Python full stack Web security attack and Defense 2. Information collection and sqlmap introduction

Article directory

1, Real IP address collection

1.CDN introduction

The full name of CDN is Content Delivery Network, that is, content distribution network.
The basic idea is to avoid the bottleneck and link that may affect the speed and stability of data transmission on the Internet as much as possible, so as to make the content transmission faster and more stable. Through a layer of intelligent virtual network based on the existing Internet, which is composed of node servers placed everywhere in the network, CDN system can redirect the user's request to the nearest service node according to the network traffic, the connection of each node, the load condition, the distance to the user and the response time and other comprehensive information in real time.
Its purpose is to enable users to get the required content nearby, solve the situation of Internet network congestion, and improve the response speed of users visiting the website.
Advantages of CDN:

  • CDN node solves the problem of cross operator and cross region access, and the access delay is greatly reduced;
  • Most requests are completed at the edge nodes of CDN, which plays a role of shunting and reduces the load of the source station.

Unable to access the real IP.
For further introduction, please refer to

2. Judge whether there is CDN (i.e. whether it is a real IP)

  • Method 1: judge by ping


Ping [] with 32 bytes of data:
Reply from byte = 32 time = 49ms TTL=54
 Reply from byte = 32 time = 49ms TTL=54
 Reply from byte = 32 time = 48ms TTL=54
 Reply from byte = 32 time = 49ms TTL=54

Ping statistics of
    Packet: sent = 4, received = 4, lost = 0 (0% lost),
Estimated time of round trip in milliseconds:
    Minimum = 48ms, maximum = 49ms, average = 48ms

Obviously, Ping, not Baidu's address, indicates that CDN is used, and the returned address is also the address of CDN server.

  • Method 2: test the target by setting up a proxy or using online ping websites to use ping servers in different regions

Many websites use CDN.
Expansion - load balancing
Load balancing is a kind of computer technology, which is used to distribute load among multiple computers (computer clusters), network connections, CPU s, disk drives or other resources, so as to optimize resource use, maximize throughput, minimize response time and avoid overload at the same time..
Load (work task, access request) is balanced and allocated to multiple operation units (servers, components) for execution. It is the ultimate solution for high performance, single point of failure (high availability), scalability (horizontal scaling).
For more information, please refer to
The IP obtained when visiting the website may return the status code:

403 - no access
301 - permanent redirection
307 - temporary redirection

3. bypass CDN

If the target does not use CDN, you can directly use ping to obtain the IP address.
Or use the online website to verify the IP address, and use the IP address to visit the web site. If it is the real IP address normally, otherwise it is not true.

2, shodan introduction and search

1. Information collection method

  • Active information collection:
    Directly interact with the target, and collect the information in the interaction process, such as through nmap.
  • Passive information collection:
    Through the third-party engine to interact with the target, or not to query the database, get the target information, such as Google Hacking.

2. Introduction to Shodan search engine

Although people think Google is the strongest search engine at present, shodan is the most terrible search engine on the Internet. Unlike Google, shodan does not search for web addresses, but directly enters the back channel of the Internet. shodan is a "dark" Google, looking for all the servers, cameras, printers, routers, etc. associated with the Internet.

3.shodan registration, login and search

shodan website:
The API KEY generated by registration will be used for initialization in command line operations and language programming such as Python.
Search by:
(1) Enter webcam in the explorer search box to search:

Click any one to get

There are three open ports: 80, 81 and 8081. The middleware is apache. There are many other information available.
(2) Specify the specific port number through the keyword port:



Click any one to enter

In addition to the exposed port 3306, many other information can be obtained.
(3) Specify the specific IP address through the keyword host:

(4) Specify the content of specific city to search through the keyword City:

3, Introduction to the use of shodan command line

shodan install command line:

pip install shodan

To view help:

shodan -h


Usage: shodan [OPTIONS] COMMAND [ARGS]...                     
  -h, --help  Show this message and exit.                     
  alert       Manage the network alerts for your account      
  convert     Convert the given input data file into a...     
  count       Returns the number of results for a search      
  data        Bulk data access to Shodan                      
  domain      View all available information for a domain     
  download    Download search results and save them in a...   
  honeyscore  Check whether the IP is a honeypot or not.      
  host        View all available information for an IP...     
  info        Shows general information about your account    
  init        Initialize the Shodan command-line              
  myip        Print your external IP address                  
  org         Manage your organization's access to Shodan     
  parse       Extract information out of compressed JSON...   
  radar       Real-Time Map of some results as Shodan finds...
  scan        Scan an IP/ netblock using Shodan.              
  search      Search the Shodan database                      
  stats       Provide summary information about a search...   
  stream      Stream data in real-time.                       
  version     Print version of this tool.                     


