Mutillidae is an open source insecure web application, which is designed for penetration testers to practice all of the web-app specific vulnerability exploitation. XAMPP is another free and open source cross-platform web server solution stack package developed by Apache Friends. The XAMPP can be downloaded from: https://www.apachefriends.org/download.html.
We will now be installing the Mutillidae to our newly installed Microsoft windows 2008 R2 server to host it:
- Once XAMPP is downloaded, let's go ahead and install the executable by following the wizard. Once the installation is complete and the XAMPP launched, you should be able to see the following screen. We will be using XAMPP version 5.6.36 / PHP 5.6.36:
- Mutillidae can be downloaded from: https://sourceforge.net/projects/mutillidae/files/latest/download.
- Unzip the file and copy the folder to C:yourxampplocationhtdocs<mutillidae>.
- You have to ensure XAMPP is running Apache and MySQL/MariaDB and finally access the .htacess file inside the mutillidae folder and ensure that 127.0.0.1 and the IP range are allowed. We should be able to see the web application installed successfully as shown in the following screenshot and it can be accessed by visiting http://localhost/mutillidae/:
In case of error messages saying that the database is offline or something similar, you may have to reset or set up the DB for Mutillidae.