Introduction
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. Read more about OWASP on www.owasp.org
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.
Installation
Environment : Ubuntu 14.04 TLS, Apache, PHP 7.0.5-2+deb.sury.org~trusty+1 (cli) ( NTS ).
- Download latest version at sourceforge.
- Extract and Move to your web directory
- Set permission on mutillidae folder
Problems found
- Call to undefined function mb_convert_encoding()
- Server returns 500 Internal Server Error, with error log : Call to undefined function mb_convert_encoding().
- Install mbstring module & reload Apache
sudo apt-get install php7.0-mbstring
sudo service apache2 reload - The database server at localhost appears to be offline
- Mutillidae local web page shows message : The database server at localhost appears to be offline. The solution is to change db configuration in
/mutillidae/classes/MySQLHandler.php. Then click link to reset DB. This will create database namednowasp(default).
Reference
- Instructional videos : webpwnized YouTube channel.
No comments:
Post a Comment