⚙️ Lab Setup Guide

This guide helps you set up a complete WordPress hacking lab using Kali Linux (or any Linux distribution), along with all the necessary tools for practice.

1. Operating System

Recommended: Kali Linux (Rolling)

Comes pre-installed with most pentesting tools.
Lightweight alternatives: Parrot Security OS or Ubuntu with manually installed pentesting tools.

Installation Options:

VM: Use VirtualBox or VMware Workstation to install Kali Linux in a virtual machine.
Live Boot: Boot directly from a USB stick if you don’t want to install.

Use my guide for it:

Kali Linux - Installation | VeryLazyTechwww.verylazytech.com

2. WordPress Lab Environment

You have three main options:

Option 1 – Local VM

Create a Linux VM (Ubuntu or Debian recommended).
Install Apache, MySQL, PHP:

sudo apt update
sudo apt install apache2 mariadb-server php php-mysql libapache2-mod-php unzip wget -y

Download and install WordPress:

wget https://wordpress.org/latest.zip
unzip latest.zip
sudo mv wordpress /var/www/html/
sudo chown -R www-data:www-data /var/www/html/wordpress

Configure MariaDB for WordPress:

sudo systemctl start mariadb
sudo systemctl enable mariadb
sudo mariadb

CREATE DATABASE wp_lab;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wp_lab.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Complete the WordPress installation in your browser:

http://<VM-IP>/wordpress

If it unreachable try run "sudo systemctl start apache2".

For Your machine ip run "ifconfig" --> usualy ip for eth0.

Database name: wp_lab

Username: wp_user

Password: password

Common WordPress Installation Errors

Option 2 – Docker (Recommended for Easy Reset)

If you allready done option 1 skip this part

Install Docker & Docker Compose.
Create a docker-compose.yml file:

version: '3.8'
services:
  wordpress:
    image: wordpress:latest
    ports:
      - "8080:80"
    environment:
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: wp_user
      WORDPRESS_DB_PASSWORD: password
      WORDPRESS_DB_NAME: wp_lab
    volumes:
      - ./wordpress:/var/www/html
  db:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: rootpass
      MYSQL_DATABASE: wp_lab
      MYSQL_USER: wp_user
      MYSQL_PASSWORD: password

Run:

docker-compose up -d

Access WordPress at:

http://localhost:8080

Hack The Box Labs

3. Essential Tools Installation

WPScan

sudo gem install wpscan

Check version:

wpscan --version

Burp Suite / OWASP ZAP

Burp Suite:
```
sudo apt install burpsuite
```
OWASP ZAP:
```
sudo apt install zaproxy
```

Use these for intercepting requests, scanning for vulnerabilities, and testing exploits.

Metasploit Framework

sudo apt install metasploit-framework
msfconsole

Use modules like wp_admin_shell_upload for post-exploitation labs.

Other Tools

sudo apt install curl wget netcat -y

curl/wget: Fetch pages, test uploads, or send crafted requests.
netcat: Set up reverse shells or listen for incoming connections.

PreviousPart I – Introduction NextCommon WordPress Installation Errors

Last updated 3 months ago