In this lab, we’ll build a machine that could be used on the iCSI Cyber Range, and then in the following lab we’ll look at the exploitation process using Python. You’ll need:

• An Ubuntu VM
• A Kali Linux VM

The objective here will be to build a web server that does the following:

• Shows the end user a username/password login form
• The username/password will be checked
  • Authentication will be allowed or denied.
• Once the user is authenticated, the user will have to brute-force a value to find the flag.

On Ubuntu, we’ll start by installing

• Apache2
• PHP

Type:

apt install apache2 libapache2-mod-php
systemctl restart apache2

Next, we’ll cd to the document root of the web server and delete the default index.html

cd /var/www/html
rm index.html

Create an index.php to test that our web server is indeed interpreting .php correctly

pico index.php

Put this code into the file: