pentesterlab学习记录-week3

——————————————————————————————————————————————————————————————————————————

Week 3:PHP and DNS

• PHP basics:
  • Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL. For example, accessinghttp://vulnerable/hello.php?name=Louis will return "Hello Louis".
  • Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.
  • Create a page that sends data to itself using a POST request.
• DNS and whois:
  • Install the command line tool dig in your vm.
  • Find what name servers are used by PentesterLab, find what Mail servers are used by pentesterlab and find the Ip address of www.pentesterlab.com
  • Obtain information about pentesterlab.com using the whois tool.

——————————————————————————————————————————————————————————————————————————

这周要学的东西比较多，包括：

1. 虚拟主机（virtual hosting）概念及在apache上的配置

虚拟主机是一种让单一服务器可以运行多个网站或服务的技术，实现方式主要有三种：

• 网址名称对应（Name-based）
• IP地址对应（IP-based）
• Port端口号对应（Port-based）

实际中可能几种方式一起使用。

在apache服务器中，需要编辑httpd.conf,配置<virtualhost>标签，我配置了两个虚拟主机“vulnerable"和”phpserver“，宿主机host文件也要相应修改，这样就能通过网址访问这两个”不同域名“的网站了（虽然是同一个IP）。

NameVirtualHost *:80<VirtualHost *:80>    ServerName vulnerable    DocumentRoot /var/www</VirtualHost><VirtualHost *:80>    ServerName phpserver    DocumentRoot /var/www/php</VirtualHost>

2. DNS Zone Trasfer的概念及安全威胁

除了wiki的介绍外，我觉得How the AXFR protocol works也值得看看

3. Mysql基础

ubuntu里装的版本是5.5，边看官方的文档边练习。

建了个pentest数据库，建了张pet表，建了个pentest用户赋予select pet表权限。

4. PHP基础

自学建议还是看官方文档。W3CSchool也有个教程，但不详细。

下面是前两个练习的代码，PHP5.3：

• echoname.php主要代码，访问http://phpserver/echoname.php?name=xxx

<?phpecho "Hello, ".htmlspecialchars($_GET["name"]);?>

• mysql_select.php,访问http://vulnerable/mysql_select.php?sex=f (pet表中sex一列，f表示female，m表示male，其他输入忽略）

<!DOCTYPE html><html><body><?php//Create connection$con = new mysqli("localhost", "pentest", "pentest", "pentest");if ($con->connect_errno) {echo "Failed to connect to MySQL: ".$con->connect_errno.") ". $con->connect_error;}//get pet_sex value, if not equal "f" or "m", ignore it.$pet_sex = htmlspecialchars($_GET["sex"]);if ($pet_sex == "f" || $pet_sex == "m") {$query = "select * from pet where sex = '".$pet_sex."'";if ($result = $con->query($query)) {echo "<table border='1'>\n";//print table columnsecho "<tr>\n";$col = $result->fetch_fields();foreach ($col as $val) {echo "<th>".$val->name."</th>\n";}echo "</tr>\n";//print resultswhile ($row = $result->fetch_row()) {echo "<tr>\n";foreach ($row as $val) {echo "<td>".$val."</td>\n";}echo "</tr>\n";}echo "</table>\n";$result->close();}}$con->close();?></body></html>