TABLE OF CONTENTS

1 Abstract 3
2 Web Server Lab Setup for Pentest 5
2.1 Web Server Configuration 5
2.2 Install Apache 5
2.3 Install PHP 5
2.4 Install MySQL Server 8
2.5 Install phpMyAdmin 8
2.6 Install SSH 11
2.7 Install Nmap 11
3 Set-up of Web Application Pentest Lab over Windows 14
3.1 Xampp Server Installation 14
3.2 DVWA 15
3.3 bWAPP 19
3.4 SQLI 23
3.5 Mutillidae 26
4.2 Set-up of Web Application Pentest Lab using Docker 31
5 Docker 31
4.4 Configure DVWA on Docker 33
4.5 Configure Mutillidae on Docker 38
5 Configure WebGoat on Docker 40
5.1 Configure bWAPP on Docker 42
5.2 Set-up of Web Application for Pentest over AWS 46
5.3 Prerequisite 46
5.4 Setup & Configuration of AWS Instance 46
5.5 Deployment & Connectivity 51
5.6 Install Dependencies required for Pentest-lab 54
5.7 About Us 68

www.hackingarticles.in Page | 2
 Abstract

“Whether it is port scanning or to get a reverse shell, everything is possible with Netcat.” Today in this
article we will be exploring one of the most commonly used network utility and will learn how the
other frameworks reinforce “Netcat” in order to generate a session.

www.hackingarticles.in Page | 3
www.hackingarticles.in Page | 4
Web Server Lab Setup for Pentest
Web Server Configuration
The Web server is a program that uses HTTP to serve users with files forming web pages in response
to requests transmitted by their HTTP clients.
The Web servers can also be called dedicated computers and apparatuses.

Install Apache
First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems.
Web servers are used to serve web pages requested by the client computers. So, let’s first install
Apache in the ubuntu by the following command-

apt install apache2

We have successfully installed apache2, by default apache runs on port 80.

Install PHP
Now we will install PHP 7modukle for Apache 2 and all of its dependencies. Earlier we used to install
PHP 5 module for Ubuntu 14. But now as it is not compatible in ubuntu 18.so we will install the latest
version of php which is php7.2 For this run the following command in ubuntu terminal-

apt install php7.2

www.hackingarticles.in Page | 5
As you can see, we have done with php installation.

Install MySQL Server

Now comes the next step which is the installation of MySQL server. MySQL is the famous open-source
database which was very easier to install earlier. But now it requires some changes for Ubuntu 18.
So, let’s go ahead step by step.
First, we will install MySQL server by the following command-

apt install mysql-server

www.hackingarticles.in Page | 6
So, we are done with the installation. In Ubuntu 14, MySQL did not need a password as it required
only the root user to logged in. But now it needs a password and it won’t allow the root user to log in
so we will provide a username and password of ubuntu in MySQL with the following command and as
it will ask for the password; you have to use your ubuntu password here. After it gets logged in you
will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to user
raj which will be identified with the password of ubuntu which is 123 in our case and after which we
will reset all the previous privileges so that it can start the service with the new changes. For this, the
commands are the following.

mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO
'raj'@'%' IDENTIFIED BY '123' WITH
GRANT OPTION;
flush privileges;

Great we are done with MySQL server installation, by default it runs on port 3306, now restart MySQL
service.

service mysql restart

www.hackingarticles.in Page | 7
Install phpMyAdmin
Now the next step is the installation of a phpMyAdmin software tool which is written in PHP and
which is proposed to handle the administration of MYSQL over the WEB and it also supports a wide
range of operations on MYSQL. First, we need to install phpMyAdmin by the following command-

apt install phpmyadmin

After the installation, it will ask you to choose the webserver. Here you need to choose apache2 which
will automatically be configured to run PHPMyAdmin.

Next, you will get a prompt which will be opened to configure a database for PHPMyAdmin with
dbconfig-common. Here you need to click on yes and the enter.

www.hackingarticles.in Page | 8
Again, you will get a prompt which will ask you to submit the password for phpMyAdmin, to register
with the database server. Here we have given 123 as the password as it is essential to give it a
password now.

