Installation Linux (Nginx)
##Pre-Flight Check This tutorial will cover installation on Kali 2.0 with nginx and PHP5-FPM , the latter provides us with fastcgi scripts and capabilities thats why the collaboration of the two is needed. The current Installed versions of Software are:
nginx version: nginx/1.6.2
PHP 5.6.14-0+deb8u1 (fpm-fcgi) (built: Oct 4 2015 16:13:04)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend TechnologiesIf nginx is not installed it may be installed as below:
apt-get install nginx
apt-get install php5 php5-fpm After ensuring the above is installed we need to do a little bit of configuration changes to both so that the software may work correctly.
Here we are concerned with two settings
- The configuration of PHP5-FPM real path settings
- Whether the listener has the right value To fix issue one we will edit PHP5-FPM's php.ini , this is located at :
/etc/php5/php5-fpm/php.ini the configuration to change here is: cgi.fix_pathinfo , by default it is set to 1 , uncomment it by deleting the preceding semicolon and change the value to zero as below:
For the second issue we will simply check the configuration settings of the listener to be set to a file , this can be done using the command below:
cat /etc/php5/fpm/pool.d/www.conf | grep listenThe result should be as below :
If this listener is set to a port e.g. 127.0.0.1:9000 change it to the above we want to use socket rather than TCP.
Now we need to configure nginx to listen on this socket and run our scripts through it, as PHP5-FPM is like a seperate webserver in reality. To do this we reconfigure the default site or if you want create a new site. For purposes of this install we will deal with the default one. The configuration can be found in the path below:
/etc/nginx/sites-available/default the current setup is put as the sample in Webserver Configuration. From here we setup mth3l3m3nt after restarting nginx with the command below.
service nginx restartDownload the latest version of the Software from the github repository. i.e. https://github.com/alienwithin/OWASP-mth3l3m3nt-framework
Extract these files to the web root. The default web root for nginx on kali linux is :
/usr/share/nginx/htmlThis from a commandline perspective would be as below :
If you would like it installed in the Webroot you may move the files after the steps above to the webroot.
mv /usr/share/nginx/htmlOWASP-mth3l3m3nt-framework-master/* /usr/share/nginx/htmlIf you want it to remain in a sufolder but rename it the command would be :
mv OWASP-mth3l3m3nt-framework-master/ NewFolderName/The first thing is giving the right permissions to the folders. Currently since we have done this as root it is proper to give the rights to the Apache user. The easiest way to do this is :
chown -R www-data:www-data /usr/share/nginx/htmlnext we configure writeable folders to be writeable. We can do this with the commands below:
chmod -R 0777 tmp/
chmod -R 0777 framework/data/
chmod -R 0777 incoming/
chmod -R 0777 scripts/If installed in the web root you are done with what you need to do. If you have it installed in a subfolder e.g. /usr/share/nginx/html/install-new/ . One more step. Edit .htaccess by uncommenting out the line with RewriteBase to reflect.
RewriteBase /yourSubFolderThis could be something as below considering our install-new/ subfolder.
Next Load the site on the address bar e.g.
http://owasp.mth3l3m3ntframework.comTo login assuming our URL is http://owasp.mth3l3m3ntframework.com the administration portal will be :
http://owasp.mth3l3m3ntframework.com/cncThe default credentials are :
username: mth3l3m3nt
password: mth3l3m3ntSuccessful Installation should give you a dashboard as below and you may start using the framework .
Note: By Default the framework utilises the JIG database that is a flat file however if you love RDBMS it supports MySQL, MSSQL and PostgreSQL . This can be switched in the settings.