OWASP Mutillidae II : Labs Walkthrough (Security Level: 0)

 OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web security training. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

This post is all about solutions of labs that are listed on Mutillidae, If you want to know how can we install Mutillidae please comment, and I will post my article soon.

Lab 1: Sending HTTP Requests with Netcat

Navigate to the Lab 1:

Mutillidae > Labs > How the Web Works > Lab 1 - HTTP Requests with Netcat

Now we can solve this problem with different solutions, few of them are we can use a proxy tool (Burp / ZAP ) or we can use some browser extensions to capture the response as shown below :

We can also use our Linux terminal to capture the response generated from the server by using the curl command:

curl -I "URL"

 

Now, as in our lab heading you can see that we need to use netcat to solve this question, so we will use netcat now.

Netcat (also known as nc) is a simple command-line utility that can be used for reading or writing data across a network connection.

Open your Linux terminal and type:

nc URL port number

nc localhost 80 

 

Now, it is waiting for our input, type the GET request in the terminal along with the URL.

http://mutillidae.localhost/index.php?page=labs/lab-1.php

 

That's it, we successfully solved Lab 1.

Here is the video of all the 3 solution's that we covered above: