How to set up Mutillidae - Linux

Mutillidae is a vulnerable framework where you can practice OWASP top 10, https://owasp.org/www-project-top-ten/

Download

https://sourceforge.net/projects/mutillidae/

  • sudo git clone https://github.com/webpwnized/mutillidae.git

1. Install the required repositories (in this case I’m using php 7.3)

  • sudo apt-get install php7.3-curl php7.3-mbstring php7.3-xml

Extra

Show php version

  • php --version

2. Extract the Mutillidae content in /var/www/html

  • ls -ld mutillidae
  • pwd

Run the site

1. Start the web server process

  • sudo service apache2 start
  • sudo service apache2 status

2. Access you web service via browser

  • http://localhost/mutillidae/

This tells us that the MySQL service is not running, so, we need to start it the same way we did with apache

3. Start the database

  • sudo service mysql start
  • sudo service mysql status

4. Click on “setup/reset the DB”

This time we are getting issues with authentication

5. Set up the accounts for mutillidae to access the database, user root & password mutillidae

  • sudo mysql -u root
  • use mysql;
  • update user set authentication_string=PASSWORD('mutillidae') where user='root';
  • update user set plugin='mysql_native_password' where user='root';
  • flush privileges;
  • quit;

6.Now configure the file that connects to the database

  • sudo vi /var/www/html/mutillidae/classes/MySQLHandler.php

$mMySQLDatabaseUsername

$mMySQLDatabasePassword

7. Go again to the browser and click again “setup/reset the DB”, now it was able to set up the database, click OK

8. Now, we got access to the application