OWASP Mutillidae II: Keep Calm and Pwn On
Version: 2.7.11 Security Level: 0 (Hosed) Hints: Enabled (1 - Try easier) Not Logged In
Home | Login/Register | Toggle Hints| Show Popup Hints | Toggle Security | Enforce SSL | Reset DB | View Log | View Captured Data
 
Want to Help?
 
Webpwnized YouTube Channel
Video Tutorials
 
Webpwnized Twitter Channel
Announcements
 
Webpwnized Twitter Channel
Getting Started
 
Installation Instructions


Overview

YouTube Several videos provide comprehensive, step-by-step instructions

YouTubeHow to Create Ubuntu Virtual Machine (VirtualBox)
YouTubeHow to Install VirtualBox Guest Additions (Linux)
YouTubeHow to Create Ubuntu Virtual Machine (VMware)
YouTubeLAMP Stack: Part 1 - How to Install Apache Web Server
YouTubeLAMP Stack: Part 2 - How to Install PHP
YouTubeLAMP Stack: Part 3 - How to Install MySQL Server
YouTubeHow to Install PHP Curl Library
YouTubeHow to Install PHP XML Library
YouTubeHow to Install PHP mbstring Library
YouTubeHow to Display Errors in PHP Pages
YouTubeHow to Install Mutillidae on Linux
YouTubeHow to Create Self-Signed Certificate in Apache
YouTubeHow to Create Virtual Hosts in Apache


Other Installation Options

Samurai Web Testing Framework
Samurai WTF is a free virtual environment. Within Samurai is several vulnerable web applications pre-configured to test for vulnerabilities. One of the applications is Mutillidae.
XAMPP (Windows , Linux , Mac OS X )
1. XAMPP is a single installation package which bundles Apache web server, PHP application server, and MySQL database. XAMPP installs Apache and MySQL as either an executable or services and can optionally start these services automatically. Once installed XAMPP provides an "htdocs" directory. This directory is "root" meaning that if you browse to http://localhost/, the web site in that "htdocs" folder is what will be served. Mutillidae is installed by placing the multillidae folder into the htdocs folder. The result is that mutillidae is a sub-site served from the mutillidae folder. This makes the URL for mutillidae http://localhost/mutillidae.
The mutillidae files are already in a folder called "mutillidae" when the project is zipped. All that is required is to put the mutillidae folder into the htdocs directory.
The Mutillidae package can be unzipped into htdocs to install Mutillidae. Simply unzip the compressed mutillidae folder right into the htdocs folder. When you are done, the "mutillidae" folder will be inside the "htdocs" folder of XAMMP. All the Mutillidae files are inside that "mutillidae" fodler. Assuming Apache and MySQL are running, the user can open a browser and immediately begin using Mutillidae at http://localhost/mutillidae. Apache automatically serves "index.php" which is located in the mutillidae folder.
2. Download and install "XAMPP" or "XAMPP Lite" for Windows or Linux. If installing on Windows, when the installation asks if you want to install Apache and MySQL as services, answer "YES". This allows both to run as Windows services and be controlled via services.msc. Run services.msc by typing "services.msc" at the command line. (Start - Run - services.msc - Enter)
3. Download Mutillidae
4. Unzip Mutillidae. Note the mutillidae project is in a folder called "mutillidae"
5. Place the entire "mutillidae" directory into XAMPP " htdocs" directory
6. Browse to mutillidae at http://localhost/mutillidae
7. Click the "Setup/reset the DB" link in the main menu.
Important note: If you use XAMPP Lite or various version of XAMPP on various operating systems, the path for your php.ini file may vary. You may even have multiple php.ini files in which case try to modify the one in the Apache directory first, then the one in the PHP file if that doesnt do the trick.
Windows possible default location C:\xampp\php\php.ini, C:\XamppLite\PHP\php.ini, others Linux possible default locations: /XamppLite/PHP/php.ini, /XamppLite/apache/bin/php.ini, others
8. By default, Mutillidae tries to connect to MySQL on the localhost with the username "root" and a password of "mutillidae". To change this, edit "includes/database-config.php" with the correct information for your environment.
9. NOTE: Once PHP 6.0 arrives in XAMPP, E_ALL will include E_STRICT so the line to change will probably read "error_reporting = E_ALL". In any case, change the error_reporting line to "error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECIATED".
10. NOTE: Be sure magic quotes is disabled. In XAMMP it seems to be but using MMAP for Apple OS/X seems to have it enabled by default. Just make sure magic quotes is set to off in whatever framework is being used. This setting is in PHP.ini. This includes magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase.
Custom Linux ISO
Using the Samurai Web Testing Framework as the base operating system, any version of Mutillidae can be installed in addition to the version which comes standard with Samurai. From this custom set-up, a custom ISO can be generated using the Remastersys package.
With Samurai, Mutillidae is installed into the /srv/mutillidae directory. To install different versions of Mutillidae and make a custom Linux ISO, the following recipe can be followed:
1. Locate the default installation directory of Mutillidae
2. Rename the current installation. For example rename the "mutillidae" folder to "mutillidae.bak".
3. Download the latest version of mutillidae
4. Unzip the "mutillidae" folder from the latest version to the installation directory.
5. Test that mutillidae is updated by browsing to http://localhost/mutillidae
6. Make any changes to Linux, Firefox, or other software desired
7. Ensure the current Remastersys installation is clean by running the command "sudo remastersys clean"
8. When ready to create the new ISO, run the command "sudo remastersys backup"
9. The custom ISO will be found in the /home/remastersys/remastersys directory
Virtual Machine
Any of the previously mentioned installation options work equally well in virtual environments
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; [email protected])
PHP Version: 7.2.24-0ubuntu0.18.04.13