Ubuntu 24 php8.1搭建Nginx SQLi-Labs靶场
步骤1:安装依赖环境
# 更新系统
sudo apt update && sudo apt upgrade -y
# 安装 PHP 8.1 及扩展
sudo apt install php8.1 php8.1-fpm php8.1-mysql php8.1-curl php8.1-gd php8.1-mbstring
# 安装 MySQL/MariaDB(若未安装)
sudo apt install mariadb-server mariadb-client -y
# 安装 Nginx(若未安装)
sudo apt install nginx -y
步骤2:下载 SQLi-Labs 代码
sudo mkdir -p /var/www/sqlilabs
cd /var/www/sqlilabs
sudo git clone https://github.com/Audi-1/sqli-labs.git .
步骤3:修改代码适配 PHP 8.1
3.1 全局替换 mysql_* 为 mysqli_*
批量替换所有 PHP 文件中的旧函数
sudo find /var/www/sqlilabs -type f -name "*.php" -exec sed -i 's/mysql_/mysqli_/g' {} \;
3.2 替换内容(关键文件)
sudo nano /var/www/sqlilabs/sql-connections/setup-db.php
替换内容:
<?php
error_reporting(0);
include("db-creds.inc");
@$con = mysqli_connect($host, $dbuser, $dbpass);
if (!$con) {
die('Could not connect: ' . mysqli_connect_error());
}
echo "[*]...................Attempting to connect to the database: $dbname";
echo "<br>\n";
// Attempt to select database
if (!mysqli_select_db($con, $dbname)) {
echo "[*]...................Could not find database: $dbname";
echo "<br>\n";
die('Error message: ' . mysqli_error($con));
}
// Drop existing database
$sql = "DROP DATABASE IF EXISTS $dbname";
if (mysqli_query($con, $sql)) {
echo "[*]...................Purging existing database: $dbname";
echo "<br>\n";
} else {
echo "[*]...................Error purging database: " . mysqli_error($con);
echo "<br>\n";
}
// Create new database
$sql = "CREATE DATABASE $dbname CHARACTER SET gbk";
if (mysqli_query($con, $sql)) {
echo "[*]...................Creating New database '$dbname' successfully";
echo "<br>\n";
} else {
echo "[*]...................Error creating database: " . mysqli_error($con);
echo "<br>\n";
}
// Select newly created database
if (!mysqli_select_db($con, $dbname)) {
die("[*]...................Failed to select database: " . mysqli_error($con));
}
// Create tables and insert data
$queries = array(
// Create users table
"CREATE TABLE users (
id INT(3) NOT NULL AUTO_INCREMENT,
username VARCHAR(20) NOT NULL,
password VARCHAR(20) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=gbk",
// Create emails table
"CREATE TABLE emails (
id INT(3) NOT NULL AUTO_INCREMENT,
email_id VARCHAR(30) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=gbk",
// Create uagents table
"CREATE TABLE uagents (
id INT(3) NOT NULL AUTO_INCREMENT,
uagent VARCHAR(256) NOT NULL,
ip_address VARCHAR(35) NOT NULL,
username VARCHAR(20) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=gbk",
// Create referers table
"CREATE TABLE referers (
id INT(3) NOT NULL AUTO_INCREMENT,
referer VARCHAR(256) NOT NULL,
ip_address VARCHAR(35) NOT NULL,
PRIMARY KEY (id)
) ENGINE=InnoDB DEFAULT CHARSET=gbk",
// Insert users data
"INSERT INTO users (id, username, password) VALUES
(1, 'Dumb', 'Dumb'),
(2, 'Angelina', 'I-kill-you'),
(3, 'Dummy', 'p@ssword'),
(4, 'secure', 'crappy'),
(5, 'stupid', 'stupidity'),
(6, 'superman', 'genious'),
(7, 'batman', 'mob!le'),
(8, 'admin', 'admin'),
(9, 'admin1', 'admin1'),
(10, 'admin2', 'admin2'),
(11, 'admin3', 'admin3'),
(12, 'dhakkan', 'dumbo'),
(14, 'admin4', 'admin4')",
// Insert emails data
"INSERT INTO emails (id, email_id) VALUES
(1, 'Dumb@dhakkan.com'),
(2, 'Angel@iloveu.com'),
(3, 'Dummy@dhakkan.local'),
(4, 'secure@dhakkan.local'),
(5, 'stupid@dhakkan.local'),
(6, 'superman@dhakkan.local'),
(7, 'batman@dhakkan.local'),
(8, 'admin@dhakkan.com')"
);
// Execute all queries
foreach ($queries as $sql) {
if (mysqli_query($con, $sql)) {
$table = explode(' ', trim($sql))[2] ?? 'Operation';
echo "[*]...................Success: $table";
echo "<br>\n";
} else {
echo "[*]...................Error: " . mysqli_error($con);
echo "<br>\n";
}
}
// Include challenge setup
include("../sql-connections/setup-db-challenge.php");
echo "<h3>Congratulations! Database setup is successful.</h3>";
mysqli_close($con);
?>
修改 sql-connect.php 中的参数顺序
打开文件 /var/www/sqlilabs/sql-connections/sql-connect.php
替换内容:
<?php
include("db-creds.inc");
// 建立连接
$con = mysqli_connect($host, $dbuser, $dbpass);
// 检查连接
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
// 选择数据库
if (!mysqli_select_db($con, $dbname)) {
die("Database selection failed: " . mysqli_error($con));
}
// 设置字符集
if (!mysqli_set_charset($con, "gbk")) {
die("Charset setting failed: " . mysqli_error($con));
}
// 可选:关闭严格模式(适配 SQLi-Labs 旧代码)
mysqli_query($con, "SET sql_mode=''");
?>
步骤4:配置 Nginx 站点
创建配置文件
sudo nano /etc/nginx/sites-available/sqlilabs.conf
内容如下:
server {
listen 83;
server_name localhost;
root /var/www/sqlilabs;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock; # 关键:指向 PHP 8.1
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
启用配置并重启服务
sudo ln -s /etc/nginx/sites-available/sqlilabs.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
步骤5:配置数据库
创建数据库和用户
-- 登录 MySQL
sudo mysql -u root
-- 执行 SQL 命令
CREATE DATABASE sqlilabs;
CREATE USER 'sqlilabs_user'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON sqlilabs.* TO 'sqlilabs_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
修改 SQLi-Labs 数据库配置
sudo nano /var/www/sqlilabs/sql-connections/db-creds.inc
更新为:
<?php
$dbuser = 'sqlilabs_user';
$dbpass = 'your_password';
$dbname = 'sqlilabs';
$host = 'localhost';
?>
步骤6:调整文件权限
sudo chown -R www-data:www-data /var/www/sqlilabs
sudo chmod -R 755 /var/www/sqlilabs
步骤7:允许 PHP 包含远程文件(可选)
sudo nano /etc/php/8.1/fpm/php.ini
修改以下参数:
allow_url_include = On
display_errors = On
重启 PHP-FPM:
sudo systemctl restart php8.1-fpm
步骤8:初始化数据库
访问初始化页面完成安装:
http://your_server_ip:83/sql-connections/setup-db.php
点击 Setup/reset Database,显示成功消息即表示完成。
浙公网安备 33010602011771号