Hackazon is an open-source project from Rapid7 that is intended to be an e-commerce website. This realistic web application gives developers and security professionals an idea on the impact of exploits and how to fix them.

This guide will help you set up Hackazon locally on your computer. I know there are a few people who have hosted this publicly but it’s good to spin up a web server of your own so you are more familiar with how it all works. My host machine is Windows so I will be using WAMP.

Hackazon can be downloaded at https://github.com/rapid7/hackazon

WAMP can be downloaded at https://sourceforge.net/projects/wampserver/

Just follow the installation guide for WAMP, everything is pretty straight forward. If this is your first time using WAMP then things could get a little confusing. Find Wampserver64 in the start menu and grant access control when prompted.

You will know WAMP is running properly when you see this logo appear in your tray.

First we need to edit the httpd-vhosts.conf Apache file. The easiest way to access this file is shown below.

Change DocumentRoot and <Directory to “c:/home/hackazon/web” as shown below.

<VirtualHost *:80> ServerName localhost DocumentRoot "c:/home/hackazon/web" <Directory "c:/home/hackazon/web/"> Options +Indexes +Includes +FollowSymLinks +MultiViews AllowOverride All Require all granted Allow from all </Directory> </VirtualHost>

Rename C:\home\hackazon\assets\config\db.sample.php to C:\home\hackazon\assets\config\db.php

Now we need to create a database for hackazon and a username to login. Open a MySQL Console and create a database and assign credentials with the following commands. You don’t have to use the password of “admin123” but be sure you remember what you set it to.

create database hackazon; GRANT ALL ON hackazon.* TO hackazon@'localhost' IDENTIFIED BY 'admin123';

If you receive a “Query OK” then the database and credentials were successful!

Lastly, be sure the rewrite_module is selected within Apache and go ahead and restart all services.

Download the hackazon ZIP file from Github and unzip into C:\home\hackazon\.

Open a browser and navigate to http://localhost/ and if everything goes smoothly you should see the following screen!

Go ahead and create admin credentials and head to DB Settings. Insert the password you set earlier when we created the hackazon database.

Hit next step for Email Settings.

Confirm parameters and install!

Now lets make sure we can ping this web server from our Kali virtual machine. First, lets see what our IP is. Open cmd.exe and run ipconfig. Looking at my wireless LAN adapter, my address is 192.168.1.142.

Set you Kali network adapter to NAT and try to ping your host IP.

Now that we know we can connect to our host computer, lets open a browser and navigate to our new hackazon website!

Looks like it’s all systems go! Have fun and hack on!