Security and Technology

Installing Mutillidae (Vulnerable Web Application for Testing) – Learn Penetration Testing & Ethical Hacking

Introduction :-

Mutillidae was originally created by Adrian Crenshaw aka “Irongeek” and is now maintained by Jeremy Druin. For this course we will be using two different versions of Mutillidae.

Mutillidae in the Metasploitable 2 Virtual Machine.

We will install the latest Version of Mutillidae on our Windows 7 virtual Machine.

So the first question which you may be having right know is. Why two different versions ? The reason for doing that is the Mutillidae on Metasploitable VM is an older version and it is running in a Linux Environment. A the latest release which is 2.6 we will be running on Windows 7. The benefit of doing that is we can see how website attacks interact differently with the underlaying operation system.

The attack commands and its effects will be different on both operating systems and also the Metasploitable 2 Mutillidae is more responsive in a virtual environment.

There are some database connection related issue in the Mutillidae running in Metasploitable 2 so we will fix that first and after that will move on to installing Mutillidae on Windows 7.

Mutillidae Database Configuration Changes :-

As written in the above para graph that Metasploitable version of Mutillidae have some database configuration error so here is how we can change them. The default database name in the config file is “Metasploit” and we will change it to “owasp10” to get Mutillidae to run without errors.

Start your Metasploitable VM

Login to the system (default username and password is “msfadmin“)

Change directory to /var/www/mutilliade

Then type : sudo nano config.inc

And now change the database name from “metasploit” to “owasp10“

After that press “Cntrl+x” and “Y” to exit and save the changes.

Php.ini Config Changes :-

Lastly we will change some setting in php.ini file to perform Remote Inclusion Attacks which will be covered in future chapters of Web Application Testing.

The php.ini file is stored in /etc/php5/cgi/ . We need to edit this file use sudo nano php.ini , Find “Fopen wrappers” section and change “allow_url_include” to “on“. Now just save and exit. Restart Apache and reset the database.

Restart Apache by typing : “sudo /etc/init.d/apache2 restart“

Now finally form you Host of other VM open Mutillidae in a browser “Metasploitable2 IP address/mutillidae“

Click, “Reset DB“

And this is all things we need to do and Metasploitable VM is all set !!

The post Installing Mutillidae (Vulnerable Web Application for Testing) appeared first on Learn Penetration Testing & Ethical Hacking. http://ift.tt/2dLm0cE http://ift.tt/2aM8QhC

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s