shodan init MJJxEpAgEZBSX2W3gf0Dtuo6d9cfx2Xp


Successfully initialized                    

Query the number of apache servers:

shodan count apache



Contains only the number in the database.
Search the shodan database:

shodan search apache

Printing   9017            HTTP/1.1 404 Not Found\r\nDate: Wed, 12 Feb 2020 02:02:05 GMT\r\nServer: Apache/2.4.18 (Ubuntu)\r\nstatus: 404 Not Found\r\n
Content-Length: 0\r\nContent-Type: text/html; charset=utf-8\r\n\r\n                                                                                 80              HTTP/1.1 200 OK\r\nDate: Wed, 12 Feb 2020 02:05:38 GMT\r\nServer: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.15\r\nLast-Mo
dified: Fri, 26 Aug 2016 02:32:44 GMT\r\nETag: "2a43-53af0545360e3"\r\nAccept-Ranges: bytes\r\nContent-Length: 10819\r\nContent-Type: text/html\r\n\r\n  80      HTTP/1.0 401 Unauthorized\r\nDate: Wed, 12 Feb 2020 02:09:06 GMT\r\nServer: Apache/2.2.16 (Debian)\r\nX-Powe
red-By: PHP/5.3.3-7+squeeze15\r\nWWW-Authenticate: Basic realm="Administrace"\r\nVary: Accept-Encoding\r\nContent-Length: 74\r\nConnection: c
lose\r\nContent-Type: text/html\r\n\r\n                                                                                                              3092        HTTP/1.1 200 OK\r\nDate: Wed, 12 Feb 2020 01:59:17 GMT\r\nServer: Apache/2.4.29 (Ubuntu)\r\nContent-Length: 
18\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n                                                                                                 80              HTTP/1.1 200 OK\r\nDate: Wed, 12 Feb 2020 02:06:30 GMT\r\nServer: Apache\r\nUpgrade: h2\r\nConnection: Upgrade, close\r\nLas
t-Modified: Tue, 23 Oct 2018 07:08:31 GMT\r\nETag: "52e-578e00980d9c0"\r\nAccept-Ranges: bytes\r\nContent-Length: 1326\r\nVary: Accept-Encoding\r\nContent-T
ype: text/html\r\n\r\n                                                                                                                                80       HTTP/1.1 200 OK\r\nDate: Wed, 12 Feb 2020 02:06:27 GMT\r\nServer: Apache\r\nUpgrade: h2,h2c\r\nConne
ction: Upgrade\r\nLast-Modified: Sun, 13 Nov 2016 07:49:43 GMT\r\nETag: "c2-54129f75bb3c0"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding,User-Agent\r\nCo
ntent-Length: 194\r\nContent-Type: text/html\r\n\r\n                                                                                                  80        HTTP/1.1 302 Found\r\nDate: Wed, 12 Feb 2020 02:06:18 GMT\r\nServer: Apache\r\nX-Frame-Optio
ns: SAMEORIGIN\r\nLocation:\r\nContent-Length: 221\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n     7003        HTTP/1.1 404 Not Found\r\nDate: Wed, 12 Feb 2020 02:04:51 GMT\r\nServer: Apache/2.4.
29 (Ubuntu)\r\nstatus: 404 Not Found\r\nContent-Length: 0\r\nContent-Type: text/html; charset=utf-8\r\n\r\n                                          9500            HTTP/1.1 404 Not Found\r\nDate: Wed, 12 Feb 2020 02:05:38 GMT\r\nServer: Apache/2.4.18 (Ubuntu)\r\nstatus: 404 Not Found\r\n
Content-Length: 0\r\nContent-Type: text/html; charset=utf-8\r\n\r\n                                                                                     80              HTTP/1.1 302 Found\r\nServer: Apache-Coyote/1.1\r\nCache-Control: private\r\nExpires: Wed, 31 Dec 1969 17:00:00 MST\r\nLocat
ion:\r\nContent-Length: 0\r\nDate: Wed, 12 Feb 2020 02:05:01 GMT\r\n\r\n                                                          8085  HTTP/1.1 401 Unauthorized\r\nServer: Apache\r\nConnection: Close\r\nContent-type: te
xt/html\r\nWWW-Authenticate: Digest realm="DSLForum CPE Management", algorithm=MD5, qop=auth, stale=FALSE, nonce="7ab612def3d537d4f3bea0af684dfb0e", opaque=
-- More  --                                                                                                                                                                  

