LAMP is an acronym of the names of its original four open-source components used for building dynamic websites and web applications, These components are Linux, Apache, MySQL and PHP (or Perl).
The equivalent installation on Microsoft Windows operating system is known as WAMP.
To make this server vulnerable, we will be installing outdated versions of PHP and setting up broken web applications, these applications are used for learning how to hack\pentest using various different methods. Be careful not to expose your vulnerable LAMP server outside your own network as it will be hacked.
I will be setting up my vulnerable LAMP server in Linux Mint which I installed recently, See my Installing Linux Mint in VirtualBox Tutorial here . But this tutorial should work with most debian\Ubuntu based Linux Distributions.
Before we start let’s update all the repositories and upgrade our Linux installation.
sudo apt-get update && sudo apt-get upgrade -y
Apache
First, we will be installing Apache HTTP server this is simply done by typing this command below.
sudo apt-get install apache2
To test its all working, just open up a web browser and type either http://127.0.0.1 or http://localhost and you should be presented with a page like this.
MySQL
Now its time to install MySQL Database, this is done by typing.
sudo apt-get install mysql-server
This will start the installer and then ask if you want to continue, hit Y and enter and it should start installing.
Then you will be asked to set a Password for MySQL, as this is a vulnerable Server we are going to set the password to [email protected]. In the real world, you would use a password much more secure.
PHP
The latest version of PHP is version 7 but as this a vulnerable server we will need Version 5.6 to make sure the vulnerable sites we will be setting up later work properly, but the only version in the Mint repositories is the latest version 7. To get around this we need to edit the repository list to install a older version of PHP.
sudo add-apt-repository ppa:ondrej/php
Press enter to continue and the repository will install.
Now we will need to update our newly installed repositories.
sudo apt-get update
Check if you have a version of PHP already installed.
php -v
now install PHP5.6 from our updated repository.
sudo apt-get install php5.6 php5.6-mysql php-xdebug libapache2-mod-php5.6 php5.6-mbstring
just to make sure everything has installed correctly type php -v and check the version.
Next, we are going to create a PHP info page that will show PHP is Setup correctly.
firstly lets change to the root directory of our web server
cd /var/www/html/
Then using a text editor we can create our phpinfo.php file.
sudo nano phpinfo.php
when nano opens up our blank php file type..
<?php phpinfo(); ?>
…and press ctrl x to exit and it will ask you if you want to save your changes just hit y, check the file name and hit enter.
Now navigate to that PHP file in your web browser by typing
http://127.0.0.1/phpinfo.php
and you should get presented with a page like this showing you all you PHP configurations.
DVWA (Damn Vulnerable Web App)
Go to the site (link above) and click their download link which should give you a prompt asking you what you want to do with the file just click Save File and click OK, this should save the file to your downloads folder.
Open up a Terminal and we will need to navigate to where we downloaded DVWA.
cd ~/Downloads
If you do a ls you should be able to see the file you already downloaded.
Now unzip the DVWA zip file extract it into a folder called dvwa.
unzip DVWA-1.9.zip
Rename the unziped DVWA-1.9 folder to dvwa
mv DVWA-1.9 dvwa
Then move newly created dvwa folder to the apache directory.
sudo mv dvwa/ /Var/www/html/
Next navigate to the dvwa config folder so we can enter in the MySQL details to get DVWA working.
cd /var/www/html/dvwa/config/
then use a text edititor to endit the config file.
nano config.inc.php
edit the password to match the password of [email protected] which we setup earlyer in MySQL
$_DVWA = array(); $_DVWA[ 'db_server' ] = '127.0.0.1'; $_DVWA[ 'db_database' ] = 'dvwa'; $_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = '[email protected]';
now we just need to reload the apache settings
sudo service apache2 reload
Open up a Web browser and navagate to the dvwa folder we have just created
http://127.0.0.1/dvwa/
You should get presented with this Database Setup page
Anything highlighted in red needs to be dealt with before we create the databases.
PHP function allow_url_include: Disabled
To set this we need to edit our php.ini file, so first navagate to the folder that contains the php.ini file.
cd /etc/php/5.6/apache2
then open up the php.ini file in a text editor
sudo nano php.ini
Then tap Ctrl + w to do a search, type allow_url_include.
this should take you to the allow_url_include line of the PHP.ini file which should state Off
change the line to say allow_url_include =On see picture below
Hit CTRL+x to close nano and Y to save the changes we have just made.
Reload the apache2 service to make the changes available.
sudo service apache2 reload
PHP module php-gd: Missing
This can quite easly be installed from our linux reposatories.
sudo apt-get install php5.6-gd
Then we just need to restart our apache services
sudo service apache2 reload
reCAPTCHA key: Missing
Go to https://www.google.com/recaptcha/ to create and generate your own keys for the Insecure CAPTCHA module.
You will need to then login with a google account and select the big blue Get reCAPTCHA button.
