Latest revision as of 09:57, 17 November 2023

This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Sertonix on 17 Nov 2023.)

NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application. It's similar to DVWA.

Install lighttpd, PHP, and MySql

Basic Installation

For installing the additional packages first activate community packages and update the package index

Install the required packages:

# apk add lighttpd php82 fcgi php82-cgi

Configure Lighttpd

Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:

Contents of /etc/lighttpd/lighttpd.conf

...
include "mod_fastcgi.conf"
...

Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.

Contents of /etc/lighttpd/mod_fastcgi.conf

...
"bin-path" => "/usr/bin/php-cgi82" # php-cgi
...

Start `lighttpd` service and add it to default runlevel

# rc-service lighttpd start # rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client

Installing and configuring Mutillidae

Create the a folder named webapps

mkdir -p /usr/share/webapps/

Download the source archive and unpack it

cd /usr/share/webapps/ wget https://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-mutillidae-2.3.14.zip^{[Dead Link]}

Unpack the archive and remove it

unzip LATEST-mutillidae-2.3.14.zip rm LATEST-mutillidae-2.3.14.zip

Change the folder permissions

chmod -R 777 /usr/share/webapps/

Create a symlinks to the folder mutillidae

ln -s /usr/share/webapps/mutillidae/ /var/www/localhost/htdocs/mutillidae

@@ Line 1: / Line 1: @@
 {{Draft}}
-[http://sourceforge.net/projects/mutillidae/ NOWASP (Mutillidae)] is a free, open source, deliberately vulnerable web-application. It's similar to [[Damn_Vulnerable_Web_Application_(DVWA)|DVWA]].
+[https://github.com/webpwnized/mutillidae NOWASP (Mutillidae)] is a free, open source, deliberately vulnerable web-application. It's similar to [[Damn_Vulnerable_Web_Application_(DVWA)|DVWA]].
 = Install lighttpd, PHP, and MySql =
@@ Line 9: / Line 9: @@
 {{Cmd|apk add php-mysql mysql mysql-client}}
-= Installing and configuring Piwik =
+= Installing and configuring Mutillidae =
-Create the a folder named ''webapps''
+Create the a folder named {{Path|webapps}}
 {{Cmd|mkdir -p /usr/share/webapps/}}
@@ Line 18: / Line 18: @@
 {{Cmd|cd /usr/share/webapps/
-wget http://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-mutillidae-2.3.14.zip}}
+<nowiki>wget https://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-mutillidae-2.3.14.zip</nowiki>{{dead link}}}}
 Unpack the archive and remove it
-{{Cmd|unzip DVWA-1.0.7.zip
+{{Cmd|unzip LATEST-mutillidae-2.3.14.zip
-rm DVWA-1.0.7.zip}}
+rm LATEST-mutillidae-2.3.14.zip}}
 Change the folder permissions
@@ Line 29: / Line 29: @@
 {{Cmd|chmod -R 777 /usr/share/webapps/}}
-Create a symlinks to the folder ''dvwa''
+Create a symlinks to the folder {{Path|mutillidae}}
-{{Cmd|ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}}
+{{Cmd|ln -s /usr/share/webapps/mutillidae/ /var/www/localhost/htdocs/mutillidae}}
 <!--
 = Configuration and start MySql =
 {{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
-/etc/init.d/mysql start && rc-update add mysql default
+rc-service mysql start && rc-update add mysql default
 /usr/bin/mysqladmin -u root password 'password'</nowiki>}}
@@ Line 43: / Line 43: @@
 {{Cmd|nano -w /usr/share/webapps/dvwa/config/config.inc.php}}
-To complete the setup, browse to the DVWA directory on the webserver.
+To complete the setup, browse to the mutillidae directory on the webserver.
-http://WEBSERVER_IP_ADDRESS/dvwa
+<nowiki>http://WEBSERVER_IP_ADDRESS/mutillidae</nowiki>
 Follow the link to setup the database.-->
 [[Category:PHP]] [[Category:SQL]] [[Category:Security]]