You may receive a Mutillidae database error when registering for an account on the Mutillidae web page using Metasploitable 2 VM: error inserting records: Table ‘metasploit accounts’ doesn’t exist in /var/www/mutillidae/register.php line 79 [Figure 1.1].
This issue is caused by a misconfiguration in the config.inc located in the /var/www/mutillidae folder on Metasploitable 2 VM. The fix takes less than a minute.
Step 1: Login on Metasploitable 2 VM
Login in Metasploitable 2 by using the following the following username and password:
msfadmin
Step 2: Edit config.inc
Edit config.inc file located in /var/www/mutillidae folder on Metasploitable 2 by typing the following commands [one at the time]:
cd /
sudo nano /var/www/mutillidae/config.inc
Type msfadmin when prompted for the root password.
Once nano opens config.inc file, look for the line $dbname = ‘metasploit’ as shown in Figure 1.2 below:
Replace ‘metasploit’ with ‘owasp10’ and make sure the lines end with semicolon ; as shown in Figure 1.4.
Step 3: Save and exit the config.inc
Save than exit the config.inc file by typing CTRL+X keys on your keyboard and the Y [Enter] when prompted to save the file [Figure 1.5].
Step 4: Restart the Apache server
To restart Apache, type the following command in the terminal [Figure 1.5]. Alternatively, you can just reboot Metasploitalbe 2 VM.
sudo /etc/init.d/apache2 reload
Step 5: Reset Mutillidae database
Refresh the page then clicking on the Reset DB menu option to reset the Mutillidae database [Figure 1.6]. Click OK when prompted.
Step 6: Test the new configuration
Alright. Now is time to test if we managed to fix the database issue. Go ahead and register a new account on the Mutillidae webpage.
Voila. The Mutillidae database error no longer appears [Figure 1.7].
Now that the database error is fixed, go ahead and learn how to capture a user login credentials [username and password] using a MITM attack with Ettercap ARP poisoning and Wireshark.
Conclusion
Mutillidae is an amazing tool used by ethical hackers to learn how to exploit vulnerabilities in a web application. I use Mutillidae all the time when teaching my students, as well as designing the ethical hacking scenarios on this website.
In case you are looking to set up your own virtual hacking lab in VirtualBox with Kali Linux, Windows 10, Ubuntu File Server, and Mr-Robot, I have the best guide on the Internet at the link provided above.
If you like it too, do me a favor and share this fix with your colleagues and friends. Who knows, they might struggle with the same database problem.
See you next time.