Then in the Register a new site box add a label, type dvwa and in the domains type localhost, 127.0.0.1 and click Register.
You should now be given your Keys which we need to add into the config.inc.php in your DVWA folder.
With a text editor open up the config document in the dvwa folder.
nano /var/www/html/dvwa/config/config.inc.php
Edit the ReCAPTCHA settings, adding in the keys we have just got from google inbetween the two ‘ ‘. Site key going into the recapture_public_key and Secret Key going into recaptcha_private_key.
Then hit Ctrl+x to close and y to save the changes and reload the apache services.
sudo service apache2 reload
Writable folder /var/www/html/dvwa/hackable/uploads/:No
This Error means you need to make uploads a writable folder you use Chmod and chown to do this.
sudo chmod 777 /var/www/html/dvwa/hackable/uploads/ sudo chown root:root /var/www/html/dvwa/hackable/uploads/
Writable file /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt: No
same as above you need to use chmod to change the permissions on this file and make it writeable.
sudo chmod 777 /var/www/html/dvwa/external/phpids/0.6/lib/IDS/tmp/phpids_logs.txt
Now every thing should be green on our Database setup page, click Create / Reset Database button at the bottom of the DVWA setup window this will connect to MySQL and create all the required databases.
and you should now get automatically presented with the login screen.
The default username and password for this site is admin:password .
OWASP Mutillidae 2
Download the latest Mutillidae zip file from https://sourceforge.net/projects/mutillidae/files/mutillidae-project/ and save it to your downloads folder.
navigate to your downloads directory.
cd ~/Downloads
If you do a ls you should see something like LATEST-mutillidae-2.6.40.zip in this folder, we need to now unzip it.
unzip LATEST-mutillidae-2.6.40.zip
And move the unziped folder to your apache directory
sudo mv mutillidae/ /var/www/html/
Now we need to setup the Mysql Password in the MySQLHandler.php file, so mutillidae can connect to MySQL and setup the databases.
sudo nano /var/www/html/mutillidae/classes/MySQLHandler.php
Scroll down the document until you find static public $mMySQLDatabasePassword = “”; and enter [email protected] between the speech marks” ” as below.
Then hit Ctrl+x and then y to save changes.
next we need to modify the apache directory config to add index.php to be first in the list.
sudo nano /etc/apache2/mods-enabled/dir.conf
Hash (#) out the the current DirectoryIndex line and on a new line type out a new DirectoryIndex see below.
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
Ctrl + x to exit the document and hit y and enter to save.
Then you need to add php5.6-Simplexml from the Linux repositories this allows the server to easily manipulate and get XML data.
sudo apt-get install php5.6-simplexml
Then reload the apache2 service.
sudo service apache2 reload
Now open up your web browser and in the address bar type http://127.0.0.1/mutillidae and you should get a message saying the database is offline.
Click setup/reset the DB this should run through and setup all the database for you and you should get a pop-up saying No PHP or MySQL errors were detected when resetting the database.
Click OK and the page should reload and you get redirected to the Mutillidae home page.
Notice the Yellow warning message that says we don’t have php5-curl installed so open up a terminal and type.
sudo apt-get install php5.6-curl
and reload apache again.
sudo service apache2 reload
If you reload the mutillidae page, we should see the error has gone away.
Sqli-Labs
Download Sqli-labs by following this link http://github.com/Audi-1/sqli-labs/archive/master.zip and saving it to you downloads directory.
change to you downloads directory
cd ~/Downloads
if you do a ls you should see sqli-labs-master.zip in this folder now we need to unzip the folder.
unzip sqli-labs-master.zip
and then rename the unzipped folder to sqli
mv sqli-labs-master sqli
Now we need to move this folder to our apache directory
sudo mv sqli /var/www/html/
next we need add the Mysql password to the database configuration file .
sudo nano /var/www/html/sqli/sql-connections/db-creds.inc
and edit between the two ‘ ‘ for dbpass = ”; as below
then Ctrl + x to exit and hit y and enter to save.
In your web browser navigate to your sqli folder and you should get a page as below.
http://127.0.0.1/sqli/
Lastly, click Setup/reset Database for labs this will create all the databases needed.
bWAPP (Buggy Web Application)
The bWAPP home page can be found here http://www.itsecgames.com/
And you can download the latest version of bWAPP from here https://sourceforge.net/projects/bwapp/files/bWAPP/
The current version when i write this is bWAPPv2.2 https://sourceforge.net/projects/bwapp/files/bWAPP/bWAPPv2.2/bWAPPv2.2.zip/download
Save the file to your Downloads folder then navagate to your downloads folder.
cd ~/Downloads
type ls just to check bWAPPv2.2.zip is in your Downloads folder and we can now unzip it.
unzip bWAPPv2.2.zip -d bWAPP
Now move the folder to your apache directory.
sudo mv bWAPP /var/www/html/
With a text editor add the database connection settings to bWAPP
sudo nano /var/www/html/bWAPP/bWAPP/admin/settings.php
navigate to the part of the document that says // Database connection settings and add the MySQL password between the speech marks on db_password = “[email protected]”; as below.
press Ctrl + x to exit settings.php and hit y to save the file.
cd .. to go back one directory and we need to change some permissions to make the application Vulnerable.
chmod 777 passwords/ chmod 777 images/ chmod 777 documents/
after making the above permission changes, open up your web browser and navigate to the bWAPP install.php
http://127.0.0.1/bWAPP/bWAPP/install.php
you should see the bWAPP install page, just click the here to install bWAPP link.
