Search

Null Byte

Worlds

Login | Signup

Follow

The aspiring white-hat hacker/security awareness playground

World Home

How-To

Inspiration

Forum

Creators

How-Tos Topics Linux Basics

Recognition of
Excellence at Null
Byte (Fellows,
Awards,
Recommendations,
& Certifications)

How to Post to Null

Byte [4.10.15
Revision]

How to Do Small
Hacks? For
Beginners!

How to Create a
Windows 10
Installation Disk

Hack Like a Pro: Linux Basics for

the Aspiring Hacker, Part 11
(Apache Web Servers)
Posted By

occupytheweb

15K

2 years ago

Follow

Hack Like a Pro:

Networking Basics
for the Aspiring
Hacker, Part 2
(TCP/IP)

DevilMind
explaining Hacking
for Beginners!

Popular Now

How to Create a
Windows 10
Installation Disk

How to Do Small
Hacks? For
Beginners!

Welcome back, my aspiring hackers!

72
KUDOS

In this series on Linux for aspiring hackers, I'm trying to provide you with
the basic skills needed to be capable in Linux as a hacker. One area that's
critical that we haven't covered yet is building and managing an Apache web
server.

Related
Hack Like a Pro: Linux
Basics for the Aspiring
Hacker, Part 26 (Apache
Configuration)

Apache is found on over 60% of the globe's web servers, so any selfrespecting Linux admin should be familiar with it. As a hacker aspiring to
hack websites, it's critical to understand the inner workings of Apache,
websites, and the backend databases of these sites.
In addition, by setting up your own web server, you could serve up malware
to anyone who visits your site. If you're thinking of building a botnet, this is
one of the best ways of doing that (I'll do a tutorial on building a botnet in
the near future).

Getting Apache on Your System

If you have BackTrack running on your system, Apache is already installed.
Many other Linux distros have it installed by default as well. If you don't
have Apache installed, you can download and install the LAMP stack.

How to Study for the White

Hat Hacker Associate
Certification (CWA)
Hack Like a Pro: How to
Hack Web Apps, Part 1
(Getting Started)
Hack Like a Pro: How to
Fingerprint Web Servers
Using Httprint
Hack Like a Pro: Linux
Basics for the Aspiring
Hacker, Part 6 (Networking
Basics)

The Essential Skills to

The Essential Skills to

Becoming a Master Hacker

LAMP is an acronym for Linux, Apache, MySQL, PERL, and PHP. These are
the most widely used tools for developing websites in the Linux world, and
they're very popular in the Microsoft world too, only it's generally referred
to as WAMP, where the W simply stands for Windows.

How to Use Null Byte to

Study to Become a
Professional Hacker

Simply download this LAMP stack and install it on your system, and then I
will take you through the care and feeding of your LAMP stack to serve up
webpages. In addition, we'll download and install a website that we can use
for web and database hacking in future tutorials.

What to Expect from Null

Byte in 2015

Step 1: Start Your Apache Daemon

Hack Like a Pro: Windows

CMD Remote Commands for
the Aspiring Hacker, Part 1

The first step, of course, is to start our Apache daemon. In BackTrack, go the
BackTrack -> Services -> HTTPD and click on apache start.

What to Expect from Null

Byte in 2014 CE

Why Every Hacker Should

Know & Use Linux

Step 2: Open the Default Website

Now that Apache is running, it should be able to serve up its default
webpage. Let's type http://localhost/ in your favorite web browser.

Newest

Msfvenom Android
Exploitation
Outside LAN?

Hello from a New

Member

Step 3: Open the Index.html File

Apache's default webpage is /var/www/index.html. We can edit that file
and get Apache to serve up whatever webpage we want, so let's create our
own.
Use any text editor you please, including vi, gedit, Kate, KWrite, emacs, etc.
For demonstration purposes here, I'll open the /var/www/index.html with
KWrite.

Community
CAMERON GLASS commented

on

Why Newbies Deserve Respect

I second this comment.
ANONS 4ANIMALS commented

on

How to Set Up a Pentesting Lab

Using XAMPP to Practice Hacking
Common Web Applications
thank you I appreciate that!
DELLS SELLING PAGE commented

on

How to Flash Kali NetHunter on

OnePlus and Nexus Devices (Most)
As a Secondary ROM

Does the internal wifi work on the nexus 7

2013 model net hunter thanks
DONNA BLANKENBECLER

published

How to Subtract Mixed Numbers

BRETT DONADEO commented

on

You've Been Wasting the Best Part! 5

Delicious Uses for Your "Empty"
Nutella & Peanut Butter Jars
Also remember that some peanut butters
have xylitol, which is poisonous to dogs.
DONTRUSTME commented

Note here that the default webpage has exactly the text that was displayed
when we opened our browser to localhost, but in html format. All we need
to do is edit this file to have our web server display the information we
want.

