kali构建PHP_MYSQL

配置Mysql

sudo mysql -u root //第一次可以直接进入
alter user 'root'@'localhost' identified by '123456';
create database usr;

配置PHP

进入目录:cd /etc/php/8.2/apache2

执行:sudo vim +904 php.ini
将这行代码前面的注释去除:extension=mysqli

进入到目录:cd /var/www/html/
创建以下文件:vim TestConn.php
TestConn.php测试文件代码

<?php
// 启用错误报告
error_reporting(E_ALL);
ini_set('display_errors', 1);

// 数据库配置
$servername = "localhost";
$username = "root";
$password = "123456"; // 替换为实际密码,修改密码命令,alter user 'root'@'localhost' identified by '123456';
$dbname = "usr"; // 替换为实际数据库名,需要自己创建,命令,create database usr;

try {
    // 创建连接
    $conn = new mysqli($servername, $username, $password, $dbname);
    // 检查连接
    if ($conn->connect_error) {
        throw new Exception("连接失败: " . $conn->connect_error);
    }
    // 设置字符集
    if (!$conn->set_charset("utf8mb4")) {
        throw new Exception("字符集设置失败: " . $conn->error);
    }
    echo "MySQL连接成功！服务端版本: " . $conn->server_version;
    // 关闭连接
    $conn->close();
} catch (Exception $e) {
    die("数据库错误: " . $e->getMessage());
}
?>

配置apache2服务器

进入目录:cd /etc/apache2/
修改文件:sudo vim +174 apache2.conf
直接添加以下内容

     <Directory "/var/www/html">
         Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>
     DirectoryIndex index.php index.html:ml-citation{ref="2,3" data="citationList"}

     AddType application/x-httpd-php .php
     AddHandler php7-script .php 

     LoadModule php_module modules/libphp.so

测试

先执行这个DROP掉系统的RST包sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP

from scapy.all import *
import random
import time

target_ip = "127.0.0.1"
target_port = 80
source_port = random.randint(1024, 65535)

ip = IP(dst=target_ip)
syn = ip / TCP(sport=source_port, dport=target_port, flags="S", seq=1000)
syn_ack = sr1(syn, timeout=2, verbose=0)

if not syn_ack or not syn_ack.haslayer(TCP):
    print("未建立TCP连接。")
    exit()

server_seq = syn_ack[TCP].seq
server_ack = syn_ack[TCP].ack

# 第三次握手
ack = ip / TCP(sport=source_port, dport=target_port, flags="A", seq=server_ack, ack=server_seq + 1)
send(ack, verbose=0)

# 构造HTTP请求
http_get = "GET /TestConn.php HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: close\r\n\r\n"
http_payload = http_get.encode("UTF-8")
get_request = ip / TCP(sport=source_port, dport=target_port, flags="PA", seq=server_ack, ack=server_seq + 1) / http_payload
send(get_request, verbose=0)

# 接收所有响应数据段
response_data = b""
seq = server_ack
timeout = time.time() + 5  # 最多等待5秒

while time.time() < timeout:
    pkt = sniff(filter=f"tcp and src host {target_ip} and port 80", count=1, timeout=1)
    if not pkt:
        continue
    tcp = pkt[0][TCP]
    if tcp.sport == target_port and tcp.dport == source_port and tcp.haslayer(Raw):
        payload = bytes(tcp[Raw].load)
        response_data += payload
        # 发送ACK回执
        ack_pkt = ip / TCP(sport=source_port, dport=target_port, flags="A",
                           seq=tcp.ack, ack=tcp.seq + len(payload))
        send(ack_pkt, verbose=0)

# 打印HTTP响应
#if response_data:
#    print("=== 服务器完整响应内容 ===")
#    try:
#        print(response_data.decode("utf-8", errors="ignore"))
#    except Exception:
#        print(response_data)
#else:
#    print("未接收到HTTP响应数据。")

效果图

浏览器

wireshark