Small penetration testing challenge I set up on my Raspberry Pi for my classmates.

I have started with a freshly installed Raspbian on a Raspberry Pi B.

##Configure your pi## Expand, change root password, optionally change locale.

sudo raspi-config
sudo reboot

##Update everything just to make sure##

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

##Install the necessearry packages## For the mysql choose a root password different from your user password.

sudo apt-get install apache2 -y
sudo apt-get install php5 libapache2-mod-php5 -y
sudo apt-get install mysql-server php5-mysql -y
sudo apt-get install php5-curl php-pear php5-gd -y
sudo reboot

###Mark's Pentest Challenge### Clone this repository to /etc/www/html

cd /etc/www/html
sudo git clone https://github.com/markszabo/Marks-Pentest-Challenge.git

Move everything to /etc/www/html.

sudo mv Marks-Pentest-Challenge .

Change the ownership of the files

sudo chown www-data:www-data . -R

##OWASP Mutillidae II## Copy the direct download link from the sourceforge website and use wget to download it to /etc/www/html folder on the pi.

cd /etc/www/html
sudo wget http://downloads.sourceforge.net/project/mutillidae/mutillidae-project/LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet

Unzip it and delete the zip

sudo unzip LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet
sudo rm LATEST-mutillidae-2.6.36.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmutillidae%2F&ts=1455613489&use_mirror=heanet

Change the sql config file under mutillidae/classes/MySQLHandler.php

sudo nano mutillidae/classes/MySQLHandler.php
static public $mMySQLDatabasePassword = "write_your_sql_password_here";

You can also create a spearate sql user for mutillidae and setup it here. Now change the ownership of the mutillidae directory to enable full access for apache.

sudo chown www-data:www-data mutillidae -R

Now setup the database table. Open your browser and go to http://192.168.0.103/mutillidae/set-up-database.php (change the ip to your pi's ip). You should be greated with a popup: No PHP or MySQL errors were detected when resetting the database. Click OK to proceed to http://192.168.0.103/mutillidae/index.php?page=home.php&popUpNotificationCode=SUD1 or Cancel to stay on this page. Cick OK, and you are done with the setup.

##OWASP Hackademic Challenges Project## Go to /etc/www/html and clone the git repository of the project.

cd /etc/www/html
sudo git clone https://github.com/Hackademic/hackademic.git

Change the ownership and permissions of the directory

sudo chown www-data:www-data hackademic -R
sudo chmod -R 765 hackademic

Now it is time to setup the project. Open your browser and go to http://192.168.0.103/hackademic/. Follow the on-screen setup, and you are done.

Originally Hackademic requries the admin to activate every user account after registration, and the users can not use it beforehand. My setup will be only available on the local network, so I wanted to turn off this feature. To do it I edited the following php file:

sudo nano hackademic/controller/class.LoginController.php
(...)
} if ($user->is_activated != 1){
 header('Location:'.SOURCE_ROOT_PATH."pages/mainlogin.php?msg=activate");
}
(...)

Clearly this part of the code is responsibe for displaying the error message and refusing the login. So I changed the if to never execute: if ($user->is_activated != 1 && 1 == 2).

##Damn Vulnerable Web App## Copy the url of the zip from the projects website and download it to /etc/www/html. Unzip and remove the zip.

cd /etc/www/html
sudo wget https://github.com/RandomStorm/DVWA/archive/v1.9.zip
sudo unzip v1.9.zip 
sudo rm v1.9.zip 

Edit the sql config file. Fill in your sql username and password. Also register on https://www.google.com/recaptcha/admin/create and insert your public and private key.

sudo nano DVWA-1.9/config/config.inc.php

Rename and change the ownership

sudo mv DVWA-1.9 dvwa
sudo chown www-data:www-data dvwa -R

Now open your browser and go to http://192.168.0.103/dvwa/. If it is complaining about something, try to fix it. For me it said PHP function allow_url_include: Disabled, so I went to the /etc/php5/apache2/php.ini and changed this line allow_url_include = Off to on. Then I restarted the webserver with sudo service apache2 restart, and it was working.

##WackoPicko Vulnerable Website## (This is not working right now for me. I'm working on it.) Clone the code from github.

cd /etc/www/html
sudo git clone https://github.com/adamdoupe/WackoPicko.git

Import the WackoPicko database into MySQL using a command like the following. This will create the MySQL user wackopicko with the password webvuln!@# as well as create the wackopicko table.

cd WackoPicko
mysql -uYourSqlUserName -pYourSqlPassword < current.sql

Move the folders, delete the old ones, change ownership and provide the necessearry rights.

cd ..
sudo mv WackoPicko/website/ wackopicko
sudo rm WackoPicko/ -R
sudo chmod 777 -R wackopicko/upload
sudo chown www-data:www-data wackopicko -R