Skip to content

Instantly share code, notes, and snippets.

@toripiyo
Last active November 17, 2020 22:28
Show Gist options
  • Save toripiyo/f17f8fc335bd383aedb4133d1a428a19 to your computer and use it in GitHub Desktop.
Save toripiyo/f17f8fc335bd383aedb4133d1a428a19 to your computer and use it in GitHub Desktop.
OWASP Mutillidae II vagrant environment
#! /bin/bash
apt-get update
apt-get install -y unzip
apt-get install -y apache2
# update MySQL password
# http://qiita.com/niku_uchi/items/b922de3fd1e770644928
echo "mysql-server mysql-server/root_password password my_password" | debconf-set-selections
echo "mysql-server mysql-server/root_password_again password my_password" | debconf-set-selections
# install mutillidae web application
apt-get install -y mysql-server libapache2-mod-auth-mysql php5-mysql php5-curl
apt-get install -y php5 libapache2-mod-php5 php5-mcrypt
test -f /usr/local/src/download || wget https://sourceforge.net/projects/mutillidae/files/latest/download -P /usr/local/src
test -d /var/www/html/mutillidae || unzip -d /var/www/html /usr/local/src/download
# update MySQLHandler.php file
test -f /var/www/html/mutillidae/classes/MySQLHandler.php.orig || cp -p /var/www/html/mutillidae/classes/MySQLHandler.php{,.orig}
perl -pi -e 's;(\$mMySQLDatabasePassword) = .*;$1 = "my_password"\;;g' /var/www/html/mutillidae/classes/MySQLHandler.php
# update phpmyadmin config.inc.php to insert password strings
test -f /var/www/html/mutillidae/phpmyadmin/config.inc.php || cp -p /var/www/html/mutillidae/phpmyadmin/config.inc.php{,.orig}
perl -pi -e "s;\x24cfg\['Servers'\]\[\x24i\]\['password'\] = '';\x24cfg\['Servers'\]\[\x24i\]\['password'\] = 'my_password';g" /var/www/html/mutillidae/phpmyadmin/config.inc.php
# create database for phpmyadmin
# mysql -h localhost -u root -pmy_password -D nowasp < /var/www/html/mutillidae/phpmyadmin/examples/create_tables.sql
mysql -h localhost -u root -pmy_password < /var/www/html/mutillidae/phpmyadmin/examples/create_tables.sql
# enable HTTPS
## issue self signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=JP/ST=Tokyo/L=Ota-ku/O=Cat Inc./OU=Development/CN=192.168.33.10/emailAddress=admin@localhost" -keyout /etc/ssl/private/mutillidae-selfsigned.key -out /etc/ssl/certs/mutillidae-selfsigned.crt
## configure apache for ssl settings
test -f /etc/apache2/sites-available/default-ssl.conf.orig || cp -p /etc/apache2/sites-available/default-ssl.conf{,.orig}
perl -pi -e 's;(^\s*SSLCertificateFile\s*).*;$1/etc/ssl/certs/mutillidae-selfsigned.crt;g' /etc/apache2/sites-available/default-ssl.conf
perl -pi -e 's;(^\s*SSLCertificateKeyFile\s*).*;$1/etc/ssl/private/mutillidae-selfsigned.key;g' /etc/apache2/sites-available/default-ssl.conf
chown www-data:www-data /etc/ssl/certs/mutillidae-selfsigned.crt
chown www-data:www-data /etc/ssl/private/mutillidae-selfsigned.key
a2enmod ssl
a2enmod headers
a2ensite default-ssl
service apache2 restart
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = "ubuntu/trusty64"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a private network, which allows host-only access to the machine
# using a specific IP.
config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
# such as FTP and Heroku are also available. See the documentation at
# https://docs.vagrantup.com/v2/push/atlas.html for more information.
# config.push.define "atlas" do |push|
# push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
# end
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
config.vm.provision 'shell', path: 'mutillidae_deploy.sh'
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment