Prerequisites

Required Tools and Software

MySQL Server, Apache Server, PHP, and PHPMyAdmin

• Linux: Installation Guide
• macOS: Installation Guide

Login phpMyAdmin and click the "SQL" tab. Copy & paste in the prompt this file and click execute : includes/sql/php_weak_webapp.sql

Note that you also can import the file using "SQL" as file type.

Composer

• Linux: Installation Guide
• macOS: brew install composer

Git

• Linux: Installation Guide
• macOS: Installation Guide

Vault

• Linux: Installation Guide
• macOS: Installation Guide

---

Apache Configuration Prerequisites

Update /etc/hosts

Open your /etc/hosts file with admin privileges before adding these lines:

::1 avenix.local www.avenix.local

Update php.ini

Ensure the following settings are configured:

file_uploads = On
upload_max_filesize = 25M
post_max_size = 30M

Create a dedicated vhost /etc/apache2/sites-enabled/weak-php.conf

Ensure to replace path_to_local_projet by your own path:

<VirtualHost *:9998>
    ServerName avenix.local
    DocumentRoot "/path_to_local_projet/public"

    <Directory "/path_to_local_projet">
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog "/path_to_local_projet/logs/error.log"
    CustomLog "/path_to_local_projet/logs/access.log" common
</VirtualHost>

Don't forget to restart Apache afterwards.

Add an AV exclusion

For the attacks to proceed correctly, it is necessary to set up exceptions to the project "public" folder:

• /path_to_local_projet/public

---

Useful commands (for Linux) :

• PHP - restart server : sudo systemctl restart php8.3-fpm
• Apache - restart server : sudo systemctl restart apache2
• Vault - start server : sudo vault server -config=/etc/vault/config.hcl
  • Vault - server endpoint : https://127.0.0.1:8200/ui/vault/auth?with=token