Because there are many returned results, click enter to continue browsing down.
This process is relatively slow.
Search the iis service:

shodan search microsoft iis 6.0


Specify search criteria to search:

shodan search --fields ip_str,port,hostname tomcat

Printing    8089    8081    8081    8081 8080   80    8081   8080    49153  3117    8081    8080    80  8081 80   8083    8083    8181   80  9944  8043   5357   2021     80  8081
-- More  --                                                                                                                                                             

Get the specified IP address information:

shodan host

Hostnames:               -
City:                    Nürnberg
Country:                 Germany
Organization:            Contabo GmbH
Updated:                 2020-02-06T20:35:42.365722
Number of open ports:    3

     22/tcp OpenSSH (7.6p1 Ubuntu-4ubuntu0.3)
     25/tcp Exim smtpd (4.90_1)

Get user account information:

shodan info


Query credits available: 0
Scan credits available: 0                                                                                                                                                        

Get your own external IP address:

shodan myip


Check for honeypot protection:
Honeypot technology:
In essence, it is a kind of deception technology for the attacker. By arranging some hosts, network services or information as decoys, the attacker can be induced to attack them, so that the attack behavior can be captured and analyzed, the tools and methods used by the attacker can be understood, the intention and motivation of the attack can be inferred, and the defender can clearly understand the security threat they are facing And through technology and management means to enhance the security protection ability of the actual system.