The next step is the configuration of PHPMyAdmin under apache, for this we need to edit apache2
conf file by adding two lines at the end of this file:

nano /etc/apache2/apache2.conf
#phpMyAdmin Configuration
Include /etc/phpmyadmin/apache.conf

At the last, as shown in the image below and then save it and after the editing saves the file and restart
apache2 service.

service apache2 restart

www.hackingarticles.in Page | 9
Now open PHPMyAdmin in the browser as localhost/PHPMyAdmin as shown in the image below-

Install FTP
Now we will install FTP server in ubuntu which is used for the transfer of computer files between a
client and server on a computer network. For this run the following command in the terminal-

apt install vsftpd

As we can see in the above screenshot that ftp service has been installed in our system which runs on
port 21

www.hackingarticles.in Page | 10
Install SSH
Now the next is SSh protocol which is a method for secure remote login from one computer to
another, so let's install this service by the following command. It is installed successfully; by default, it
runs on port 22.

apt install openssh-server

Install Nmap
Now in order to check that the above services have been installed properly in our system; we will use
Nmap which is a scanner for ports and which tells us about the open ports and running services status.
So, let’s install that by the following command-

apt install nmap

www.hackingarticles.in Page | 11
Once the installation is done, we will scan our system by the following command and it will scan our
system and will come up with the desired results as you can see in the image given below-

nmap 127.0.0.1

www.hackingarticles.in Page | 12
www.hackingarticles.in Page | 13
Set-up of Web Application Pentest Lab over
Windows
Xampp Server Installation
XAMPP stand for Apache + MariaDB + PHP + Perl
XAMPP is a free and open-source cross-platform web server solution stack package developed by
Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for
scripts written in the PHP and Perl programming languages. Since most actual web server deployments
use the same components as XAMPP, it makes transitioning from a local test server to a live server
possible. (read more from Wikipedia)
Download from here
Once the installation is done, we need to start the service of Mysql and Apache service in Xampp
server.

www.hackingarticles.in Page | 14
DVWA
DVWA is a web application that is damn sensitive to PHP / MySQL. The main objectives are to provide
security professionals with assistance to test their skills and resources in a legal environment, enable
web developers to better understand the processes of protecting web applications and assist
teachers/students to teach/learn protection in the classroom.
Download from here
Once the DVWA is installed completely then we will navigate
to C:/Xampp/htdocs/dvwa/config.inc.php.dist to change the username and password for the
database.
Open the configuration file to set the Username and Password.

Here, you can notice that the default username is root and password is the password which we will
modify.

www.hackingarticles.in Page | 15
Now here you may notice that we have set the password “blank” for user “root”. Now save these
settings and quit.

Rename the file as “config.inc.php” after making above changes and save it.

Now we need to open the DVWA application in our localhost to create the database.

http://localhost/dvwa/setup.php

www.hackingarticles.in Page | 16
Now click on create database and database is created.

www.hackingarticles.in Page | 17
Now click on login and you are done with the setup.

For login, we will use the DVWA username which is admin and password which is DVWA password by
default.

www.hackingarticles.in Page | 18
bWAPP
Now let’s set up a new lab which is BWAPP.
BWAPP is a free, open-source and intentionally unreliable web application, or a web buggy program.
It helps security enthusiasts, designers and students discover Web bugs and stop them from doing so.
BWAPP plans for positive penetration tests and cyber ethics initiatives.
Download it from here.
Now navigate to “C:/Xampp/htdoc/bwapp/admin” folder to change the default username and
password for the database.

Now you can see that the default username is root and password is bug which we will modify.

Now here the username is root and password we have set blank. Now save the settings and quit.

www.hackingarticles.in Page | 19
Now let’s open “bwapp/install.php” in the localhost and click on “here” to complete the installation.

Now the installation is complete.

www.hackingarticles.in Page | 20
When you will log in as bee: bug; you will get the portal to test your penetration testing skill

Here you can click on bugs and all bugs will be displayed to you which are there in bwapp web
application.

www.hackingarticles.in Page | 21
www.hackingarticles.in Page | 22
SQLI
SQLi: A facility that provides a robust testing environment for those involved in SQL injection
acquisition and enhancement. Let’s start. First, we will download the SQLI lab through GitHub.
Now we will navigate to C:/htdocs/sqlilabs/sqli-connections to edit the setup-db.php.