Step 4: Add Some Html

Now that we have the web server running and the index file open, we can
add whatever text we'd like the web server to serve up. We will create some
simple html blocks.
Let's serve up this page:
<html>
<body>
<h1> Null Byte is the Best! </h1>
<p> If you are new to hacking, wonderhowto.com's Null Byte</p>
<p>world is the best place to learn hacking!</p>
</body>
</html>
Now, save this file and close KWrite.

Step 5: Let's See What Happens

Now that we have saved our /var/www/index.html file, we can check to see
what Apache will serve up. Navigate your browser once again to
http://localhost.

on

Security-Oriented C Tutorial 0xFB A Simple Crypter

For building Windows executables on a
Linux machine, you can use MinGW to crosscompile your code. To execute your crosscompiled Windows code on a Linux
machine, Wine may be a solution to that
pro...

Apache has served up our webpage just as we created it!

Step 6: Download & Install DVWA

Now that we have our web server up and running, we want to download
and install a website designed especially for hacking, known as the Damn
Vulnerable Web Application or DVWA. Let's download it from here, then
unzip it. To unzip it, type:
unzip DVWA-1.0.8.zip -d /var/www
Next, we need to change permissions to give us (root) execute permissions.
chmod 755 DVWA-1.0.8
In my next Linux tutorial, we will set up PHP, MySQL, and configure our
Damn Vulnerable Web Application so that we can practice website and
database hacking, so keep coming back!
Red feathers, green feathers, and world network images via Shutterstock

See Also
Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 26
(Apache Configuration)
How to Study for the White Hat Hacker Associate Certification
(CWA)
Hack Like a Pro: How to Hack Web Apps, Part 1 (Getting Started)
Show More...

Remember to Give Kudos, Tweet, Like, & Share

Join the Discussion

1

Subscribe

OFF

thanks for the dvwa

2 years ago

Reply

GUILTY
SPARK

2
PRANAB
GOGOI

waiting for the next ... cant wait anymore ... please publish as soon as
possible ... :)
2 years ago

Reply

Pranab:
Please be patient. There are more coming.

OCCUPYT
HEWEB

What subjects would you like covered in future articles?

OTW
2 years ago

1
PRANAB
GOGOI

Reply

till now i am able to share picture and text through the virtual host .... i am
using no ip service ... but every time i disconnect and reconnect my ppp0
device (3g modem) i get a new ip and i need to manually reset everything to

make my small website run ,... is it possible that i can have a constant
(static) ip using the same ppp0 interface ???? n please publish part 12 ....
waiting for that .. :) tnx
2 years ago

Reply

Pranab:
Sorry it took so long to respond. You are behind a DHCP service, so
everytime you disconnect, it will issue you a new IP. To get a static IP,
contact you ISP.

OCCUPYT
HEWEB

OTW
2 years ago

1
BRIAN
BRUZEME
RA

Reply

search dynamic dns on google.. i think you might have come across the
solution for your problem but still wanted to help..
1 year ago

Reply

Any idea when the next ones coming OTW??

good work by the way, enjoying every bit!

CHRIS
JONES

2 years ago

Reply

Chris:

I should have a new one out this week on LKM. What would you like to see
covered in future Linux tutorials?

OCCUPYT
HEWEB

OTW
2 years ago

Reply

Your covering everything I want to know at the moment thanks, just keep
up the good work and ill be kept happy!!

1
CHRIS
JONES

Cheers
2 years ago

Reply

At the end of this excellent tut you stated. 'In my next Linux tutorial, we will
set up PHP, MySQL, and configure our Damn Vulnerable Web Application so
that we can practice website and database hacking', but the next tut in this
series (Part 12) is about LKM? Is there a continuation of this tut as it's sort of
left hanging? Thanks.

1
GRAYMAT
TER

2 years ago - edited 2 years ago

Reply

Graymatter:

First, I want to welcome you to Null Byte!

OCCUPYT
HEWEB

Second, you are right, I kind of left you hanging. I'll finish up with PHP,
MySQL, and DVWA in 2014. I promise!
OTW
2 years ago

In Step 6, I was having issues with

'chmod 755 DVWA-1.0.8'
Until I typed in
'chmod 755 /var/www/DVWA-1.0.8'
Which it seems to have accepted,
Has this granted me execute permissions? - I thought it had.

