May 2016

Installing OWASP Mth3l3m3nt on Kali Nethunter

I've been porting some of the tools i use on a day to day to my Kali Nethunter device for portability of course a little bit of on the go hacking. 

I decided to install the Mth3l3m3nt framework on nethunter due to the tool's awesome capabilities. My good friend Munir did a really great job on this one in collaboration with OWASP. Let's get down to it, shall we.

We shall be installing everything on the Kali Nethunter chroot environment, so now would a great time to boot into it. For this tutorial is shall be doing the setup over adb as it is much faster.
  • adb shell
  • su
  • bootkali
Now that we are in the Kali Nethunter chroot, there are a few pre-requisites to installing the Mth3l3m3nt. These are apache web server and git. Kali comes with these pre-installed but in any case, they are installed with the command below.
  • apt-get install git apache2 

Preparing Apache

Now we edit the apache config file and add the following:
nano  /etc/apache2/apache2.conf

<Directory /var/www/>
    Options -Indexes +FollowSymLinks +Includes
    AllowOverride All
    Order allow,deny
    Allow from all
   # This is required for apache 2.4.3 or higher, if lower version remove the line below
   Require all granted

In my case, i uncommented the default directory tag for consistency

Downloading Mth3l3m3nt

Next we download mth3l3m3nt to our device and move it to the apache web root folder (/var/www/html)
  • mkdir -p ~/dumps
  • cd ~/dumps
  • git clone --recursive
  • mv OWASP-mth3l3m3nt-framework /var/www/html/mth3l3m3nt

Configuring the install

Next we configure the necessary rights and permissions:
  • chown -R www-data:www-data /var/www/html
  • cd  /var/www/html/mth3l3m3nt
  • chmod -R 0777 tmp/
  • chmod -R 0777 framework/data/
  • chmod -R 0777 incoming/
  • chmod -R 0777 scripts/
Edit .htaccess by uncommenting out the line with RewriteBase the base mth3l3m3nt folder:
  • nano .htaccess
  • RewriteBase /mth3l3m3nt
Create the mth3l3m3nt virtual host file in /etc/apache2/sites-available folder:
  • touch /etc/apache2/sites-available/mth3l3m3nt.conf
  • nano /etc/apache2/sites-available/mth3l3m3nt.conf
Copy the text below to mth3l3m3nt.conf and save:
<VirtualHost localhost:80>
    ServerName mth3l3m3nt
    DocumentRoot /var/www/html

    <Directory /var/www/html/mth3l3m3nt>
          Options -Indexes +FollowSymLinks +Includes
          AllowOverride All
          Order allow,deny
          Allow from all
          #This is required for apache 2.4.3 or higher, if lower version remove the line below
          Require all granted


Enable the virtual host:
  • a2ensite mth3l3m3nt.conf
Restart apache:
  • service apache2 restart

Accessing the panel

Now you can access mth3l3m3nt on:

The default credentials for the cnc panel are:
username: mth3l3m3nt
password: mth3l3m3nt

If all went well, you should be able to access the Mth3l3m3nt panel as shown below.