Now here we will set the password “blank” and save the changes and then quit.

Now browse this web application from through this URL: localhost/sqli and click on Setup/reset
Databases for labs.

www.hackingarticles.in Page | 23
Now the sqli lab is ready to use. Now a page will open up in your browser which is an indication that
we can access different kinds of Sqli challenges

www.hackingarticles.in Page | 24
Now you can see that we have opened lesson 1. So, we have successfully set Sqli labs for practice.

www.hackingarticles.in Page | 25
Mutillidae
OWASP Mutillidae is an open-source web application that is intentionally vulnerable and actively aims
at web security. It’s a laboratory for those involved in SQL injection acquisition and development,
which offers a full test environment. This internet hacking framework is simple to use and is designed
for labs, safety lovers, schools, CTFs and vulnerability assessments.
First, we will navigate to “C:/Xampp/htdocs/Mutillidae/includes” to edit the “database-config.php”
as shown below.

Here we can see that password is set Mutillidae which we will replace with blank.

www.hackingarticles.in Page | 26
You can view that we have set the password “blank”. Now save the settings and quit.

Now you can see the page where you need to click on opt-out tap.

www.hackingarticles.in Page | 27
Now we will open this our local browser by the following URL: localhost/Mutillidae where we will find
an option of reset database. Just click on it to reset the database. So, In this way, we can set up our
vulnerable web application lab for penetration testing.

www.hackingarticles.in Page | 28
Now you will be redirected to a page which will ask you to click ok to proceed. Here you need to click
on OK and you are done with the configuration of the Mutillidae lab.

www.hackingarticles.in Page | 29
We have successfully set all the web applications in Xampp server in Windows.

www.hackingarticles.in Page | 30
Set-up of Web Application Pentest Lab
using Docker
Docker
Docker is a third-party tool developed to create an isolated environment to execute any application.
These applications are run using containers. These containers are unique because they bring together
all the dependencies of an application into a single package and deploy it. Now, to work with docker
you will need to install docker-engine in your host.
Run following the command to install docker:

apt update
apt install docker.io

www.hackingarticles.in Page | 31
Then execute the following command to start and enable the service of docker:

systemctl start docker

systemctl enable docker

And we have installed docker version 18.09.7 in our local machine.

www.hackingarticles.in Page | 32
Configure DVWA on Docker
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
Its main goal is to be an aid for security professionals to test their skills and tools in a legal
environment, help web developers better understand the processes of securing web applications and
to aid both students & teachers to learn about web application security in a controlled classroom
environment.
The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of
difficulty, with a simple straightforward interface. Please note, there are both documented and
undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and
discover as many issues as possible.
To install and configure DVWA through docker is quite simple then manual approach, you can search
for its docker image directly by typing following command on the terminal.

docker search web-dvwa

www.hackingarticles.in Page | 33
Here you can observe that it has shown the docker image for dvwa as per given rating and even you
can search for the same over the internet. You will obtain the same output as shown below.

Now we can directly pull the package by executing the following command:

docker pull vulnerables/web-

dvwa

www.hackingarticles.in Page | 34
And then to start docker service for dvwa; enter below command in your terminal.

docker run -p 80:80 vulnerables/web-dvwa

Good! We have successfully configured the dvwa lab in ubuntu as we can see that we are welcomed
by the login page.

www.hackingarticles.in Page | 35
Enter the following URL and click on Create/Reset Database.

http://localhost/dvwa/setup.php

www.hackingarticles.in Page | 36
Once the database will get create you can login into an application to access the web console.

