Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Web Penetration Testing

You're reading from   Practical Web Penetration Testing Secure web applications using Burp Suite, Nmap, Metasploit, and more

Arrow left icon
Product type Paperback
Published in Jun 2018
Publisher Packt
ISBN-13 9781788624039
Length 294 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Gus Khawaja Gus Khawaja
Author Profile Icon Gus Khawaja
Gus Khawaja
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Building a Vulnerable Web Application Lab FREE CHAPTER 2. Kali Linux Installation 3. Delving Deep into the Usage of Kali Linux 4. All About Using Burp Suite 5. Understanding Web Application Vulnerabilities 6. Application Security Pre-Engagement 7. Application Threat Modeling 8. Source Code Review 9. Network Penetration Testing 10. Web Intrusion Tests 11. Pentest Automation Using Python 12. Nmap Cheat Sheet 13. Metasploit Cheat Sheet 14. Netcat Cheat Sheet 15. Networking Reference Section 16. Python Quick Reference 17. Other Books You May Enjoy

Installing Mutillidae on Windows

Mutillidae can easily be installed on Windows operating systems. In this example, I will install it on Windows 7 (this is just a personal choice).

First, we will download and install XAMPP, which stands for Apache, MySQL, PHP, and Perl (the X at the beginning indicates that this application is cross-platform—some people call it WAMPP on Windows, replacing the X with W). So, as you may have guessed, after installing XAMPP, you will have Apache (web server), MySQL (database), and PHP (programming language).

Downloading and installing XAMPP

To download XAMPP, browse to https://www.apachefriends.org/download.html, then choose the latest version from the list, which is 7.1.10 in my case (see the following screenshot). Then, click on the Download button to save it to your local Windows machine:

Before we start installing XAMPP, we will change the Windows User Account Control settings. To do so, open the Control Panel and click on User Accounts. When the new dialog box opens, click on Change User Account Control settings:

In the UAC window, you will need to drag the slider completely to the bottom and click on the OK button to save the changes:

It's time to install XAMPP (or WAMPP). Double-click on the downloaded file to start the installation process, and in the first dialog window, click on the Next button. In the next window, accept all of the default components, and click Next:

In the next step, you need to choose a folder to install XAMPP in. Generally, I leave it as the default path, C:\xamp, and then click on Next.

After this, you will be prompted to choose whether you want to learn about Bitnami. I would leave the checkbox checked, and click on Next.

At this stage, the setup is ready to begin installing XAMPP. Click on the last Next button, and finally, you will see the installation dialog.

After the installation has completed, you will be asked whether you want to start the Control Panel; leave it checked, so that we can start the services needed to install Mutillidae.

In the beginning, the services in the Control Panel have been stopped. We will need to start Apache and MySQL by clicking on their Start buttons:

Mutillidae installation

I'm assuming that you have already downloaded Mutillidae, as instructed previously in this chapter. Extract the compressed archive file, copy the mutillidae folder, and paste it into the C:\xamp\htdocs folder.

In order to access the Mutillidae site from the intranet, we will need to adjust the configuration file, .htaccess. Open the Mutillidae folder that you just copied, and the .htaccess file will be inside (use Notepad to open it):

Since my network IP address range is 10.0.0.0/24, I will add the line Allow from 10. in the allow section:

Open your browser and go to http://[your machine IP]/mutillidae. After the page loads, click on the setup/reset the DB link, and Mutillidae will install. If everything is good, you will be told that no errors were detected when resetting the database.

Finally! The installation of Mutillidae is complete:

Check this out! We have a Mutillidae home page up and running, and it's screaming, Hack me, please:

You have been reading a chapter from
Practical Web Penetration Testing
Published in: Jun 2018
Publisher: Packt
ISBN-13: 9781788624039
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image