A step-by-step guide to set up a local vulnerable web application lab with OWASP Mutillidae II and XAMPP, ideal for ethical hacking and web app security practice.
Download and install XAMPP (includes Apache, MariaDB, PHP):
wget https://www.apachefriends.org/xampp-files/8.2.12/xampp-linux-x64-8.2.12-0-installer.run
chmod +x xampp-linux-x64-8.2.12-0-installer.run
sudo ./xampp-linux-x64-8.2.12-0-installer.runFollow the graphical installer to complete setup.
Start the necessary services:
sudo /opt/lampp/lampp startCheck status:
sudo /opt/lampp/lampp statuscd /opt/lampp/htdocs
sudo git clone https://github.com/webpwnized/mutillidae.git(Optional) Rename for simplicity:
sudo mv mutillidae mutillidaesudo chown -R root:root /opt/lampp/htdocs/mutillidaeLaunch MariaDB:
sudo mysqlSet the root password:
SET PASSWORD FOR 'root'@'localhost' = 'mutillidae';
FLUSH PRIVILEGES;
EXIT;Open in browser:
http://localhost/mutillidae/
Click the "Setup/Reset the DB" link at the top of the page.
If it fails, update the database config manually:
sudo nano /opt/lampp/htdocs/mutillidae/includes/database-config.incUse this:
<?php
define('DB_HOST', '127.0.0.1');
define('DB_PORT', '3306');
define('DB_USER', 'root');
define('DB_PASSWORD', 'mutillidae');
define('DB_NAME', 'owasp10');
?>- Open browser:
http://localhost/mutillidae/ - Use the menus to explore OWASP Top 10 vulnerabilities
- Practice ethical hacking in a safe environment
- Start lab:
sudo /opt/lampp/lampp start
- Stop lab:
sudo /opt/lampp/lampp stop
echo -e '#!/bin/bash\nsudo /opt/lampp/lampp start\nxdg-open http://localhost/mutillidae/' > start-mutillidae.sh
chmod +x start-mutillidae.shRun it with:
./start-mutillidae.sh