shodan honeyscore


Score: 0.3                                                                                                                                                      

4, Using shodan in Python

import shodan

# Constant, uppercase
SHODAN_API_KEY = 'MJJxEpAgEZBSX2W3gf0Dtuo6d9cfx2Xp'

# Initialization
api = shodan.Shodan(SHODAN_API_KEY)
result ='tomcat', page=1)




import shodan

# Constant, uppercase
SHODAN_API_KEY = 'MJJxEpAgEZBSX2W3gf0Dtuo6d9cfx2Xp'

# Initialization
api = shodan.Shodan(SHODAN_API_KEY)
result ='')


{'region_code': '02', 'ip': 3582478628, 'postal_code': '90475', 'country_code': 'DE', 'city': 'Nürnberg', 'dma_code': None, 'last_update': '2020-02-06T20:35:42.365722', 'latitude': 49.4075, 'tags': [], 'area_code': None, 'country_name': 'Germany', 'hostnames': ['-'], 'org': 'Contabo GmbH', 'data': [{'_shodan': {'id': '944a19e4-6c9b-4488-8146-125c332e4558', 'options': {}, 'ptr': True, 'module': 'smtp', 'crawler': 'd264629436af1b777b3b513ca6ed1404d7395d80'}, 'product': 'Exim smtpd', 'hash': 238085194, 'version': '4.90_1', 'opts': {}, 'ip': 3582478628, 'isp': 'Contabo GmbH', 'os': None, 'cpe': ['cpe:/a:exim:exim:4.90_1'], 'port': 25, 'hostnames': ['-'], 'location': {'city': 'Nürnberg', 'region_code': '02', 'area_code': None, 'longitude': 11.164899999999989, 'country_code3': 'DEU', 'country_name': 'Germany', 'postal_code': '90475', 'dma_code': None, 'country_code': 'DE', 'latitude': 49.4075}, 'timestamp': '2020-02-06T20:35:42.365722', 'domains': ['-.'], 'org': 'Contabo GmbH', 'data': '220 ESMTP Exim 4.90_1 Ubuntu Thu, 06 Feb 2020 21:35:38 +0100\r\ Hello []\r\n250-SIZE 52428800\r\n250-8BITMIME\r\n250-PIPELINING\r\n250-CHUNKING\r\n250-PRDR\r\n250 HELP\r\n', 'asn': 'AS51167', 'transport': 'tcp', 'ip_str': ''}, {'info': 'protocol 2.0', '_shodan': {'id': None, 'options': {}, 'ptr': True, 'module': 'ssh', 'crawler': '5faf2928ceb560cb4276cc1b4660b2d763cc6397'}, 'product': 'OpenSSH', 'hash': 885925491, 'version': '7.6p1 Ubuntu-4ubuntu0.3', 'location': {'city': 'Nürnberg', 'region_code': '02', 'area_code': None, 'longitude': 11.164899999999989, 'country_code3': 'DEU', 'country_name': 'Germany', 'postal_code': '90475', 'dma_code': None, 'country_code': 'DE', 'latitude': 49.4075}, 'opts': {}, 'ip': 3582478628, 'isp': 'Contabo GmbH', 'os': None, 'cpe': ['cpe:/a:openbsd:openssh:7.6p1 Ubuntu-4ubuntu0.3'], 'port': 22, 'hostnames': ['-'], 'ssh': {'hassh': 'b12d2871a1189eff20364cf5333619ee', 'fingerprint': '6f:71:c5:39:d8:34:55:01:fc:e3:41:67:02:81:fc:71', 'mac': 'hmac-sha2-256', 'cipher': 'aes128-ctr', 'key': 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBehzX1E+RxyPeN17W8k7NjGct/X+cT0UakEkpG8pCtXq2\nc1yD7m5fkLbu2V0ELS2ip0ldvNF8IZnoEndWPxcyvaz1nMEugtUqOVOEj93EtXXXOqmid7QdulQZ\n6xSAFeFE4D65VmScQi7eI9iM/OhmlGFOgAyFH1ELJjwic1nX2aX2YOwJrxmsebkSKd1vzBP1zYcE\ngiegwllez196hbcn/FkcWvcKcyo27pGtVmH8TheepnyRk2M2vSTyNcG8o1VNhUCFRsKEfzMWd92i\nM5+5U8SzfhA+F9hxvOJ7XfRbYZd9V/2UwFgia6llAj0n1eSrLN0u3HqLhnI4f9uUl3H9\n', 'kex': {'languages': [''], 'server_host_key_algorithms': ['ssh-rsa', 'rsa-sha2-512', 'rsa-sha2-256', 'ecdsa-sha2-nistp256', 'ssh-ed25519'], 'encryption_algorithms': ['', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', '', ''], 'kex_follows': False, 'unused': 0, 'kex_algorithms': ['curve25519-sha256', '', 