And we have our DVWA application ready for use, thus we can see it required very less effort.

www.hackingarticles.in Page | 37
Configure Mutillidae on Docker
OWASP Mutillidae is a free open source purposely vulnerable web application providing an
enthusiastic goal for web security. It’s a laboratory which provides a complete test environment for
those who are interested in SQL injection acquisition or improvement. This is an easy-to-use Web
hacking environment designed for laboratories, security lovers, classrooms, CTFs, and vulnerability
assessment targets, and has dozens of vulnerabilities and tips to help the user.
Similarly, we can run Mutillidae using docker without wasting much time in the manual configuration.
Repeat the same step as done before, first pull the package and then use the docker to start Mutillidae
over a specific port.

docker pull szsecurity/mutillidae

docker run -p 1337:80 szsecurity/mutillidae

www.hackingarticles.in Page | 38
This time we had chosen port 1137 to launch the Mutillidae application. Thus, we will open this our
local browser by the following URL: localhost:1337 where we will find an option of reset database.
Just click on it to reset the database.

www.hackingarticles.in Page | 39
Configure WebGoat on Docker
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web
application security lessons.
This program is a demonstration of common server-side application flaws. The exercises are intended
to be used by people to learn about application security and penetration testing techniques.
Similarly, we can run WebGoat using docker without wasting much time in the manual configuration.
Repeat the same step as done before, first pull the package and then use the docker to start WebGoat
over a specific port.

docker pull szsecurity/webgoat

docker run -p 1337:80 szsecurity/webgoat

www.hackingarticles.in Page | 40
To access the webgoat application run following URL in the web browser.

http://localhost:1337/WebGoat

www.hackingarticles.in Page | 41
Configure bWAPP on Docker
A buggy web application that is purposely unsafe. Enthusiasts of security, system engineers,
developers can find out about Web vulnerabilities and prevent them.
Repeat the same approach and execute the following command to pull its docker image.

docker pull raesene/bwapp

Then use the docker to start WebGoat over a specific port.

docker run -d -p 8080:80 raesene/bwapp

www.hackingarticles.in Page | 42
Now go to your browser and open bWAPP installation file by the following command and click on here
as shown in the image below

http://localhost:8080/install.php

Now you will get a login page of bWAPP where we will use the default username which is bee and
default password which is a bug and you are logged in in bWAPP.

www.hackingarticles.in Page | 43
Enter the credential bee: bug and get access to the web console.

www.hackingarticles.in Page | 44
www.hackingarticles.in Page | 45
Set-up of Web Application for Pentest over
AWS
Prerequisite
To set up your pen-testing environment, you must have AWS account or if not then create an AWS
account and log in your account.

Setup & Configuration of AWS Instance

Let’s walk through the process of setting up the lab, we will be making an EC2 instance with Ubuntu
Server 18.04 LTS on it. An EC2 instance is referred to as a virtual server in Amazon’s Elastic Compute
Cloud (EC2) for running applications on the AWS infrastructure. The good thing is that this will not cost
you anything to build as AWS has options to set up instances within a certain computing level that are
not charged for.

1. Open the EC2 console in AWS.

2. Navigate to “Launch Instance” and click on “Launch Instance”.

www.hackingarticles.in Page | 46
3. Choose the Amazon machine image (AMI), this is similar to finding the iso file of the OS that you
want on your instance. AWS has you covered with most of the popular OS’s available in its inventory.
4. Here we looked for ubuntu.
5. Now that we see the OS that we want running on our instance, we need to choose the “64-bit (x86)”.

www.hackingarticles.in Page | 47
6. We now need to choose our instance type, to define the amount of hardware this instance will
have, we choose the “t2.micro”. This gives us I virtual CPU and 1 GB of RAM.

For most general-purpose workloads, T2 Unlimited instances will provide ample performance without
any additional charges.
Features:
• High-frequency Intel Xeon processors
• Burstable CPU, governed by CPU Credits, and consistent baseline performance
• Lowest-cost general purpose instance type, and Free Tier eligible*
• Balance of compute, memory, and network resources
Read more from here

7. Once we click on “Review and Launch”, the rest of the options are left as they are, and we click on
“launch”.

www.hackingarticles.in Page | 48
8. Now let’s launch the instance which will create a key pair to your instance and complete the launch
process.

