Can't "create/reset db" // login.php is blank #114
Comments
|
What do your Apache error logs say?
…On Mon, 28 Nov 2016, 21:25 Akrozia, ***@***.***> wrote:
Hi,
I've installed DVWA v1.9 on Debian 8.
This Debian is actually a virtual machine running on *proxmox version
4.2-17*.
I can't *Create / Reset Database* on *http://localhost:8888/dvwa/setup.php
<http://localhost:8888/dvwa/setup.php>*, just got reddirected to
http://localhost:8888/dvwa/setup.php# (who's blank ...)
I've try to go to *http://localhost:8888/dvwa/login.php
<http://localhost:8888/dvwa/login.php>* but you know... It's blank too.
So, here's what I've already done :
Setup.php showing me this :
Setup Check
Operating system: *nix
Backend database: MySQL
PHP version: 5.6.24-0+deb8u1
Web Server SERVER_NAME: localhost
PHP function display_errors: Disabled
PHP function safe_mode: Disabled
PHP function allow_url_include: Enabled
PHP function allow_url_fopen: Enabled
PHP function magic_quotes_gpc: Disabled
PHP module php-gd: Installed
reCAPTCHA key: xxxxxxxxxxxxxxxxx
Writable folder /var/www/html/dvwa/hackable/uploads/: Yes)
Writable file /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: Yes
My php version :
***@***.***:/var/www/html# php -v
PHP 5.6.24-0+deb8u1 (cli) (built: Jul 26 2016 08:17:07)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
Working with mariadb :
***@***.***:/var/www/html# apt-cache show mariadb-server
Package: mariadb-server
Source: mariadb-10.0
Version: 10.0.27-0+deb8u1
Installed-Size: 73
Maintainer: Debian MySQL Maintainers ***@***.***>
Architecture: all
Depends: mariadb-server-10.0 (>= 10.0.27-0+deb8u1)
And here's my apache2 version :
***@***.***:/var/www/html# apt-cache show apache2
Package: apache2
Version: 2.4.10-10+deb8u7
Installed-Size: 526
Maintainer: Debian Apache Maintainers ***@***.***>
Architecture: amd64
Replaces: apache2.2-common, libapache2-mod-macro (<< 1:2.4.6-1~)
Provides: httpd, httpd-cgi
Depends: lsb-base, procps, perl, mime-support, apache2-bin (= 2.4.10-10+deb8u7), apache2-utils (>= 2.4), apache2-data (= 2.4.10-10+deb8u7)
Pre-Depends: dpkg (>= 1.17.14)
Already done :
chmod -R 755 dvwa
chmod g+w dvwa/hackable/uploads/
chmod g+w dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
Some more informations :
***@***.***:/var/www/html# curl localhost/dvwa/login.php
***@***.***:/var/www/html#
***@***.***:/var/www/html# ls /var/www/html/dvwa/
about.php dvwa index.php php.ini vulnerabilities
CHANGELOG.md external instructions.php README.md
config favicon.ico login.php robots.txt
COPYING.txt hackable logout.php security.php
docs ids_log.php phpinfo.php setup.php
I haven't any clue or idea on what's going on.
Seems like I'm not alone to have these troubles.
I can give you more information if needed, hope you can help me ! Thanks !
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#114>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWeYFXOqKzeTDCgwa6oWzfyzfpviNks5rC0bUgaJpZM4K-R6G>
.
|
|
Hi digininja, |
|
It says the index and settings files either can't be accessed or found, do
they exist?
