OWASP/Mutillidae Installation Issue (Please, help)

[LaraCroft]

Hello guys,

I'm trying to install OWASP/Mutillidae for the the last two weeks.

First I tried to move the folder ''Mutillidae'' in var/www/html; and to work with (service apache2 start and service mysql start - which were perfectly fine), but I cannot open the browser.

Now I'm using the program XAMPP and I moved the folder 'Mutillidae'' in /opt/lampp/htdocs. The problem remain.

Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /opt/lampp/htdocs/mutillidae/classes/MySQLHandler.php on line 248

Warning: mysqli::__construct(): (HY000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /opt/lampp/htdocs/mutillidae/classes/MySQLHandler.php on line 250

I'm attaching a screenshot.

Thank you in advance!

[Bloux]

It's ok to put the mutillidae in /var/www/html/ because that it's the default apache root directory.
By default the linux sql server don't have a password set, so you need to type the stage 5. commands from your screenshot. The credentials that mutiliidae use to connect on linux sql server are in /var/www/html/mutillidae/includes/database-config.inc

[Mr_Kci]

Hi All,
I'm preping for an exam, and wanted to play with the likes of webgoat and mutillidae, only to find all the tutorials and instructions and videos are out of date, hugely frustrating. I even bricked a VM while following some - so I wanted to save you all the trouble and share my notes. They may not be perfect, I'm sure there's experts out there that may know better here and there, but its working and hopefully a welcome refresh for the newbies who want to play like me :-)

The below is based on a fresh install of the latest Kali 2020.2 as of 17/07/20

Install Prerequisites
CMD: apt update
CMD: apt install php-xml php-fpm php-gd php-imap php-mysql php-curl php-mbstring -y
These packages are also required, however, they are installed as default on Kali 2020.2: libapache2-mod-php php-mysql
CMD: cd /var/www/html
CMD: git clone https://github.com/webpwnized/mutillidae

Disable Old PHP versions (to resolve any blank web page problems)
CMD: a2dismod php7.0
CMD: a2dismod php7.2
CMD: a2dismod php7.3
CMD: a2disconf php7.0-fpm
CMD: a2disconf php7.2-fpm
CMD: a2disconf php7.3-fpm
CMD: a2enmod php7.4 << Enable 7.4 (should already be enabled, but just in case u have a conflict)

Now, mutillidae website has pre-set credentials it wants to use to login to mysql
User: root
Password: mutillidae
As detailed in /var/www/html/mutillidae/includes/database-config.inc

Setup DB correctly now (as Root)
Note: I can't post SQL statements on this forum as it thinks its SQL injection (fair), so see the attached pic "SQL.jpg" for this step, MAKE SURE YOU FOLLOW to make this all work.


Restart Services needed to run
CMD: service php7.4-fpm restart
CMD: systemctl restart apache2
CMD: systemctl restart mysql

Now Navigate to http://localhost/mutillidae (or "http://[MACHINE IP ADDRESS]/mutillidae" from another PC on your network)

Reset the DB from website
An error about the DB is displayed, but simply find and click the ?setup/reset the DB? line (burred in the Error Message text) - see attached pic1.jpg if you cant find it.

Click OK to the popup prompt

And you should be done!

Cheers

Mr_Kci