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512', 'diffie-hellman-group14-sha256', 'diffie-hellman-group14-sha1'], 'compression_algorithms': ['none', ''], 'mac_algorithms': ['', '', '', '', '', '', '', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1']}, 'type': 'ssh-rsa'}, 'timestamp': '2020-01-27T19:13:34.325121', 'domains': ['-.'], 'org': 'Contabo GmbH', 'data': 'SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3\nKey type: ssh-rsa\nKey: AAAAB3NzaC1yc2EAAAADAQABAAABAQDBehzX1E+RxyPeN17W8k7NjGct/X+cT0UakEkpG8pCtXq2\nc1yD7m5fkLbu2V0ELS2ip0ldvNF8IZnoEndWPxcyvaz1nMEugtUqOVOEj93EtXXXOqmid7QdulQZ\n6xSAFeFE4D65VmScQi7eI9iM/OhmlGFOgAyFH1ELJjwic1nX2aX2YOwJrxmsebkSKd1vzBP1zYcE\ngiegwllez196hbcn/FkcWvcKcyo27pGtVmH8TheepnyRk2M2vSTyNcG8o1VNhUCFRsKEfzMWd92i\nM5+5U8SzfhA+F9hxvOJ7XfRbYZd9V/2UwFgia6llAj0n1eSrLN0u3HqLhnI4f9uUl3H9\nFingerprint: 6f:71:c5:39:d8:34:55:01:fc:e3:41:67:02:81:fc:71\n\nKex Algorithms:\n\tcurve25519-sha256\n\\n\tecdh-sha2-nistp256\n\tecdh-sha2-nistp384\n\tecdh-sha2-nistp521\n\tdiffie-hellman-group-exchange-sha256\n\tdiffie-hellman-group16-sha512\n\tdiffie-hellman-group18-sha512\n\tdiffie-hellman-group14-sha256\n\tdiffie-hellman-group14-sha1\n\nServer Host Key Algorithms:\n\tssh-rsa\n\trsa-sha2-512\n\trsa-sha2-256\n\tecdsa-sha2-nistp256\n\tssh-ed25519\n\nEncryption Algorithms:\n\\n\taes128-ctr\n\taes192-ctr\n\taes256-ctr\n\\n\\n\nMAC Algorithms:\n\\n\\n\\n\\n\\n\\n\\n\thmac-sha2-256\n\thmac-sha2-512\n\thmac-sha1\n\nCompression Algorithms:\n\tnone\n\\n\n', 'asn': 'AS51167', 'transport': 'tcp', 'ip_str': ''}, {'_shodan': {'id': '4493ec63-9af0-46b3-af2d-1f6da2e3b33a', 'options': {}, 'ptr': True, 'module': 'http', 'crawler': '4aca62e44af31a464bdc72210b84546d570e9365'}, 'hash': -945966338, 'os': None, 'opts': {}, 'ip': 3582478628, 'isp': 'Contabo GmbH', 'http': {'html_hash': -1259818618, 'robots_hash': None, 'redirects': [], 'securitytxt': None, 'title': '404 Not Found', 'sitemap_hash': None, 'robots': None, 'favicon': None, 'host': '', 'html': '<html>\n  <head>\n    <title>404 Not Found</title>\n    <link rel=\'stylesheet\' href=\'style/style.css\' type=\'text/css\'/>\n  </head>\n  <body bgcolor="#ffffff" text="#000000" link="#2020ff" vlink="#4040cc">\n    <h2>404 Not Found</h2>\n    <p>The requested URL was not found on this server.</p>\n\n  </body>\n\n</html>\n', 'location': '/', 'components': {}, 'server': 'xxx', 'sitemap': None, 'securitytxt_hash': None}, 'port': 80, 'hostnames': ['-'], 'location': {'city': 'Nürnberg', 'region_code': '02', 'area_code': None, 'longitude': 11.164899999999989, 'country_code3': 'DEU', 'country_name': 'Germany', 'postal_code': '90475', 'dma_code': None, 'country_code': 'DE', 'latitude': 49.4075}, 'timestamp': '2020-01-26T07:14:55.014514', 'domains': ['-.'], 'org': 'Contabo GmbH', 'data': 'HTTP/1.1 404 Not Found\r\nServer: xxx\r\nContent-Type: text/html; charset=utf-8\r\nDate: Sun, 26 Jan 2020 07:32:11 GMT\r\nLast-Modified: Sun, 26 Jan 2020 07:32:11 GMT\r\nAccept-Ranges: bytes\r\nConnection: close\r\nCache-Control: no-cache,no-store\r\n\r\n', 'asn': 'AS51167', 'transport': 'tcp', 'ip_str': ''}], 'asn': 'AS51167', 'isp': 'Contabo GmbH', 'longitude': 11.164899999999989, 'country_code3': 'DEU', 'domains': ['-.'], 'ip_str': '', 'os': None, 'ports': [80, 25, 22]}

