Welcome back, my aspiring hackers!
In this series on Linux for aspiring hackers, I'm trying to provide you with the basic skills needed to be capable in Linux as a hacker. One area that's critical that we haven't covered yet is building and managing an Apache web server.
Apache is found on over 60% of the globe's web servers, so any self-respecting Linux admin should be familiar with it. As a hacker aspiring to hack websites, it's critical to understand the inner workings of Apache, websites, and the backend databases of these sites.
In addition, by setting up your own web server, you could serve up malware to anyone who visits your site. If you're thinking of building a botnet, this is one of the best ways of doing that (I'll do a tutorial on building a botnet in the near future).
If you have BackTrack running on your system, Apache is already installed. Many other Linux distros have it installed by default as well. If you don't have Apache installed, you can download and install the LAMP stack.
LAMP is an acronym for Linux, Apache, MySQL, PERL, and PHP. These are the most widely used tools for developing websites in the Linux world, and they're very popular in the Microsoft world too, only it's generally referred to as WAMP, where the W simply stands for Windows.
Simply download this LAMP stack and install it on your system, and then I will take you through the care and feeding of your LAMP stack to serve up webpages. In addition, we'll download and install a website that we can use for web and database hacking in future tutorials.
The first step, of course, is to start our Apache daemon. In BackTrack, go the BackTrack -> Services -> HTTPD and click on apache start.
Now that Apache is running, it should be able to serve up its default webpage. Let's type http://localhost/ in your favorite web browser.
Apache's default webpage is /var/www/index.html. We can edit that file and get Apache to serve up whatever webpage we want, so let's create our own.
Use any text editor you please, including vi, gedit, Kate, KWrite, emacs, etc. For demonstration purposes here, I'll open the /var/www/index.html with KWrite.
Note here that the default webpage has exactly the text that was displayed when we opened our browser to localhost, but in html format. All we need to do is edit this file to have our web server display the information we want.
Now that we have the web server running and the index file open, we can add whatever text we'd like the web server to serve up. We will create some simple html blocks.
Let's serve up this page:
<h1> Null Byte is the Best! </h1>
<p> If you are new to hacking, wonderhowto.com's Null Byte</p>
<p>world is the best place to learn hacking!</p>
Now, save this file and close KWrite.
Now that we have saved our /var/www/index.html file, we can check to see what Apache will serve up. Navigate your browser once again to http://localhost.
Apache has served up our webpage just as we created it!
Now that we have our web server up and running, we want to download and install a website designed especially for hacking, known as the Damn Vulnerable Web Application or DVWA. Let's download it from here, then unzip it. To unzip it, type:
- unzip DVWA-1.0.8.zip -d /var/www
Next, we need to change permissions to give us (root) execute permissions.
- chmod 755 DVWA-1.0.8
In my next Linux tutorial, we will set up PHP, MySQL, and configure our Damn Vulnerable Web Application so that we can practice website and database hacking, so keep coming back!