Installing XAMPP and DVWA on BackTrack 5r3

What is DVWA? Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

A step by step guide on how to install XAMPP and DVWA on BackTrack Linux. 

Before we begin, download the following:

> Xampp for Linux: http://www.apachefriends.org/en/xampp-linux.html#374

> DVWA: http://sourceforge.net/projects/dvwa/

Once downloaded, put it into a folder in this case i created a folder in the Desktop called Tools. Then cd into the folder.

1. Provide write/modify access to the file

#chmod a+x xampp-linux-1.8.2-0-installer.run

2. Run the installation

#./xampp-linux-1.8.2-0-installer.run

Click Next 

And Finish once done

A default XAMPP website will launch. Close the browser.

Start the XAMPP services

#/opt/lampp/lampp start

Open up your browser and type in http://localhost/ . You will see the XAMPP page

We are done for XAMPP. Now let's proceed to do the DVWA

Unzip the file

#unzip DVWA-1.0.7.zip

Move the folder to /opt/lampp/htdocs

On your browser, type in http://localhost/dvwa

Click on 'here' to create the database

Database created

Go back to the http://localhost/dvwa and enter the default credentials

username: admin

password: password

And we have installed DVWA and XAMPP on LINUX

NOW YOU HAVE MY PERMISSION TO HACK!!!!!!!!!!!

SPIDERING Website using Burp Spider

Burp Spider is a tool for automatically crawling web applications. While it is generally preferable to map applications manually, you can use Burp Spider to partially automate this process for very large applications, or when you are short of time. - http://portswigger.net/burp/help/spider_gettingstarted.html

Note: Using Burp Spider may result in unexpected effects in some applications. Until you are fully familiar with its functionality and settings, you should only use Burp Spider against non-production systems.


Before performing this, ensure that the proxy has been set and configured properly. Click here to know how to set the proxy up: http://securityg33k.blogspot.sg/2013/07/data-manipulation-intercepting-http.html

Click on Spider and Tick the 'spider running' option

In this example, we are not going to perform any traffic interception. Go to Proxy and ensure that the 'Intercept is Off'

In this example we are going to use a testing site by Acunetix: http://testphp.vulnweb.com

Now go to the 'Target' tab in Burp Suite and you will notice a set of links. Right click on the link that we want to spider and choose 'spider this host'

Now go to the 'spider' tab and you will notice the spidering action being performed.

Once done, go back to the 'Target' tab and expand the list under the site you Spidered. This will give us the list of items in the website for analysis and review.

Download Burp Suite here: http://www.portswigger.net/burp/download.html

SET on BT5r3 - Stealing Facebook Credentials

In this tutorial, we will show you how to steal Facebook credentials using the Social Engineering Toolkit on BackTrack Linux.

Fire up the Social Engineering Toolkit from BackTrack.  Select 1 for the SET Attack.

 For this tutorial, we will use the Website Attack Vectors as our mechanism

Since we are going to steal the credential, we proceed to select 3

We will choose 2 to clone the site we are going to dupe.
Enter the IP address of where the clone site be hosted.
Enter the link of the website. In this case, we will clone the facebook login page.

 Once the site is cloned, provide the link/IP for the victim to enter. The victim will get the Facebook login page website.

And when the victim type in the username and password, the credentials will be sent to the attacker's console.

Getting started - Installing BackTrack5r3 on VMware Workstation 8.

In the previous tutorial, we run our BackTrack on VMware. Now we want to install it on VMware so that we dont have to run it on the .iso file and able to create files and folders on it.

Run your BackTrack VM and log in to the account. On the desktop, click on 'Install BackTrack'

Choose your preferred language and click Forward

Choose your region and click Forward

Choose your Keyboard layout and click Forward

By default, BackTrack will use all available disk allocated during the setup. Click Forward

Click Install

Installation will take between 20mins to 40mins.

Once completed, click Restart Now

Click Enter

The VM will reboot and once you login to your account and run the #startx, you will get your GUI. You can further test your installation by removing the .iso from the VM settings and start it to see if BackTrack can run without the .iso file.

Cheers. :)

Getting started - Running BackTrack5r3 on VMware Workstation 8.

First and foremost, let's download the .iso file from the main website to our host machine.

http://www.backtrack-linux.org/backtrack/backtrack-5-r3-released/

Once downloaded, start up our VMware workstation and click on File > New Virtual Machine

Click Next for the Typical setup

Browse to the .iso file that we downloaded just now and click Next

Choose Linux and since BackTrack 5 runs in Ubuntu, we shall choose Ubuntu as the version.

Give a name to our Virtual machine and choose the location on where the files should reside then click Next

Choose the size we want to allocate for our Virtual Machine. *Its better to allocate more space for it as later we are going to install it so that it will not run from the .iso file anymore.

Check the settings and click Finish

Click Enter

Choose the first option

The default login is 'root' and the default password is 'toor'

Once username and password is entered, type #startx

BackTrack will now load into its GUI

There.... you have now successfully launched BackTrack5r3 on your virtual machine. Next tutorial will be on how to install BackTrack into the VM so that we do not have to run it using the .iso file.