Setting Up Mutillidae locally
Environment Setup
First, the following dependencies are needed:
- Php.7.4
- Php-xml
- Php-mbstring
- php-curl
cd to var/www/html and download the Mutillidae package in this directory, to render the Mutillidae server by localhost after installation.
Command to install it:
git clone https://git.code.sf.net/p/mutillidae/git mutillidae[17]
After that we need to ensure that apache2 is running (service apache2 start command to start the server. Navigating to localhost/mutillidae should now render the Mutillidae server. Initial configuration must be done as its attempting to connect to the server via root. Default DB password should be mutillidae. To do this: (updates on syntax after mariadb 10.4[18] )
This has changed the syntax for setting password see[19] However, to ensure root has password ‘mutillidae’ we will use:
- ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘mutillidae’;
and then flush privileges; to commit the changes.
MariaDB Issues
If we try to set the password we might lack the permissions to do so: [20]
Sometimes the lack of permissions is due to an error: when trying to grant remote connections privileges of a particular database, to a root user on MySQL server by running the command.
Issues:
Setting burp for firefox new version:
- Try one of these:
- (for firefox) go to about:config and change network.proxy.allow_hijacking_localhost to true.
Hopefully it works.
References
[17]SourceForge. 2021. OWASP Mutillidae II. [online] Available at: https://sourceforge.net/projects/mutillidae/ .
[18]MariaDB KnowledgeBase. 2021. Upgrading from MariaDB 10.4 to MariaDB 10.5. [online] Available at: https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/ .
[19]MariaDB KnowledgeBase. 2021. SET PASSWORD. [online] Available at: https://mariadb.com/kb/en/set-password/ .
[20]table, M., 2021. MySQL Error #1133 - Can’t find any matching row in the user table. [online] Stack Overflow. Available at: https://stackoverflow.com/questions/12877458/mysql-error-1133-cant-find-any-matching-row-in-the-user-table .