Configure Web Server for Penetration Testing (Beginner Guide)

Hello friends! Today you will learn how to configure your own web server using Ubuntu inside the virtual machine and install LAMP services for web server configuration.

Let’s Begin!!

We are using VM  Workstation 12 for Ubuntu installation, now for the guidance step by step.

Choose typical (1st options)for configuration and click on Next.

Since I have already downloaded Ubuntu 14.04 of 64 bit in my windows operating system, so let Browse it as shown in the given image.

Click on Next.

Now enter information for personalizing Linux inside text filed

  • Full name: pentestlab
  • Username: raj
  • Password: 123
  • Confirm: 123

Then click on next.

Specify disk capacity according to your desire as 20 GB I had specified.

Choose Split virtual disk into multiple files and then click on Next.

Now make some changes in setting through Customize Hardware before you click on Finish.

Change network adapter setting into Bridged and select the checkbox for Replicate physical network connection state.

Then click on Close then Finish.

This will create a new virtual machine inside your VM workstation.

Now, wait for a small period of time till it boots up automatically after then it will start installation which will take some time.

Now enter your password for login.

Now we need to install LAMP service, which is a collection of open source software used to make web servers up and running. The LAMP stands for Linux, Apache, MySQL, and PHP. 

For installation, the user must have root privileges now type the following command inside the terminal to begin.

Apache HTTP Server is cross-platform, meaning that it is built for a Unix-like system. Apache played a key function for the World Wide Web.

MySQL is the world’s most popular open-source database. MySQL is simple to set up and easy to use.

You will get a prompt, Press enter to set password “blank” for root user in MySQL configuration

Again press enter

phpMyAdmin is a free software tool written in PHP, proposed to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL.

Choose apache2 web server that will be automatically configured to run phpmyadmin.

Again a prompt will open to submit the password for phpmyadmin, to register with the database server.

Press enter to left password “blank” for phpadmin.

Now in order configure phpmyadmin under Apache, you need to edit “/etc/apache2/apache2.conf” at the end of apache2.conf file. Therefore type the following command to open the apache2.conf 

Once the file gets opened type following text at the end of the file as shown in the given image

# phpMyAdmin Configuration

After editing, save the file and restart apache2 service.

Since we had given blank space as the password for phpmyadmin, therefore, we need to make some changes inside its file “ configuration.inc.php” so that it could Allow No Password while login into the database.

Type following command to open config.inc.php

Focus on highlighted comment remove double pipe (||) to activate this comment.

Now you can observe the given image is highlighting the following comment:

ALLOW NO PASSWORD = TRUE

Now open myphpadmin in the browser as localhost/phpmyadmin as shown in the image.

Install the PHP 5 module for Apache 2 and all of its dependencies.

Hence we had install LAMP services inside Ubuntu, therefore, it will operate as a web server.

Now install some other useful services for sharing data between server and client.

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. It is a TCP protocol holds port 22 to establish communication between server and client.

Install vsftpd service, it is the default FTP server in the Ubuntu, it is also a tcp protocol hold port 21 for data transfer.

In order to ensure that the above service has been installed properly in your system use nmap which will scan your system and then tell open ports and running services on your system.

To run nmap,  first, install it through the following command

Now scan your system using nmap to make sure of running services.

From given below image you can check it has dumped the result which has disclosed the running service of my system.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

1 Comment Configure Web Server for Penetration Testing (Beginner Guide)

Leave a Reply

Your email address will not be published. Required fields are marked *