This is a very important step, this is what makes it possible for you to connect to your instance over
SSH, the key pair.
9. Choose “Create a new key pair”, give it a name, them download and save the .pem file somewhere
where you can keep it safe.

www.hackingarticles.in Page | 49
AWS gives you the launch status, tells you about the launch process and shows you that your instance
is now launching.
9. Now click on “View Instances” to see what’s happing with our Ubuntu server. Note that it takes a
few minutes for the server to be fully deployed, so be patient. Now we see under “Status check” that
we have our 2/2 checks, this essentially means that our instance is fully deployed and ready for us to
connect to.

www.hackingarticles.in Page | 50
Deployment & Connectivity

This is the good part, where we get to deploy and connect to our instance in AWS.
1. We choose our instance and click on “Connect”, this takes us to a page with options that defines
how we want to connect to our instance, and we choose to connect using a standalone SSH client.

2. Enter the name for your Instance ID, so that you can easily identify the instance ID from its name.

www.hackingarticles.in Page | 51
AWS is very helpful in giving us the particulars for our connection, like the commands to use.

There are many applications you can choose from to connect to the instance, we are connecting to it
from Kali Linux.

3. We first make sure that the .pem file that we saved has the right permissions assigned to it, in this
case, it needs to be only ‘read’. Once that is done, we put in the SSH particulars provided by AWS.

Syntax: ssh -I “key.pem”

AMIuser@instance-Public-DNS

www.hackingarticles.in Page | 52
4. The .pem file is defined so that the SSH operation knows where the keys are located and that’s it,
we are in !! We connect and get to root.

www.hackingarticles.in Page | 53
Install Dependencies required for Pentest-lab
Ubuntu is up and running now, let’s start it for our pentest purposes, in order to do that we need to
have the basic dependencies installed so that we can access web application like DVWA, etc.

Apache

First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems.
Web servers are used to serve web pages requested by the client computers.
1. So, let’s first install Apache in the ubuntu by the following command.

apt install apache2

We have successfully installed apache2, by default apache runs on port 80

For Apache to function properly we need to open port 80, so let’s get to it. We need to edit the security
group in order for the Apache service to work. Ports are closed by default in AWS, so we can define
what we want open.
2. Go to your instance and launch the security groups wizard-1.

www.hackingarticles.in Page | 54
3. Edit the inbound rules and add HTTP, using TCP protocol over port 80.

4. The rule has been added, now click on save.

5. Now to validate that Apache is running on our Ubuntu server, we access the IP of the instance in a
browser.

www.hackingarticles.in Page | 55
MySQL – Server

The next step is to install MySql-server. This is fairly simple, just type in the command and let Ubuntu
do the rest.

apt install mysql-server

PHP
Installing PHP 7.2, simply type the following command.

apt install php7.2

www.hackingarticles.in Page | 56
Configuring MySQL
Let’s configure MySQL so we have the right kind of credentials for our setup. After it gets logged in
you will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to
user raj which will be identified with the password of ubuntu which is 123 in our case and after which
we will reset all the previous privileges so that it can start the service with the new changes. For this,
the commands are the following.

mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'raj'@'%'
IDENTIFIED BY '123' WITH GRANT OPTION;
flush privileges;

www.hackingarticles.in Page | 57
PHPMyAdmin

We need to install phpMyAdmin as well, here is how you do it.

apt install phpmyadmin

Phpmyadmin needs to be configured, it needs to know that we want to use apache2 as

our web server.
Next, we need to give it the password that we kept while setting up MySQL.

www.hackingarticles.in Page | 58
Lab Setup
We are done with installing all the dependencies for our setup and are now ready to install our pentest
labs.

DVWA
Let’s navigate to the “HTML” folder to download and install DVWA. Once that is done, we need to
move the config.inc.php.dist file for further configurations.

cd /var/www/html
git clone
https://github.com/ethicalhack3r/DVWA
cd /dvwa/config
mv config.inc.php.dist config.inc.php

Open the config.inc.php file in a text editor and put in the database credentials that we had set
up earlier. We only need to modify 2 fields: db_user and db_password.

www.hackingarticles.in Page | 59
Now we open DVWA in our web browser and click on “Create/Reset Database”.

www.hackingarticles.in Page | 60
Time, to login to our DVWA!