You can also use the api to get relevant content through the browser, and process the returned JSON string to get relevant information.
To view parameters and return results, click

5, Introduction to Sqlmap

1.sqlmap concept

Sqlmap is an open-source penetration tool, which can automatically detect and utilize SQL injection defects and take over the database server.
It has a powerful detection engine, many niche features and extensive switches suitable for the ultimate penetration test, from database fingerprints, data acquisition from the database to access to the underlying file system and command execution on the operating system through out of band connections.

2.sqlmap features

  • Fully support MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB, Informix and other database management systems;
  • It fully supports Boolean blind injection, temporal blind injection, error information based injection, joint query injection and heap query injection;
  • When the database certificate, IP address, port, database name and other conditions allow, it supports direct connection to the database without SQL injection point;
  • Support enumeration of users, passwords, hashes, permissions, roles, databases, data tables and columns;
  • Support automatic recognition of password hash format and password hash cracking through dictionary;
  • It supports downloading a table in a database completely, or only a few columns in a table, or even only part of the data in a column, which depends on the user's choice;
  • Supports searching the database name, table name or column name specified in the database management system.

3. Download and use of sqlmap

Download official website
As follows:

Windows can download the. zip file, and Linux can download the. tar.gz file.
Then decompress to obtain the following files (folders):

Execute the command in this directory:

  • To view help documents:
python -h


 ___ ___["]_____ ___ ___  {}
|_ -| . [,]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|

Usage: [options]

  -h, --help            Show basic help message and exit
  -hh                   Show advanced help message and exit
  --version             Show program's version number and exit
  -v VERBOSE            Verbosity level: 0-6 (default 1)

    At least one of these options has to be provided to define the

    -u URL, --url=URL   Target URL (e.g. "")
    -g GOOGLEDORK       Process Google dork results as target URLs

    These options can be used to specify how to connect to the target URL

    --data=DATA         Data string to be sent through POST (e.g. "id=1")
    --cookie=COOKIE     HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
    --random-agent      Use randomly selected HTTP User-Agent header value
    --proxy=PROXY       Use a proxy to connect to the target URL
    --tor               Use Tor anonymity network
    --check-tor         Check to see if Tor is used properly

    These options can be used to specify which parameters to test for,
    provide custom injection payloads and optional tampering scripts

    -p TESTPARAMETER    Testable parameter(s)
    --dbms=DBMS         Force back-end DBMS to provided value

    These options can be used to customize the detection phase

    --level=LEVEL       Level of tests to perform (1-5, default 1)
    --risk=RISK         Risk of tests to perform (1-3, default 1)

    These options can be used to tweak testing of specific SQL injection

    --technique=TECH..  SQL injection techniques to use (default "BEUSTQ")

    These options can be used to enumerate the back-end database
    management system information, structure and data contained in the

    -a, --all           Retrieve everything
    -b, --banner        Retrieve DBMS banner
    --current-user      Retrieve DBMS current user
    --current-db        Retrieve DBMS current database
    --passwords         Enumerate DBMS users password hashes
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
    --schema            Enumerate DBMS schema
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table(s) to enumerate
    -C COL              DBMS database table column(s) to enumerate

  Operating system access:
    These options can be used to access the back-end database management
    system underlying operating system

    --os-shell          Prompt for an interactive operating system shell
    --os-pwn            Prompt for an OOB shell, Meterpreter or VNC

    These options can be used to set some general working parameters

    --batch             Never ask for user input, use the default behavior
    --flush-session     Flush session files for current target

    These options do not fit into any other category

    --sqlmap-shell      Prompt for an interactive sqlmap shell
    --wizard            Simple wizard interface for beginner users

[!] to see full list of options run with '-hh'

Press Enter to continue...
  • To view version information:
python --version


Press Enter to continue...

6, Build test environment

1. Download and install phpstudy and start the service

phpstudy can quickly build Web projects and start related services locally.
Can be in Select the appropriate version to download and install.
After installation, start apache and MySQL services as follows

After starting apache in phpstudy, visit and you can see the following:

The service is started successfully.

2.sqli installation

Copy sqli directory to WWW directory under phpstudy installation directory, as follows

Visit to get the following page

Click Setup/reset Database for labs as follows

Can't display properly. At this time, enter SQL connections under sqli LIBS, and edit the DB file:


//give your mysql connection username n password
$dbuser ='root';
$dbpass ='root';
$dbname ="security";
$host = 'localhost';
$dbname1 = "challenges";


Just change the pass. The default password is root. For example, make corresponding changes for other passwords.
Visit again at this time , may still display the same interface as before, as follows:

Still can't display normally. This is due to the incompatibility of php version. The new version of PHPstudy no longer supports MySQL ﹣ XXX function, but supports mysqli ﹣ XXX function.
There are two solutions:

I'm using the second method, which is effective through personal test, and I'll visit it at last Get the following page:

That is to say, sqli configuration is successful.

3.DVWA installation

Like sqli, copy the DVWA directory to the WWW directory under the phpstudy installation directory, and then access Will show

Follow the prompts:
Modify the file under the config directory to (that is, remove the. Dist suffix) and find the password line for editing:

$_DVWA[ 'db_password' ] = 'root';

Set the password to MySQL password root.
Then open the page to refresh, as shown below

Is successfully configured.
Click the Create / Reset Database button in the lower left corner to create the database. Wait for a few seconds and the login page will appear. The default user name and password are admin and password, and you can log in.

75 original articles published, 355 praised, 100000 visitors+
Private letter follow

Tags: Database openssh Apache network

Posted on Wed, 12 Feb 2020 07:54:56 -0800 by faheemhameed