…On Mon, 28 Nov 2016, 21:54 Akrozia, ***@***.***> wrote:
Hi digininja,
Here's my appache log file (for today) :
[Mon Nov 28 11:07:09.201038 2016] [core:error] [pid 616] [client 10.1.1.254:35236] AH00135: Invalid method in request \x1b\x1b
[Mon Nov 28 21:09:43.030365 2016] [:error] [pid 619] [client 10.1.1.254:46172] script '/var/www/html/dvwa/settings.php' not found or unable to stat
[Mon Nov 28 21:09:46.216680 2016] [:error] [pid 619] [client 10.1.1.254:46172] script '/var/www/html/dvwa/setings.php' not found or unable to stat
[Mon Nov 28 21:11:24.749542 2016] [mpm_prefork:notice] [pid 558] AH00169: caught SIGTERM, shutting down
[Mon Nov 28 21:11:27.220305 2016] [mpm_prefork:notice] [pid 3860] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations
[Mon Nov 28 21:11:27.220414 2016] [core:notice] [pid 3860] AH00094: Command line: '/usr/sbin/apache2'
[Mon Nov 28 21:13:15.914136 2016] [:error] [pid 3865] [client 10.1.1.254:46196] script '/var/www/html/dvwa/dvwa/index.php' not found or unable to stat
[Mon Nov 28 21:13:52.020354 2016] [mpm_prefork:notice] [pid 3860] AH00169: caught SIGTERM, shutting down
[Mon Nov 28 21:13:53.692063 2016] [mpm_prefork:notice] [pid 3917] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations
[Mon Nov 28 21:13:53.692163 2016] [core:notice] [pid 3917] AH00094: Command line: '/usr/sbin/apache2'
[Mon Nov 28 21:19:17.953302 2016] [:error] [pid 3928] [client 10.1.1.254:46240] script '/var/www/html/dvwa/setings.php' not found or unable to stat
[Mon Nov 28 21:55:45.239886 2016] [mpm_prefork:notice] [pid 3917] AH00169: caught SIGTERM, shutting down
[Mon Nov 28 21:55:52.533098 2016] [mpm_prefork:notice] [pid 7772] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations
[Mon Nov 28 21:55:52.533232 2016] [core:notice] [pid 7772] AH00094: Command line: '/usr/sbin/apache2'
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWRmL0yqxRZxLEDKWzur7Xl8mtIGUks5rC02DgaJpZM4K-R6G>
.
|
|
Index exist, settings doesn't (trying to access to setup.php...). |
|
You aren't looking in that directory, check the error message:
[Mon Nov 28 21:13:15.914136 2016] [:error] [pid 3865] [client
10.1.1.254:46196] script '/var/www/html/dvwa/dvwa/index.php' not found
or unable to stat
…On Mon, 28 Nov 2016 at 22:22 Akrozia ***@***.***> wrote:
Index exist, settings doesn't (trying to access to setup.php...).
As above, here's my *dvwa* folder (in */var/www/html/*)
***@***.***:/var/www/html# ls /var/www/html/dvwa/
about.php dvwa index.php php.ini vulnerabilities
CHANGELOG.md external instructions.php README.md
config favicon.ico login.php robots.txt
COPYING.txt hackable logout.php security.php
docs ids_log.php phpinfo.php setup.php
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWa3adKJ3mtkXBc25RCRVAwKs8TCzks5rC1QmgaJpZM4K-R6G>
.
|
|
Seems like index isn't here. Still dunno what to do, moving index.php here ? |
|
you need to work out why you are trying to access it through that
directory. You are browsing to /dvwa but then for some reason trying to get
at files in /dvwa/dvwa, was that a typo?
Show us the error log as well as access, that is the one that will say what
is wrong.
Have you checked that php has the mariadb extensions installed? Can you
log into mariadb from the command line using the user you've given to dvwa?
…On Mon, 28 Nov 2016 at 22:26 Akrozia ***@***.***> wrote:
Seems like index isn't here.
***@***.***:~# ls /var/www/html/dvwa/dvwa/
css images includes js
Still dunno what to do, moving index.php here ?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWXId0StVaBw3RS7die5OpWI872bZks5rC1T7gaJpZM4K-R6G>
.
|
|
So, I tried to acced to http://localhost:8080/dvwa/ redirected to http://localhost:8080/dvwa/login.php Nothing, no error. I can access to my database : How can I check mariadb extensions for php ? |
|
Put up a phpinfo page
…On Mon, 28 Nov 2016, 23:42 Akrozia, ***@***.***> wrote:
So, I tried to acced to http://localhost:8080/dvwa/ redirected to
http://localhost:8080/dvwa/login.php
And at the same time, after clearing log and restarting apache2 ....