This will quickly setup all the databases and the screen will display bWAPP has been installed sucessfully!
You can now navigate to your bWAPP installation
http://127.0.0.1/bWAPP/bWAPP/
default login and password for bWAPP is bee:bug
and thats our vulnerable Server all setup, I will be useing this setup for future tutorials, so keep checking back as i have some exciting things planned and as always please comment in the Reply box below if you have any issues setting this up or have any comments for me.
Great article I was really having issues getting this setup.
Awesome Article 🙂 Very well explained! works perfectly. Tried a lot of articles but only this worked without even a single error. Good job guys…Thanks a lot 🙂
Thanks for your comments gives me a real boost to continue writing more tutorials … enjoy your vulnerable LAMP server.
This article is very useful for me :-). while i was installing mutillidae, i stuck. Now i am clear. How do install/setup complete lap setup.
Thanks a lot. I appreciate your effort 🙂
Thanks for the comment Karthikeyan, keep coming back, there is some more exciting tutorials in the pipeline.
This article is very helpful to me. I really love u who have made this article.
Thanks for the comment Hardiansyah glad you found my blog useful.
Thanks a ton Hemp !
My hours of struggle finally got a solution from your blog !
Everything is crisp & guided very well.
Once again thanks a lot !
Hi mkerac
Thanks for youre comments.
Glad i was able to help, have fun attacking your new vulnerable LAMP server.
Hey Hemp,
Nice tutorial you’ve got there. I have downloaded buggy app but never had the time and the knowledge to properly installed it, got it configured and running.
Well, you’ve just made my life a bit easier. Cheers
Hi MiNDTH3G4p thanks for your comment, I had the same issues when I was starting out and that’s exactly the reason I made this blog post.
bWAPP team also do a Pre-built virtual machine called the bee-box which is a custom Linux image that you should have no problems adding into something like VirtualBox.
Bee-box can be downloaded from this link https://sourceforge.net/projects/bwapp/files/bee-box/
Hemp
Anyone having issues with setting the root password check out here https://www.expresstechsoftwares.com/mysql-access-denied-user-root-localhost/
Hi ccarter, I have not had any Access denied for user ‘root’ @ ‘localhost issue myself but thanks for sharing this.
If anyone else is finding this Issue please let me know here in the comments.
Hemp
Hi Hemp!
I have an error when I try to click on the button for “create /reset database”. Everything is green but I got the following error:
“Could not connect to the database service.
Please check the config file.
Database Error #2054: The server requested authentication method unknown to the client.”.
I tried to run the commands suggested in the link that ccarter provided, even I tried the solutions proposed here https://stackoverflow.com/questions/52364415/php-with-mysql-8-0-error-the-server-requested-authentication-method-unknown-to
But I am stuck in this point.
Can you help me, please?
By the way, your tutorial is amazing, thank you
Hi Moe
Hope i can help…. so if i read your question right “you are having problems with the DVWA Database setup”.
nano into the config.inc.php file
nano /var/www/html/dvwa/config/config.inc.php
and check what you have set in the DVWA array. This needs to be the same root user and password you set when you installed mysql
$_DVWA = array();
$_DVWA[ ‘db_server’ ] = ‘127.0.0.1’;
$_DVWA[ ‘db_database’ ] = ‘dvwa’;
$_DVWA[ ‘db_user’ ] = ‘root’;
$_DVWA[ ‘db_password’ ] = ‘[email protected]’;
Dont worry if you cant remember what you set it too, you can always just remove mysql with the command below and run through the mysql setup section.
sudo apt purge mysql*
or as your not to deep in, just try re-installing the VM or roll back to a checkpoint in virtual box. might be worth actually setting a checkpoint after each section as this will allow you to roll back to any point and try again.
hope this helps…. let me know what you did to fix it as others may come across the same issue.
Hemp
hey , hemp.
i wanted to download bWAPP and it told me it was a virus and allows remote access to the computer it’s installed on. look forward from hearing from you!
Hi demtions
Thanks for letting me know I got the same in windows defender even after going through the download link on the bWAPP homepage. It reported that it contains a Backdoor:php/Remoteshell.c but this is probably due to some of the buggy code that bWAPP contains. If in doubt make sure its run in a segmented network without any access to your actual network
Hemp