bWAPP / MariaDB / mysql

nixxxy · February 7, 2019, 1:19am

Hi all!

So I am fairly new to Parrot / Kali ( about 2 months in). I can’t even explain to you how much I have learned about these awesome OS’s but also about net security in general, but I have finally found an issue that I have not been able to resolve through google searches and trial and error.

I would really like to explore the bWAPP app, but I just cannot get it to connect using maria. It took me a few hours of trying to install and get mysql working before I read on here that it wasn’t supported anymore, so then i switched my tactics to Mariadb.

Has anyone here had experience getting bWAPP to work on Parrot? I actually switched back to a VM Kali to see if I could get it working there and I was also unsuccessful so its gotta be something I am doing.

I have tried to create my own database through Maria, ive tried changing the information/ passwords in all combinations on the PHP file for bWAPP. Ive tried putting my new database information into that file with the database I created through the file and still I cannont connect.

I keep recieving the dreaded " Access Denied" when i try to connect to the installation page once I have started Apache2 and Mariadb. I mean at this point I have probably spent like 7 hours troublshooting the damn thing. At times I was like " ok, plenty of other learning resources out there…" but then I see how cool it looks and I WANT IN! haha!

If anyone can type a quick step by step, or offer me some guidance, man i would really appreciate it!

Once again, I am new to this and my C/ command skills are improving but still defenitely novice so go easy on me! :).

Also, after using Parrot for awhile and switching back to Kali (which i didnt use for long anyway before I discovered this beautiful OS), i just can’t believe how much more enjoyable Parrot is. Not a knock on Kali at all, obviously it was a game changer, but it just goes to show you how much software can be improved if you have the FREEDOM of open source!! Amen!

Thank you all!

Nixxxy

What version of Parrot are you running? (include version, edition, and architecture)

Running the newest version, 3.1.1? i think? Just installed a couple months ago.

What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)

Full standard install, Straight boot of the HD to Parrot

Configured to multiboot with other systems? (yes / no)

Not yet, No. Thought about it, but even thinking about windows makes me sad! hhah

If there are any similar issues or solutions, link to them below:

If there are any error messages or relevant logs, post them below:

KidKlown · February 7, 2019, 2:33pm

Lets have a go shall we. I will use a PHP web server instead of apache, just because it will be easier and involves less configuration/ commands. If you really want to use apache then i can give instructions for that also.

Make sure system is up to date first:
sudo parrot-upgrade

Make sure you have the right mariadb version installed:
sudo apt-get install mariadb-server-10.3

So download bWAPP and extract it into your documents or wherever you want it. There will be a folder called ‘bWAPP’ full of php files and folders, open a terminal in this folder. Now start a php server in this directory:
sudo php -S <local IP>:80
You can find you local IP using command hostname -I.

Now go to firefox and in the URL bar type your IP. It should re-direct you to /login.php with a ‘Connection failed message’.

Now for the database. To start it, open another terminal and enter:
sudo service mysql start
Now we need to add a user. We will log in as root to create another user for bWAPP to use.
This will enter us into the mysql/mariadb shell:
sudo mysql -u root
To add a user, enter:
CREATE USER 'testuser'@'localhost' IDENTIFIED BY 'password'; (You can change ‘testuser’ and ‘password’ to whatever you want, as long as you can remember them)
Grant privileges to new user:
GRANT PRIVILEGES ON *.* TO 'testuser'@'localhost';
Reload changes:
FLUSH PRIVILEGES
You can now leave the mariadb shell, simply enter:
exit

We are getting there. Now go into your ‘bWAPP’ folder again, open the ‘admin’ folder and open ‘settings.php’ with pluma.
You should see ‘Database connection settings’. We need to change the ‘$db_username’ and ‘$db_password’ to whatever you set it as in the database. That section will then look a bit like:

$db_server = “localhost”;
$db_username = “testuser”;
$db_username = “password”;
$db_name = “bWAPP”;

Save and exit that.

If you go back to your browser now and refresh the page, you should have a button to install database. Then just log in with the default credentials (user: bee pass: bug)

Then when you are done:
sudo service mysql stop
And ‘CTR+C’ in the terminal running PHP.
Or to start it back up again:
sudo service mysql start
sudo PHP -S <IP>:80 in the bWAPP directory

Fewwww… That may or may not have made any sense.

dmknght · February 8, 2019, 6:21pm

hi! this is clearly off-topic but I’d suggest you install your pentest target in a Virtual Machine (debian or ubuntu server). if you feel install bunch of software is hard, you can download pre-installed target from vulnhub and create VM. Anyway if you have any problem, please comment and let us help you

nixxxy · February 8, 2019, 8:32pm

wow thank you so much! I havent attempted to get back in yet, but I am going to follow your suggestions tonight and see if I can do it without getting super frustrated again haha.

Another thing I’m struggling with is getting my damn Alfa USB wireless adapter working. Is the same driver that is supported in Kali supported in Parrot as well? I must confess, just trying to install simple things is tough for me sometimes. I’m starting to get the hang of permissions and all that.

I keep getting the “file is not supported” when I try to install the driver though. Its just the little Alfa AWUS036NH.

Thank you again, ill let you know How I do with bWAPP tonight!

nixxxy · February 8, 2019, 8:50pm

when you say my pentest target, do you mean the spare old Laptop/ desktop that I use to practice cracking? Yeah that is usually what I do, just so i can practice going at windows / Linux…

KidKlown · February 8, 2019, 9:33pm

You can create a VM on you parrot machine if you want, bWAPP even provide one for you.

Just so your not attacking yourself, that in most cases I wouldnt recommend.

nixxxy · February 8, 2019, 9:40pm

haha, yeah I meant that i attack a few old systems I have here that I dont use. like 8 old pentium 4 era systems fell into my lap and those are the ones I go after.

I would never attack my actual laptops/ built desktop that I use daily.

I usually just attack them and if something starts to go weird I just reinstall windows or Kali. But ya youre right it would probably be easier to explore VM’s more.

Edit: I just like booting to parrot or Kali on my hard drive becuase it runs so stably rather than VM’s. I really reallly try not to ever step outside the lines of the law, so Im not worried about info writing to my HD, but youre right it would be quicker and easier to us VM.

on another note, do you know if the ralink RT3070 CHIPSET** is supported in Parrot? I believe it is in Kali.