Setup Web Penetration Testing Lab using OWASP Mth3l3m3nt Framework

at 1:24 AM Thursday, March 24, 2016
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots, say no to runaway web shells and yes to centrally managed herds in large penetration testing engagements

The purpose of this project is to provide a platform to enable more flexible testing especially in aspects regarding to web security and the OWASP top 10 threats to web applications. This will enable free and open source collaboration, being a web based tool, it is intended to make offensive security on the web easier and more efficient as it leverages on existing technologies with few dependencies. It is built on purely open source components. It is intended to build up to a fully-fledged web penetration testing framework with extensibility for zero day exploits in minutes to users. Currently the features it offers:

·         Multi-Database Support (JIG,SQLite,MySQL,MongoDB,PostgreSQL,MSSQL)
·         LFI/RFI exploitation Module
·         Web Shell Generator (ASP,PHP,JSP,JSPX,CFM)
·         Payload Encoder and Decoder
·         Custom Web Requester (GET/HEAD/TRACE/OPTIONS/POST)
·         Web Herd (HTTP Bot tool to manage web shells)
·         Client Side Obfuscator
·         String Tools
·         Whois



Download WAMP server here. Select save or run. Click open. After that follow the next steps.


Next you will see the Select Destination Location screen. Click Next to continue.


Next you will see the Ready to install screen. Click Install to continue.


Once the files are extracted, you will be asked to select your default browser. Select your default browser’s .exe file, then click Open to continue.



Once the progress bar is completely green, the PHP Mail Parameters screen will appear. Leave the SMTP server as localhost, and change the email address to one of your choosing. Click Next to continue.


Download the latest version of the Software from the github i.e.https://github.com/alienwithin/OWASP-mth3l3m3nt-frameworkrepository.

Extract Mth3l3m3nt lab setup in the location” C:\wamp\WWW\Mth” as is shown below.



Now find the data folder in framework options


Now, the first thing is giving the right permissions to the folders. Right click on them and change the attributes


Now open the htaccess file and add Rewritebase /Mth in Line 8


Next Load the site on the address bar localhost://Mth

The default credentials are:

username: mth3l3m3nt
password: mth3l3m3nt

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)