Web Hacking Video CourseIntroduction to Web Hacking will always be free. But, some people love videos and hate reading. For now and forever, this introductory web hacking course will be 100% free. But, in order to put coffee into my brain, which fuels my mad-capped capers and hacker skull-duggery, I’ve created a video course to supplement this written course. It’s like a video game DLP, except it’s half as fun and you have to listen to my voice. If you want to know what it’s all about click on the link below or check out my youtube video explanation.
WordPress installation should be easy. But because building databases is hard and because our machines are not the same, it is not. These instructions work on my build. But several websites have different instructions. This lesson is required for students looking to work through the brute force lesson later in this series. To make your life easy, here are several other pages with installation instructions.
Installing WordPress takes a few steps. Each step has several commands.
- Ensure you have LAMP installed
- Create WordPress database in MySQL
- Download WordPress
- Install WordPress
- Create vulnerable users
Everything from this point onward is on the command line:
sudo apt-get install apache2
sudo apt-get remove —purge mysql-server mysql-client mysql-common
sudo apt-get auto remove
sudo apt-get autoclean
sudo apt-get install mysql-server
sudo apt-get install php5 libapache2
sudo chmod 775 /var/lib/mysql
sudo /etc/init.d/apache2 restart
Build your database
You are now going to build your MySQL database. Even if you copy this line-for-line, you may find problems. I used to have DB problems every time I tried to make a new DB. If it fails, try and try again. This is a good learning experience.
mysql -u root – p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY ‘password’;
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
You will want to head to the root directory and then download the latest version of wordpress. Once you download it, you will need to extract the file and then update and install PHP.
tar xzvf latest.tar.gz
sudo apt-get update
sudo apt-get install php5-gd libssh2-php
You will then open the wp-config.php file and edit the DB_NAME, DB_USER and the DB_PASSWORD to whatever you setup in the instructions above.
cp wp-config-sample.php wp-config.php
// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
/** MySQL database username */
/** MySQL database password */
Copy your files
In addition to copying your files, you will setup the proper permissions.
sudo rsync -avP ~/wordpress/ /var/www/html/
sudo chown -R demo:www-data *
sudo chown -R :www-data /var/www/html/wp-content/uploads
Go to the web interface! and install
Once you go to the local web interface, you will want to setup your WordPress. I’d like you to make two users:
We are setting up stupid passwords so I can show you how quickly a stupid password can be exploited.