1
NEMESIS1
512

2 years ago

1
LUIGI
MACKENZ
IE C.
BRITO

1
NEMESIS1
512

Reply

Reply

IT should've. if not. chmod 777. hahaha.

btw issues with chmod 755 dvwa... is because of the directory.
1 year ago

Reply

I was wondering if it would be worth mentioning that the last step could be
checked by typing
'ls -l'
in the directory, like you (OTW) taught us in an earlier lesson (6?).
Because for me, the step did not appear to work, so I fixed it from there,
using that earlier lesson.
Thank you,
Nemesis1512

2 years ago

Reply

Once again, it is an issue of which directory you are in when you execute the
command.

1
OCCUPYT
HEWEB

I'm glad you could use another tutorial to resolve the issue.
Just keep in mind, if you are executing the command in the same directory
as the object (file) resides, you do not need the path to the object (file).
2 years ago

1
NEMESIS1
512

Reply

Yes, indeed, sorry, it is just that this occurred before your response,
hence why it has been brought up again.
Moreover, seeing as I could use one of your earlier tutorials, this
suggests that your tutorials are comprehensive and are published in a
very useful order.
Thank you very much for your understanding and further explanation,
Nemesis1512.
2 years ago

Reply

Bump! on that botnet tut idea!! im craving one that actually makes sense. I
have found a great video i believe defcon 20 on making a HUGE botnet
quickly through proxy/VPN

1
T3AL
EMERALD

1 year ago

Reply

I am not able to edit the file index.html. And I am not even able to change
the permissions using chmod.

1
CHANDA
N

"chmod: changing permissions of index.html: Operation not permitted" is

the error I get when I try changing any permissions for that file.
And I am also not able to extract this zip file due to some permissions
problem.
1 year ago - edited 1 year ago

Reply

Are you using BackTrack?

Are logged in as "root"?

OCCUPYT
HEWEB

1 year ago

1
CHANDA
N

Reply

ubuntu.
How to log in as root?
1 year ago

Reply

Did you install Apache?

1 year ago

Reply

OCCUPYT
HEWEB

1
CHANDA
N

yes. I am able to do it now. I tried prefixing all the commands with 'sudo'
and it worked for all.
1 year ago

Reply

This is now my home page. Hope it pleases you to know.

1 year ago

Reply

BAL ZAC

1
QADEEM
QURESHI

I'm fairly new to linux and i need a tut on how to hack a webserver this is
the objective.
Okay, see if you can put a file in my home folder on my web server. Good
luck! (Hint: use the console login.)
and BTW i know how to login to console but what do i do next plz help OTW!
and i have kali linux bcz backtrack is obsolete.
1 year ago - edited 1 year ago

Reply

Is there a question in there?

1 year ago

Reply

OCCUPYT
HEWEB

1
QADEEM
QURESHI

yes there is how to hack a webserver

and put the a file onto it while knowing console login or ssh and the ip i
know all that info but wht do i do next?

1 year ago - edited 1 year ago

1
OCCUPYT
HEWEB

Let me see if I understand. You know the console login and want to upload
a file to the webserver? Why not use ftp or tftp?
1 year ago

Reply

Reply

like i can use filezilla or somthing like that?

1 year ago

Reply

QADEEM
QURESHI

1
OCCUPYT
HEWEB

Sure, if you have access to console. You can create an ftp account and
upload whatever file you want.
You really don't need filezilla though. You can simply use ftp at the
command prompt in Windows or Linux.
1 year ago

Reply

oh ok thnx OTW ur the best!

1 year ago

Reply

QADEEM
QURESHI

1
THEDELIV
ERYMAN

would it be possible to host this web server, send someone a link to it, and
when they went to the page it would open a meterpreter session with
them?
if so, how would I do it?
1 year ago

Reply

Deliveryman:
Have you checked out my Metasploit posts using a url? It does exactly what
you are asking without having to build the website.

OCCUPYT
HEWEB

OTW
1 year ago

Reply

Okay i'll look thanks

1 year ago

Reply

THEDELIV
ERYMAN

1
THEDELIV
ERYMAN

that seems to only work with IE8 though, if I wanted it to work with any
browser would I have to build the site?
1 year ago

1
OCCUPYT
HEWEB

There are different exploits for different browsers. IE8, though, is still the
most widely used browser.
1 year ago

Reply

Reply

but how can you determine what browser a PC is running?

1 year ago

Reply

THEDELIV
ERYMAN

The new pof3.0 will tell you.

1 year ago

Reply

OCCUPYT
HEWEB

1
THEDELIV
ERYMAN

I've been doing some googling and I haven't found anything on how to
detect browser types with pof3.0, How would you do it?
1 year ago

1
OCCUPYT
HEWEB

Pof is passive. All you do is enable it on your interface and it will tell you the
OS, the interface and browser, if one is used.
1 year ago

Reply

Oh okay. thanks, and keep up the good work.

1 year ago

THEDELIV
ERYMAN

Reply

Reply

Thanks for that DeliveryMan!

1 year ago

Reply

OCCUPYT
HEWEB

OTW selinux. i want to know how to use it how to add policies . Read
manual but no idea

1
NAUGHT
Y CRISS

1 year ago

Reply

Hi guys.

I'm running Ubuntu in VMWare Player.

NATHAN
WAKEFIEL
D

When I try running Apache, it gives me "Could not open configuration file
/etc/apache2/apache2.conf: No such file or directory"
Any pointers or suggestions on how to make Apache work?
Thanks,
Nathan
12 months ago

Reply

Nathan:

Every distribution of Linux places the files in different locations. Try using
the locate command to find the apache2.conf.

OCCUPYT
HEWEB

OTW
12 months ago

Reply

Okay, I'll try that. I was using find to search for it, that may have been
my problem.

1
NATHAN
WAKEFIEL
D

12 months ago

Reply

hello,
i want to be the best hacker which programming languages should i learn to
get my task.

1
HAROON
EXCELLEN
T

11 months ago

Reply

Haroon:

I would recommend that you learn C and Java and then learn to script in
BASH, Perl and Python.

OCCUPYT
HEWEB

OTW
11 months ago

Reply

How do i install the DVWA after i gave myself execute permission.

11 months ago

Reply

DAVIE
TRUONG

Hello OTW!
Thank a lot for your tutorials! You are helping me more than you can
imagine!

1
JENA
PLISSKEN

11 months ago - edited 11 months ago

Reply

have kali Linux 2.0 up and running w/dual boot. Don't see GUI screen from
Application - System Services and hence Apache2 start/stop or restart.
Anyways, used CLI to start apache2 and leafpad /var/www/index.html based
on the wordings above. But, no changes on Iceweasel once http://localhost
or 127.0.0.1. Thx for your reply in advance.

1
MPLEAFS

4 months ago - edited 4 months ago

Reply

MPLEAFS,

On Kali 2 entering 'service apache2 start' into the terminal should start
the apache server and display /var/www/html/index.html when pointing
the browser to localhost or 127.0.0.1.

XX

4 months ago

1
ZERO_ME

Reply

Had almost the same problem, only that https://localhost/ showed the
edited site, but 127.0.0.1 did not..
A simple restart resolved the issue, but I'm still curious to why that
happened..
Any ideas?

4 months ago - edited 4 months ago

Reply

if im logged as 'Root" ,do i still need permission or what ??

i am new in linux and need some basic learning

1
PINKYFIR
E

3 months ago - edited 3 months ago

Reply

Yes, even root needs permissions to use or execute a file.

3 months ago

Reply

OCCUPYT
HEWEB

Share Your Thoughts

Click to share your thoughts
YOU

ATTACH

Popular How-To Topics in Computers &

Programming
Hack a website password
Get your friends facebook pass
Get in facebook without passw
Hack others facebook account
Recover facebook chat history
Hack wifi passwords on mac
How to Google camera hack
Hack router password

Hack computer through wifi

Create new skype account
How to Hack skype accounts
How to Hack wifi password
Use "intitle:index of
Bypass computer blocks
Hack in to another computer t
Wifi hack wifi using blackberry

Access facebook when its block

Hack another computer from y
Hack another computer on you
Hack a website using comman
Hack other users on same wifi
How to Crack wep key
Crack facebook password
How to Repair electric fan

Trending Across WonderHowTo

How to Create a Windows 10
Installation Disk

The Ultimate Way to Dice

Onions

How to Do Small Hacks? For

Beginners!

DevilMind explaining
Hacking for Beginners!

12 Android Widgets You

Need on Your Home Screen

4 Ways to Crack a Facebook

Password and How to
Protect Yourself from Them

Hack Like a Pro: Networking

Basics for the Aspiring
Hacker, Part 2 (TCP/IP)

The Food Hacks Guide to

Emulsion

Arts

Science & Tech

Lifestyle

Gaming

Arts & Crafts

Beauty & Style
Dance
Fine Art
Music & Instruments

Autos, Motorcycles & Planes

Computers & Programming
Disaster Preparation
Education
Electronics
Film & Theater
Software
Weapons

Alcohol
Business & Money
Dating & Relationships
Diet & Health
Family
Fitness
Food
Home & Garden
Hosting & Entertaining
Language
Motivation & Self Help
Outdoor Recreation
Pets & Animals
Pranks & Cons
Spirituality
Sports
Travel

Gambling
Games
Hobbies & Toys
Magic & Parlor Tricks
Video Games

WonderHowTo.com

About Us

Privacy Policy

Terms & Conditions