Fix Mutillidae Database Error in Metasploitable 2 [2021]

By Leonard Cucos •  Updated: 05/24/21 •  3 min read

You may receive a Mutillidae database error when registering for an account on the Mutillidae web page using Metasploitable 2 VM: error inserting records: Table ‘metasploit accounts’ doesn’t exist in /var/www/mutillidae/register.php line 79 [Figure 1.1]. 

Mutillidae database error. Source: nudesystems.com
Figure 1.1: Mutillidae database error

This issue is caused by a misconfiguration in the config.inc located in the /var/www/mutillidae folder on Metasploitable 2 VM. The fix takes less than a minute.

Step 1: Login on Metasploitable 2 VM

Login in Metasploitable 2 by using the following the following username and password:

msfadmin

Step 2: Edit config.inc

Edit config.inc file located in /var/www/mutillidae folder on Metasploitable 2 by typing the following commands [one at the time]:

cd /
sudo nano /var/www/mutillidae/config.inc
Mutillidae database error - edit config.inc command. Source: nudesystems.com
Figure 1.2: edit config.inc command.

Type msfadmin when prompted for the root password. 

Once nano opens config.inc file, look for the line $dbname = ‘metasploit’ as shown in Figure 1.2 below:

Mutillidae database error - Edit config.inc in mutillidae folder on Linux. Source: nudesystems.com
Figure 1.3: Edit config.inc in mutillidae folder on Linux.

Replace metasploitwith ‘owasp10’ and make sure the lines end with semicolon ; as shown in Figure 1.4.

Mutillidae database error - Edit Mutillidae config.inc on Metasploitable 2. Source: nudesystems.com
Figure 1.4: Edit Mutillidae config.inc on Metasploitable 2.

Step 3: Save and exit the config.inc

Save than exit the config.inc file by typing CTRL+X keys on your keyboard and the Y [Enter] when prompted to save the file [Figure 1.5].

Mutillidae database error - Save config.inc on Metasploitable 2. Source: nudesystems.com
Figure 1.5: Save config.inc on Metasploitable 2.

Step 4: Restart the Apache server

To restart Apache, type the following command in the terminal [Figure 1.5]. Alternatively, you can just reboot Metasploitalbe 2 VM.

sudo /etc/init.d/apache2 reload
Mutillidae database error - Restart the Apache server on Metasploitable 2. Source: nudesystems.com
Figure 1.5: Restart the Apache server on Metasploitable 2.

Step 5: Reset Mutillidae database

Refresh the page then clicking on the Reset DB menu option to reset the Mutillidae database [Figure 1.6]. Click OK when prompted.

Mutillidae database error - Figure 1.6: Reset Mutillidae database. Source: nudesystems.com
Figure 1.6: Reset Mutillidae database.

Step 6: Test the new configuration

Alright. Now is time to test if we managed to fix the database issue. Go ahead and register a new account on the Mutillidae webpage.

Voila. The Mutillidae database error no longer appears [Figure 1.7]. 

Mutillidae database error - Figure 1.6: Register for an Account. Source: nudesystems.com
Figure 1.7: Register for an Account.

Now that the database error is fixed, go ahead and learn how to capture a user login credentials [username and password] using a MITM attack with Ettercap ARP poisoning and Wireshark

Conclusion

Mutillidae is an amazing tool used by ethical hackers to learn how to exploit vulnerabilities in a web application. I use Mutillidae all the time when teaching my students, as well as designing the ethical hacking scenarios on this website.

In case you are looking to set up your own virtual hacking lab in VirtualBox with Kali Linux, Windows 10, Ubuntu File Server, and Mr-Robot, I have the best guide on the Internet at the link provided above.

If you like it too, do me a favor and share this fix with your colleagues and friends. Who knows, they might struggle with the same database problem.

See you next time.

Leonard Cucos

Leonard Cucos is an engineer with over 20 years of IT/Telco experience managing large UNIX/Linux-based server infrastructures, IP and Optics core networks, Information Security [red/blue], Data Science, and FinTech.

medyum