Mutillidae: Born to be Hacked
Version: 2.1.19 Not Logged In
Home Login/Register Toggle Hints Toggle Security Reset DB View Log View Captured Data

OWASP
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and these Mozilla Add-ons
 
 
Twitter
@webpwnized
 
YouTube
Mutillidae
Channel
 
Developed by Adrian "Irongeek" Crenshaw and Jeremy Druin
 
Error: Failure is always an option and this situation proves it
Line120
Code0
File/var/www/mutillidae/capture-data.php
MessageError executing query: Table 'metasploit.captured_data' doesn't exist
Trace#0 /var/www/mutillidae/index.php(469): include() #1 {main}
Diagnotic InformationINSERT INTO captured_data(ip_address, hostname, port, user_agent_string, referrer, data, capture_date) VALUES ('172.10.10.1', '172.10.10.1', '47926', 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)', '', 'page = capture-data.php ', now())
Did you setup/reset the DB?
 
Capture Data
Data Capture Page
 
This page is designed to capture any parameters sent and store them in a file and a database table. It loops through the POST and GET parameters and records them to a file named captured-data.txt. On this system, the file should be found at /var/www/mutillidae/captured-data.txt. The page also tries to store the captured data in a database table named captured_data. There is another page named captured-data.php that attempts to list the contents of this table.
 
The data captured on this request is: page = capture-data.php
 
Would it be possible to hack the hacker? Assume the hacker will view the captured requests with a web browser.
 
Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PHP Version: 5.2.4-2ubuntu5.10
The newest version of Mutillidae can downloaded from Irongeek's Site