by Vry4n_ | Apr 8, 2020 | Labs
bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows.
https://github.com/jehy-security/bwapp
https://sourceforge.net/projects/bwapp/
Installation
1. Download the main file
2. make a directory in /var/www/html and unzip the downloaded file there
- sudo mkdir /var/www/html/bWAPP
- sudo mv bWAPP_latest.zip /var/www/html/bWAPP/
- cd /var/www/html/bWAPP/
- ls
- sudo unzip bWAPP_latest.zip
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-25.png)
3. Having all the files extracted navigate to ./bWAPP/admin
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-26.png)
4. Make sure to start apache & mysql services
- sudo service mysql start
- sudo service mysql status
- sudo service apache2 start
- sudo service apache2 status
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-27.png)
5. Modify the SQL credentials in settings.php, credentials used to log in to mysql
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-28.png)
Confirm you can log in to mysql, using the same credentials you put on settings.php
- mysql -u root -p
- show databases;
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-29.png)
Extra
If you still have issues you can set the database password by logging into the mysql and run
Change user and password at will
- ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘bug’;
- flush privileges;
6. Give full permissions to the following directories documents, images, passwords & logs
- sudo chmod 777 documents/
- sudo chmod 777 images/
- sudo chmod 777 passwords/
- sudo chmod 777 logs/
- ls -ld documents images passwords logs
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-30.png)
7. Now access the application from the browser. Probably you will face the following error
- http://127.0.0.1/bWAPP/bWAPP/login.php
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-31.png)
8. To fix it access /bWAPP/bWAPP/install.php, and, click on “here”
- http://127.0.0.1/bWAPP/bWAPP/install.php
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-32.png)
9. After that this message should show
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-33.png)
10. Now click on log in to get back to the page where we got the error
- 127.0.0.1/bWAPP/bWAPP/login.php
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-34.png)
11. The credentials are bee/bug
![](https://vk9-sec.com/wp-content/uploads/2020/04/word-image-35.png)
12. There you can do the following
- Change current password
- Create a new user
- Change security level
- Reset the database
- Select the instance to test “choose your bugs”
by Vry4n_ | Mar 18, 2020 | Labs
Mutillidae is a vulnerable framework where you can practice OWASP top 10, https://owasp.org/www-project-top-ten/
Download
https://sourceforge.net/projects/mutillidae/
- sudo git clone https://github.com/webpwnized/mutillidae.git
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-431.png)
1. Install the required repositories (in this case I’m using php 7.3)
- sudo apt-get install php7.3-curl php7.3-mbstring php7.3-xml
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-432.png)
Extra
Show php version
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-433.png)
2. Extract the Mutillidae content in /var/www/html
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-434.png)
Run the site
1. Start the web server process
- sudo service apache2 start
- sudo service apache2 status
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-435.png)
2. Access you web service via browser
- http://localhost/mutillidae/
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-436.png)
This tells us that the MySQL service is not running, so, we need to start it the same way we did with apache
3. Start the database
- sudo service mysql start
- sudo service mysql status
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-437.png)
4. Click on “setup/reset the DB”
This time we are getting issues with authentication
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-438.png)
5. Set up the accounts for mutillidae to access the database, user root & password mutillidae
- sudo mysql -u root
- use mysql;
- update user set authentication_string=PASSWORD(‘mutillidae’) where user=’root’;
- update user set plugin=’mysql_native_password’ where user=’root’;
- flush privileges;
- quit;
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-439.png)
6.Now configure the file that connects to the database
- sudo vi /var/www/html/mutillidae/classes/MySQLHandler.php
$mMySQLDatabaseUsername
$mMySQLDatabasePassword
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-440.png)
7. Go again to the browser and click again “setup/reset the DB”, now it was able to set up the database, click OK
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-441.png)
8. Now, we got access to the application
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-442.png)
by Vry4n_ | Mar 10, 2020 | Labs
This has been writen to explain the steps to set a basic insecure SMTP lab. We are using hMailServer to act as a mail server & Thunderbird as mail client.
https://www.hmailserver.com/
https://www.thunderbird.net/
Mail Server (hMailServer)
1. Start the wizzard
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-261.png)
2. Next, Accept the license
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-262.png)
3. Select the install folder, next
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-263.png)
4. Full installation, next
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-264.png)
5. Use built in database, next
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-265.png)
6. Create a shortcut, next
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-266.png)
7. Choose the password for accessing hMailServer
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-267.png)
8. Complete the installation
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-268.png)
9. This may pop up, click yes, to install some dependencies
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-269.png)
10. The installation begins
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-270.png)
Configuration
1. Connect as Administrator
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-271.png)
2. Enter the password we just created
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-272.png)
3. You will enter to the main view
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-273.png)
4. First thing start up process
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-274.png)
5. We need to create a domain
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-275.png)
In that we have different tabs
- General: The name of the domain. To be considered valid, a domain name must include a dot. You must set up your DNS servers so that email can be sent to your mail server.
- Names: One domain can have several names. These are also known as domain aliases. For example, your organization might own the domain, company.com, but it might also own company.org
- Signature: you can configure hMailServer to add a signature to all email sent from this domain, If no HTML signature is specified, hMailServer will use the plain text signature as HTML signature as well.
- Limits: If you have specified 500MB, the total size of all messages in the domain will not exceed 500MB
- DKIM Signing (encryption): DKIM, Domain Keys Identified Mail, is a method to sign the content of messages. The recipient can verify that the message is sent from a server authenticated to send from the sender’s domain, and that the message content has not been modified in transit.
- Advanced: This tab contains the advanced settings for the domain. You normally don’t need to modify these settings.
Note
For this lab I will only modify general tab
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-276.png)
6. After saving the changes, we see the domain added
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-277.png)
7. Now, it’s time to add user accounts
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-278.png)
8. Add a user (leave the rest as default), then save
- Address: vry4n
- Password: pass1
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-279.png)
9. In accounts we see our first user created
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-280.png)
We will add a second user named john
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-281.png)
At this point we are done with the mail server set up. Now it is time to run an email client to be able to send/receive emails
Email client (Thunderbird)
For this exercise we will use Thunderbird and a Linux machine to connect.
1. Install Thunderbird
- apt-get install thunderbird
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-282.png)
2. Run the application
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-283.png)
The application will now show up.
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-284.png)
3. Add the SMTP server
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-285.png)
4. Select the default account or add a new one
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-286.png)
Edit the settings
- Description: VK9 SMTP
- Server Name: vk9-sec.com
- Port: 587
- Connection security: (optional TLS)
- Authentication method: (optional)
- User Name: Administrator
- OK
4. Add the domain name and server address to DNS records, we will use /etc/hosts
- vi /etc/hosts
- add -> 192.168.0.6 vk9-sec.com
- cat /etc/hosts | grep 192.168.0.6
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-287.png)
5. Test connectivity
- ping -c 2 vk9-sec.com
- telnet vk9-sec.com 587
- telnet vk9-sec.com 110
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-288.png)
5. Now it is time to set up our accounts, when ThunderBird is first opened it requests to add an account.
- File -> New -> Existing mail account
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-289.png)
Fill the blank spaces
- name: vry4n
- email address: vry4n@vk9-sec.com
- password: pass1
We have already created the accounts in the previous steps, in hMailServer
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-290.png)
6. Now, click on “Manual config”, correct the server name. and, adjust the settings to match the server’s. I use POP3, I manually changed that
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-291.png)
7. Test connectivity
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-292.png)
Doin gthis auto adjusts the settings, now it’s time to click on “Done”
8. Accept the risk, since, we are not using encryption.
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-293.png)
9. The account know shows up in the main page.
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-294.png)
Now, we do the same for the other account. John
- File -> New -> Existing mailing account
- john
- john@vk9-sec.com
- pass1
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-295.png)
10. Send an email as a test
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-296.png)
![](https://vk9-sec.com/wp-content/uploads/2020/03/word-image-297.png)