Tag Archives: metasploitable

Metasploitable 2 and Mutillidae

Metasploitable 2 (even better than the original Metasploitable) is a great way to practice your hacking skills.  I use it all the time for my sandbox setup phase.

Metasploitable 2 also comes with several vulnerable websites to practice your web exploitation skills.  My favorite is Mutillidae.  However, there is a small error in the Mutillidae setup on Metasploitable 2.  Thankfully, it is easily fixable.

The problem is that the database specified in the Mutillidae config file is incorrect.  You will know you are experiencing this problem if you click on something that requires the database and you get a bunch of header errors that don’t look quite right.

mutillidae errorsIn the example above, I simply clicked the Login/Register button on the top bar, typed something in for the username and password, and clicked Login.

To fix it, log into Metasploitable 2 (msfadmin/msfadmin), and open up the /var/www/mutillidae/config.inc file (you may need to use sudo).  Change the dbname field from “metasploit” to “owasp10”.  Save it, and try the login page again.

mutillidae configYou should get just a simple authentication error:

mutillidae goodNow you’re good to go with Mutillidae and Metasploitable 2!