘mysql‘; //数据库类型(目前只支持mysql) /* 注册配置 */ $config[‘register‘] =‘invite‘; //normal,正常;invite,只允许邀请注册;close,关闭注册功能 注:当邀请开启时,未生成邀请码,邀请将不生效 $config[‘mailauth‘] =false; //注册时是否邮箱验证 /* url配置 */ $config[‘urlroot‘] =‘http://192.168.2.108/XSS‘; //网站 URL 路径 $config[‘urlrewrite‘] =False; //URL Rewrite /* 存储配置 */ $config[‘filepath‘] =ROOT_PATH.‘/upload‘; //文件存储目录,结尾无‘/‘ $config[‘fileprefix‘] =$config[‘urlroot‘].‘/upload‘; //访问文件起始,结尾无‘/‘ /* 主题选择 */ $config[‘theme‘] =‘default‘; //主题选择 $config[‘template‘] =‘default‘; //模板选择 /* 显示设置 */ $config[‘show‘]=array( ‘sitename‘ =>‘枫林sec内部XSS平台‘, //网站名 ‘sitedesc‘ =>‘盲打天下‘, //一句话简介 ‘keywords‘ =>‘xss‘, //keywords ‘description‘ =>‘‘, //description ‘adminmail‘ =>‘[email protected]‘ //管理员邮箱 ); /* 积分等级设置 */ $config[‘point‘]=array( ‘award‘=>array( ‘publish‘ =>2, ‘comment‘ =>2, ‘invitereg‘ =>10 //邀请注册奖励 ) ); /* 其它设置 */ $config[‘timezone‘] =‘Asia/Shanghai‘; //时区,如UTC $config[‘expires‘] =3600; //过期时长(秒) $config[‘debug‘] =false; //调试模式(是否显示程序、数据库等错误) ?>
4、将xss平台的初始数据导入mariadb
[[email protected] XSS]# mysql -uroot -p xss < xssplatform.sql Enter password: [[email protected] XSS]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15 Server version: 5.5.52-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. MariaDB [(none)]> use xss Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [xss]> show tables; +--------------------+ | Tables_in_xss | +--------------------+ | oc_config | | oc_invite_reg | | oc_keepsession | | oc_module | | oc_project | | oc_project_content | | oc_remind | | oc_session | | oc_user | +--------------------+ 9 rows in set (0.00 sec) MariaDB [xss]> update oc_module set code=REPLACE(code,‘http://xsser.me‘,‘http://192.168.2.108/xss‘); Query OK, 3 rows affected (0.00 sec) Rows matched: 5 Changed: 3 Warnings: 0
5、前台注册登录
声明:文中xss-platform来自于网上,xss-platform需邀请码注册
时间: 2024-10-18 04:42:23