SQL Injection – Dhakkan

Our vulnerable web app is up and running, now we want to install a lab for SQL injections, we will be
using the Dhakkan sqli lab.
Here’s how to set it up. We download it into the HTML folder to host it, next we move the “sqlilabs”
folder to the “sqli”. Next, we need to edit the database credentials so that the lab can function
properly. Open the db-creds.inc file in a text editor.

git clone
http://github.com/Rinkish/Sqli_Edited_Versi
on
cd Sqli_Edited_Version/
ls
mv sqlilabs/ ../sqli
cd sqli
cd sql-connections/

www.hackingarticles.in Page | 61
Now that the file is open, we put in the username and password.

www.hackingarticles.in Page | 62
Now browse this web application from through this Public-DNS/sqli and click on Setup/reset
Databases for labs. Now the sqli lab is ready to use.

Success! Sqli is up and running.

www.hackingarticles.in Page | 63
OWASP Mutillidae II

Last but not least, we will install OWASP Mutillidae II and that will conclude our setup for now.
So, let’s start by navigating to the “HTML” folder and downloading Mutillidae. Once downloaded, we
navigate to the “includes” folder.

git clone
https://github.com/webpwnized/mutillidae
cd mutillidae
cd includes
ls
nano database-config.inc

Once in, modify the database access file to prove the credentials we had set up earlier.

www.hackingarticles.in Page | 64
Now we will open this our local browser by the following URL: Public-DNS/Mutillidae where we will
find an option of reset database. Just click on it to reset the database. Let’s launch Mutillidae using
our browser.

Voila!! Your Ubuntu instance is ready for you to start your AWS pentest journey. You have your
connectivity, dependencies and labs all configured and ready to go.

www.hackingarticles.in Page | 65
Reference

• https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/
• https://www.hackingarticles.in/cross-site-scripting-exploitation/
• https://portswigger.net/web-security/cross-site-scripting/dom-based
• https://www.acunetix.com/websitesecurity/detecting-blind-xss-vulnerabilities/
• https://owasp.org/www-community/attacks/xss/
• https://www.w3schools.com/

Additional Resources

• https://www.hackingarticles.in/comprehensive-guide-on-unrestricted-file-upload/
• https://www.hackingarticles.in/comprehensive-guide-on-remote-file-inclusion-rfi/
• https://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2/
• https://www.hackingarticles.in/hack-remote-windows-10-pc-using-hta-web-server/

www.hackingarticles.in Page | 66
www.hackingarticles.in Page | 67
 About Us
“Simple training makes Deep Learning”

“IGNITE” is a worldwide name in IT field. As we provide high-quality cybersecurity training and

consulting services that fulfil students, government and corporate requirements.

We are working towards the vision to “Develop India as a Cyber Secured Country”. With an outreach
to over eighty thousand students and over a thousand major colleges, Ignite Technologies stood out
to be a trusted brand in the Education and the Information Security structure.

We provide training and education in the field of Ethical Hacking & Information Security to the
students of schools and colleges along with the corporate world. The training can be provided at the
client’s location or even at Ignite’s Training Center.

We have trained over 10,000 + individuals across the globe, ranging from students to security experts
from different fields. Our trainers are acknowledged as Security Researcher by the Top Companies like
- Facebook, Google, Microsoft, Adobe, Nokia, Paypal, Blackberry, AT&T and many more. Even the
trained students are placed into a number of top MNC's all around the globe. Over with this, we are
having International experience of training more than 400+ individuals.

The two brands, Ignite Technologies & Hacking Articles have been collaboratively working from past
10+ Years with about more than 100+ security researchers, who themselves have been recognized by
several research paper publishing organizations, The Big 4 companies, Bug Bounty research programs
and many more.

Along with all these things, all the major certification organizations recommend Ignite's training for its
resources and guidance.

Ignite's research had been a part of number of global Institutes and colleges, and even a multitude of
research papers shares Ignite's researchers in their reference.

www.hackingarticles.in Page | 68
www.hackingarticles.in Page | 69
www.hackingarticles.in Page | 70