Setup a Vulnerable LAMP Server

LAMP is an acronym of the names of its original four open-source components used for building dynamic websites and web applications, These components are Linux, Apache, MySQL and PHP (or Perl).

The equivalent installation on Microsoft Windows operating system is known as WAMP.

To make this server vulnerable, we will be installing outdated versions of PHP and setting up broken web applications, these applications are used for learning how to hack\pentest using various different methods.  Be careful not to expose your vulnerable LAMP server outside your own network as it will be hacked.

I will be setting up my vulnerable LAMP server in Linux Mint which I installed recently, See my Installing Linux Mint in VirtualBox Tutorial here . But this tutorial should work with most debian\Ubuntu based Linux Distributions.

Before we start let’s update all the repositories and upgrade our Linux installation.

sudo apt-get update && sudo apt-get upgrade -y

Apache

First, we will be installing Apache HTTP server this is simply done by typing this command below.

sudo apt-get install apache2

To test its all working, just open up a web browser and type either http://127.0.0.1 or http://localhost and you should be presented with a page like this.

 

MySQL

Now its time to install MySQL Database, this is done by typing.

sudo apt-get install mysql-server

This will start the installer and then ask if you want to continue, hit Y and enter and it should start installing.

Then you will be asked to set a Password for MySQL, as this is a vulnerable Server we are going to set the password to [email protected]. In the real world, you would use a password much more secure.

 

 

PHP

The latest version of PHP is version 7 but as this a vulnerable server we will need Version 5.6 to make sure the vulnerable sites we will be setting up later work properly, but the only version in the Mint repositories is the latest version 7. To get around this we need to edit the repository list to install a older version of PHP.

sudo add-apt-repository ppa:ondrej/php

 

Press enter to continue and the repository will install.

Now we will need to update our newly installed repositories.

sudo apt-get update

Check if you have a version of PHP already installed.

php -v

now install PHP5.6 from our updated repository.

sudo apt-get install php5.6 php5.6-mysql php-xdebug libapache2-mod-php5.6 php5.6-mbstring

just to make sure everything has installed correctly type php -v and check the version.

Next, we are going to create a PHP info page that will show PHP is Setup correctly.

firstly lets change to the root directory of our web server

cd /var/www/html/

Then using a text editor we can create our phpinfo.php file.

sudo nano phpinfo.php

when nano opens up our blank php file type..

<?php

phpinfo();

?>

…and press ctrl x to exit and it will ask you if you want to save your changes just hit y, check the file name and hit enter.

Now navigate to that PHP file in your web browser by typing

http://127.0.0.1/phpinfo.php

and you should get presented with a page like this showing you all you PHP configurations.

 

 

DVWA (Damn Vulnerable Web App)

http://www.dvwa.co.uk/

Go to the site (link above) and click their download link which should give you a prompt asking you what you want to do with the file just click Save File and click OK, this should save the file to your downloads folder.

Open up a Terminal and we will need to navigate to where we downloaded DVWA.

cd ~/Downloads

If you do a ls you should be able to see the file you already downloaded.

Now unzip the DVWA zip file extract it into a folder called dvwa.

unzip DVWA-1.9.zip

Rename the unziped DVWA-1.9 folder to dvwa

mv DVWA-1.9 dvwa

Then move newly created dvwa folder to the apache directory.

sudo mv dvwa/ /Var/www/html/

Next navigate to the dvwa config folder so we can enter in the MySQL details to get DVWA working.

cd /var/www/html/dvwa/config/

then use a text edititor to endit the config file.

nano config.inc.php

edit the password to match the password of [email protected] which we setup earlyer in MySQL

$_DVWA = array();
 $_DVWA[ 'db_server' ] = '127.0.0.1';
 $_DVWA[ 'db_database' ] = 'dvwa';
 $_DVWA[ 'db_user' ] = 'root';
 $_DVWA[ 'db_password' ] = '[email protected]';

now we just need to reload the apache settings

sudo service apache2 reload

Open up a Web browser and navagate to the dvwa folder we have just created

http://127.0.0.1/dvwa/

You should get presented with this Database Setup page

 

Anything highlighted in red needs to be dealt with before we create the databases.

 

PHP function allow_url_include: Disabled

To set this we need to edit our php.ini file, so first navagate to the folder that contains the php.ini file.

cd /etc/php/5.6/apache2

then open up the php.ini file in a text editor

sudo nano php.ini

Then tap Ctrl + w to do a search, type allow_url_include.

this should take you to the allow_url_include line of the PHP.ini file which should state Off

change the line to say allow_url_include =On see picture below

Hit CTRL+x  to close nano and Y to save the changes we have just made.

Reload the apache2 service to make the changes available.

sudo service apache2 reload

 

PHP module php-gd: Missing

This can quite easly be installed from our linux reposatories.

sudo apt-get install php5.6-gd

Then we just need to restart our apache services

sudo service apache2 reload

 

reCAPTCHA key: Missing

Go to https://www.google.com/recaptcha/ to create and generate your own keys for the Insecure CAPTCHA module.

You will need to then login with a google account and select the big blue Get reCAPTCHA button.

Then in the Register a new site box add a label, type dvwa and in the domains type localhost, 127.0.0.1 and click Register.

You should now be given your Keys which we need to add into the config.inc.php in your DVWA folder.

With a text editor open up the config document in the dvwa folder.

nano /var/www/html/dvwa/config/config.inc.php

Edit the ReCAPTCHA settings, adding in the keys we have just got from google inbetween the two ‘ ‘. Site key going into the recapture_public_key and Secret Key going into recaptcha_private_key.

