Mutillidae is a vulnerable framework where you can practice OWASP top 10, https://owasp.org/www-project-top-ten/
Download
https://sourceforge.net/projects/mutillidae/
- sudo git clone https://github.com/webpwnized/mutillidae.git
1. Install the required repositories (in this case I’m using php 7.3)
- sudo apt-get install php7.3-curl php7.3-mbstring php7.3-xml
Extra
Show php version
- php –version
2. Extract the Mutillidae content in /var/www/html
- ls -ld mutillidae
- pwd
Run the site
1. Start the web server process
- sudo service apache2 start
- sudo service apache2 status
2. Access you web service via browser
- http://localhost/mutillidae/
This tells us that the MySQL service is not running, so, we need to start it the same way we did with apache
3. Start the database
- sudo service mysql start
- sudo service mysql status
4. Click on “setup/reset the DB”
This time we are getting issues with authentication
5. Set up the accounts for mutillidae to access the database, user root & password mutillidae
- sudo mysql -u root
- use mysql;
- update user set authentication_string=PASSWORD(‘mutillidae’) where user=’root’;
- update user set plugin=’mysql_native_password’ where user=’root’;
- flush privileges;
- quit;
6.Now configure the file that connects to the database
- sudo vi /var/www/html/mutillidae/classes/MySQLHandler.php
$mMySQLDatabaseUsername
$mMySQLDatabasePassword
7. Go again to the browser and click again “setup/reset the DB”, now it was able to set up the database, click OK
8. Now, we got access to the application
