Small penetration testing challenge I set up on my Raspberry Pi for my classmates.
I have started with a freshly installed Raspbian on a Raspberry Pi B.
Expand, change root password, optionally change locale.
sudo raspi-config
sudo reboot
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
For the mysql choose a root password different from your user password.
sudo apt-get install apache2 -y
sudo apt-get install php5 libapache2-mod-php5 -y
sudo apt-get install mysql-server php5-mysql -y
sudo apt-get install php5-curl php-pear php5-gd -y
sudo reboot
Clone this repository to /etc/www/html
cd /etc/www/html
sudo git clone https://github.com/markszabo/Marks-Pentest-Challenge.git
Move everything to /etc/www/html.
sudo mv Marks-Pentest-Challenge .
Change the ownership of the files
sudo chown www-data:www-data . -R
Copy the direct download link from the sourceforge website and use wget to download it to /etc/www/html folder on the pi.
cd /etc/www/html
sudo wget http://downloads.sourceforge.net/project/mutillidae/mutillidae-project/LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet
Unzip it and delete the zip
sudo unzip LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet
sudo rm LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet
Change the sql config file under mutillidae/classes/MySQLHandler.php
sudo nano mutillidae/classes/MySQLHandler.php
static public $mMySQLDatabasePassword = "write_your_sql_password_here";
You can also create a spearate sql user for mutillidae and setup it here. Now change the ownership of the mutillidae directory to enable full access for apache.
sudo chown www-data:www-data mutillidae -R
Now setup the database table. Open your browser and go to http://192.168.0.103/mutillidae/set-up-database.php
(change the ip to your pi's ip). You should be greated with a popup: No PHP or MySQL errors were detected when resetting the database. Click OK to proceed to http://192.168.0.103/mutillidae/index.php?page=home.php&popUpNotificationCode=SUD1 or Cancel to stay on this page.
Cick OK, and you are done with the setup.
Go to /etc/www/html and clone the git repository of the project.
cd /etc/www/html
sudo git clone https://github.com/Hackademic/hackademic.git
Change the ownership and permissions of the directory
sudo chown www-data:www-data hackademic -R
sudo chmod -R 765 hackademic
Now it is time to setup the project. Open your browser and go to http://192.168.0.103/hackademic/
. Follow the on-screen setup, and you are done.
Originally Hackademic requries the admin to activate every user account after registration, and the users can not use it beforehand. My setup will be only available on the local network, so I wanted to turn off this feature. To do it I edited the following php file:
sudo nano hackademic/controller/class.LoginController.php
(...)
} if ($user->is_activated != 1){
header('Location:'.SOURCE_ROOT_PATH."pages/mainlogin.php?msg=activate");
}
(...)
Clearly this part of the code is responsibe for displaying the error message and refusing the login. So I changed the if to never execute: if ($user->is_activated != 1 && 1 == 2)
.
Copy the url of the zip from the projects website and download it to /etc/www/html. Unzip and remove the zip.
cd /etc/www/html
sudo wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
sudo unzip v1.9.zip
sudo rm v1.9.zip
Edit the sql config file. Fill in your sql username and password. Also register on https://www.google.com/recaptcha/admin/create and insert your public and private key.
sudo nano DVWA-1.9/config/config.inc.php
Rename and change the ownership
sudo mv DVWA-1.9 dvwa
sudo chown www-data:www-data dvwa -R
Now open your browser and go to http://192.168.0.103/dvwa/
. If it is complaining about something, try to fix it. For me it said PHP function allow_url_include: Disabled
, so I went to the /etc/php5/apache2/php.ini
and changed this line allow_url_include = Off
to on
. Then I restarted the webserver with sudo service apache2 restart
, and it was working.
(This is not working right now for me. I'm working on it.) Clone the code from github.
cd /etc/www/html
sudo git clone https://github.com/adamdoupe/WackoPicko.git
Import the WackoPicko database into MySQL using a command like the following. This will create the MySQL user wackopicko with the password webvuln!@# as well as create the wackopicko table.
cd WackoPicko
mysql -uYourSqlUserName -pYourSqlPassword < current.sql
Move the folders, delete the old ones, change ownership and provide the necessearry rights.
cd ..
sudo mv WackoPicko/website/ wackopicko
sudo rm WackoPicko/ -R
sudo chmod 777 -R wackopicko/upload
sudo chown www-data:www-data wackopicko -R