***@***.***:~# tailf /var/log/apache2/error.log
[Tue Nov 29 00:33:08.840137 2016] [mpm_prefork:notice] [pid 7772] AH00169: caught SIGTERM, shutting down
[Tue Nov 29 00:33:10.142394 2016] [mpm_prefork:notice] [pid 8227] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations
[Tue Nov 29 00:33:10.145347 2016] [core:notice] [pid 8227] AH00094: Command line: '/usr/sbin/apache2'
Nothing, no error.
I can access to my database :
***@***.***:~# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 32
Server version: 10.0.27-MariaDB-0+deb8u1 (Debian)
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use dvwa;
Database changed
MariaDB [dvwa]>exit
How can I check mariadb extensions for php ?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWeKMhspbJwlkGg8j_FlOTDmprLxlks5rC2brgaJpZM4K-R6G>
.
|
|
Here's my phpinfo page : |
|
Looks like the mysql extensions are there.
Next thing I would try is to clear your logs, drop the dvwa database and
start again. I don't know where your port 8888 came from in your first
examples but drop that if you can. Try to make sure you don't make any
typos in directories, you've got it installed in dvwa so that is where you
should be accessing things.
Watch the logs on each page and when you see problems try to work out what
caused them.
You showed logging in to mariadb as root, is that the user you have given
to dvwa?
…On Tue, 29 Nov 2016 at 07:49 Akrozia ***@***.***> wrote:
Here's my phpinfo page :
phpinfo.zip
<https://github.com/ethicalhack3r/DVWA/files/618366/phpinfo.zip>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWe_rP1kf0pL-o-tFbDmlnPBWsL0nks5rC9kngaJpZM4K-R6G>
.
|
|
DVWA Database is actually empty, cause I can't Create/Reset Database. I've already deleted dvwa folders and import it again (from zip), modifying only what I need, still isn't working. Yeah, it's local database with only 1 user on the kvm (root), mariadb haven't password. I'll try to install it from live cd this evening. I'll give you feedback if working in this way (or another). |
|
Use the github repos, that is up to date and has all the latest bug fixes.
…On Tue, 29 Nov 2016 at 09:17 Akrozia ***@***.***> wrote:
DVWA Database is actually empty, cause I can't *Create/Reset Database*.
Actually the server is running on kvm, I must make an ssh tunnel to access
to dvwa (ssh -L 8888:10.1.1.8:80).
I've already deleted dvwa folders and import it again (from zip),
modifying only what I need, still isn't working.
Browsing didn't make any error log.
Yeah, it's local database with only 1 user on the kvm (root), mariadb
haven't password.
I'll try to install it from live cd this evening. I'll give you feedback
if working in this way (or another).
Anyway, thanks you digininja for your time and your help. :)
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHJWQ_q7SR4FWbA9NR9ondwCBNuyJ66ks5rC-2WgaJpZM4K-R6G>
.
|
|
here are the some fix u can do
apt-get update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I've installed DVWA v1.9 on Debian 8.
This Debian is actually a virtual machine running on proxmox version 4.2-17.
I can't Create / Reset Database on http://localhost:8888/dvwa/setup.php, just got reddirected to http://localhost:8888/dvwa/setup.php# (who's blank ...)
I've try to go to http://localhost:8888/dvwa/login.php but you know... It's blank too.
So, here's what I've already done :
Setup.php showing me this :
My php version :
Working with mariadb :
And here's my apache2 version :
Already done :
Some more informations :
I haven't any clue or idea on what's going on.
Seems like I'm not alone to have these troubles.
I can give you more information if needed, hope you can help me ! Thanks !
The text was updated successfully, but these errors were encountered: