This material is work-in-progress ... Do not follow instructions here until this notice is removed. (Last edited by Fab on 28 Jan 2013.)

NOWASP (Mutillidae) is a free, open source, deliberately vulnerable web-application. It's similar to DVWA.

Install lighttpd, PHP, and MySql

Install the additional packages:

apk add lighttpd php5-common php5-iconv php5-json php5-gd php5-curl php5-xml php5-pgsql php5-mysql php5-imap php5-cgi fcgi

apk add php5-pdo php5-pdo_pgsql php5-pdo_mysql php5-soap php5-xmlrpc php5-posix php5-mcrypt php5-gettext php5-ldap php5-ctype php5-dom

Configure Lighttpd

Edit lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

Uncomment line:

include "mod_fastcgi.conf"

Edit mod_fastcgi.conf

vi /etc/lighttpd/mod_fastcgi.conf

Edit the section:

/usr/bin/php-cgi

To:

/usr/bin/php-cgi5

Start lighttpd service and add to needed runlevel

rc-service lighttpd start && rc-update add lighttpd default

Install extra packages:

apk add php-mysql mysql mysql-client

Installing and configuring Mutillidae

Create the a folder named webapps

mkdir -p /usr/share/webapps/

Download the source archive and unpack it

cd /usr/share/webapps/ wget http://sourceforge.net/projects/mutillidae/files/mutillidae-project/LATEST-mutillidae-2.3.14.zip

Unpack the archive and remove it

unzip LATEST-mutillidae-2.3.14.zip rm LATEST-mutillidae-2.3.14.zip

Change the folder permissions

chmod -R 777 /usr/share/webapps/

Create a symlinks to the folder mutillidae

ln -s /usr/share/webapps/mutillidae/ /var/www/localhost/htdocs/mutillidae