Then hit Ctrl+x to close and y to save the changes and reload the apache services.

sudo service apache2 reload

 

Writable folder /var/www/html/dvwa/hackable/uploads/:No

This Error means you need to make uploads a writable folder you use Chmod and chown to do this.

sudo chmod 777 /var/www/html/dvwa/hackable/uploads/

sudo chown root:root /var/www/html/dvwa/hackable/uploads/

 

Writable file /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No

same as above you need to use chmod to change the permissions on this file and make it writeable.

sudo chmod 777 /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_logs.txt

Now every thing should be green on our Database setup page, click Create  / Reset Database button at the bottom of the DVWA setup window this will connect to MySQL and create all the required databases.

and you should now get automatically presented with the login screen.

The default username and password for this site is  admin:password .

 

OWASP Mutillidae 2

Download the latest Mutillidae zip file from https://sourceforge.net/projects/mutillidae/files/mutillidae-project/ and save it to your downloads folder.

navigate to your downloads directory.

cd  ~/Downloads

If you do a ls you should see something like LATEST-mutillidae-2.6.40.zip in this folder, we need to now unzip it.

unzip LATEST-mutillidae-2.6.40.zip

And move the unziped folder to your apache directory

sudo mv mutillidae/ /var/www/html/

Now we need to setup the Mysql Password  in the MySQLHandler.php file, so mutillidae can connect to MySQL and setup the databases.

sudo nano /var/www/html/mutillidae/classes/MySQLHandler.php

Scroll down the document until you find static public $mMySQLDatabasePassword = “”; and enter [email protected] between the speech marks” ” as below.

Then hit Ctrl+x and then  y to save changes.

next we need to modify the apache directory config to add index.php to be first in the list.

sudo nano /etc/apache2/mods-enabled/dir.conf

Hash (#) out the the current DirectoryIndex line and on a new line type out a new DirectoryIndex see below.

DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

Ctrl + x to exit the document and hit y and enter to save.

Then you need to add php5.6-Simplexml from the Linux repositories  this allows the server to easily manipulate and get XML data.

sudo apt-get install php5.6-simplexml

Then reload the apache2 service.

sudo service apache2 reload

Now open up your web browser and in the address bar type http://127.0.0.1/mutillidae and you should get a message saying the database is offline.

Click setup/reset the DB  this should run through and setup all the database for you and you should get a pop-up saying No PHP or MySQL errors were detected when resetting the database.

Click OK and the page should reload and you get redirected to the Mutillidae home page.

Notice the Yellow warning message that says we don’t have php5-curl installed so open up a terminal and type.

sudo apt-get install php5.6-curl

and reload apache again.

sudo service apache2 reload

If you reload the mutillidae page, we should see the error has gone away.

 

 

Sqli-Labs

Download Sqli-labs by following this link  http://github.com/Audi-1/sqli-labs/archive/master.zip and saving it to you downloads directory.

change to you downloads directory

cd ~/Downloads

if you do a ls you should see sqli-labs-master.zip in this folder now we need to unzip the folder.

unzip sqli-labs-master.zip

and then rename the unzipped folder to sqli

mv sqli-labs-master sqli

Now we need to move this folder to our apache directory

sudo mv sqli /var/www/html/

next we need add the Mysql password to the database configuration file .

sudo nano /var/www/html/sqli/sql-connections/db-creds.inc

and edit between the two ‘ ‘ for dbpass = ”; as below

then Ctrl + x to exit and hit y and enter to save.

In your web browser navigate to your sqli folder and you should get a page as below.

http://127.0.0.1/sqli/

Lastly, click Setup/reset Database for labs this will create all the databases needed.

 

 

bWAPP (Buggy Web Application)

The bWAPP home page can be found here http://www.itsecgames.com/

And you can download the latest version of bWAPP from here https://sourceforge.net/projects/bwapp/files/bWAPP/

The current version when i write this is bWAPPv2.2 https://sourceforge.net/projects/bwapp/files/bWAPP/bWAPPv2.2/bWAPPv2.2.zip/download

Save the file to your Downloads folder then navagate to your downloads folder.

cd ~/Downloads

type ls just to check bWAPPv2.2.zip is in your Downloads folder and we can now unzip it.

unzip bWAPPv2.2.zip -d bWAPP

Now move the folder to your apache directory.

sudo mv bWAPP /var/www/html/

With a text editor add the database connection settings to bWAPP

sudo nano /var/www/html/bWAPP/bWAPP/admin/settings.php

navigate to the part of the document that says // Database connection settings and add the MySQL password between the speech marks on db_password = “[email protected]”; as below.

press Ctrl + x  to exit settings.php and hit y to save the file.

cd .. to go back one directory and we need to change some permissions to make the application Vulnerable.

chmod 777 passwords/

chmod 777 images/

chmod 777 documents/

after making the above permission changes, open up your web browser and navigate to the bWAPP install.php

http://127.0.0.1/bWAPP/bWAPP/install.php

you should see the bWAPP install page, just click the here to install bWAPP link.

This will quickly setup all the databases and the screen will display bWAPP has been installed sucessfully!

You can now navigate to your bWAPP installation

http://127.0.0.1/bWAPP/bWAPP/

default login and password for bWAPP is bee:bug

 

and thats our vulnerable Server all setup, I will be useing this setup for future tutorials, so keep checking back as i have some exciting things planned and as always please comment in the Reply box below if you have any issues setting this up or have any comments for me.