Introduction to Mutillidae

Mutillidae is a set of PHP Vulnerable Scripts that implement the OWASP for testing and teaching purposes. Top 10

It has been done in such a way that it is easy to demonstrate common attacks to others. Feel free to use it in your own classes. Many web app hobbyists and professionals used PHP, and it’s pretty easy to pick up the basics of the language.

Features of the Mutillidae project:

1. Make the code and examples simple to understand so as to get the point across of how a given vulnerability works. With some of the stuff in Webgoat it is s a little hard to figure how to exploit the code, Mutillidae almost exploits itself. My app won’t be very realistic, but it should illustrate the core concepts well.

2. Be geared in such a way that it’s easy to update with new modules and hints.

3. Easy to install and run. Just download XAMPP Lite for Windows or Linux, put the scripts in the htdocs directory, and click the “Setup/reset the DB” link in the main menu.

Download most recent version of Mutillidae from the link: http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

Installation procedure:

Extract the files somewhere in the htdocs folder of XAMPP (for example htdocs/mutillidae). Also, it should go without saying that you should NOT run this code on a production network. Either run it on a private network, or restrict your web server software to only use the local loopback address. You can do that by finding the “Listen” line in the http.conf file and changing it to read: Listen 127.0.0.1:80

Run xampp apache server and then type in http://localhost/mutillidae . A page will appear to try top ten vulnerabilities. Try to play with these vulnerabilities and explore it more for fun.

Creating Drive-by-download using Metasploit

Today we will discuss how to create a ‘drive by download’ using Metasploit.

“Drive-by-download is a type of injection to the target system. When client requests for a service from Hackers machine prepared by Black Hat, some malicious data or programs gets downloaded to client system without the knowledge of client.”

There is a module named as browser_autopwn written by ‘EGYPT’ to create such an exploit. To start the steps of creating drive-by-download, first update the metasploit and run it. This auxiliary resides in ‘server/browser_autopwn’. Type the command ‘use server/browser_autopwn’ and gets information about it using ‘info’ command. This module comes with several loaded payloads of reverse_tcp connections. We need to configure two main things: lhost which is IP address of host machine interface connected to remote machines and URIPATH which is path down in directory of IP address of server. You can check the loaded payloads using ‘set’ command, it will show all the attributes with their values set.

When we execute the exploit command, several payloads get loaded and server is started to listen on port 8080 with specified IP address. From the client computer, in the browser type IP address of server with port number and URIPATH like ‘http://192.168.80.101:8080/uripath’. The client system automatically downloads some programs from meterpreter library and opens a session (shell window accessing memory of target machine) on hacker’s machine. Then session of meterpreter is automatically migrated to another process (notepad.exe) and it becomes difficult to identify the exploit on client machine.

This drive-by-download can be loaded and exploited on such browser which has this vulnerability. Fully patched or newer versions got patched or do not have this vulnerability, so this exploit cannot be done in Win 7 explorer and Linux Ubuntu explorer.