Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Importing a Real Website into Your Pentest Lab
Post 2 – Adding a Real Target to Your Pentest Lab: WordPress Site Setup
After setting up the core of my pentesting lab, I wanted a real target to practice on. For that, I cloned my own WordPress site and set it up inside Kali Linux. This post covers the process in detail – including packaging the live site, transferring it, restoring it locally, and solving some tricky issues along the way.
Reminder:
Although this is a copy of my own site, the original server is shared hosting. So I made sure the backups only include my content. Be very cautious not to touch or impact any other users if you’re working in shared environments.
Phase 1 – Backing Up the Website
1. Compressing the Site Files
I accessed the live server using SSH, navigated to the directory where WordPress was installed (typically something like public_html), and used the following command to create a compressed backup:
tar -czvf wordpress_site_backup.tar.gz public_html
This produced a single .tar.gz archive containing all the site files and directory structure.
2. Exporting the Database
I exported the database using the mysqldump command:
mysqldump -u your_db_user -p your_database_name > wordpress_db_backup.sql
This generated a .sql file with the database structure and content.
Note: On cPanel or similar interfaces, you can do both of these steps using built-in backup or file manager tools as well.
Phase 2 – Moving Files to the Lab Environment
3. Downloading the Files to Windows
Since I was working in VirtualBox on a Windows host, I first downloaded the two files (.tar.gz and .sql) to my Windows machine using WinSCP or by dragging them out of the SSH session.
4. Setting Up a Shared Folder Between Host & Kali
I mounted a folder in VirtualBox to share files between my Windows host and the Kali VM.
Steps:
- Installed virtualbox-guest-utils on Kali:
sudo apt update sudo apt install -y virtualbox-guest-utils
- On VirtualBox settings:
- Went to Devices > Shared Folders > Shared Folder Settings
- Added a folder (e.g.,
PentestShare) - Enabled Auto-mount and Make permanent
- Mounted it manually in Kali:
-
sudo mkdir -p /media/sf_PentestShare sudo mount -t vboxsf PentestShare /media/sf_PentestShare
-
✅ Now the files were visible inside Kali at:
/media/sf_PentestShare/wordpress_site_backup.tar.gz/media/sf_PentestShare/wordpress_db_backup.sql
Phase 3 – Extract & Configure
5. Extract the Website Archive
cd /media/sf_PentestShare
tar -xvzf wordpress_site_backup.tar.gz
Important: After extracting, the folder was not named wordpress/. Instead, it retained the original folder name from the live server (like public_html or something custom). Always check using ls to locate the extracted folder.
6. Copy Files to Apache’s Web Root
sudo cp -r extracted_folder_name/* /var/www/html/
I also removed the default Apache index.html just in case:
sudo rm /var/www/html/index.html
Phase 4 – Restore the Database
7. Create the DB and User in MariaDB
sudo mysql
CREATE DATABASE lab_wp_db;
CREATE USER 'labuser'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON lab_wp_db.* TO 'labuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
8. Import the SQL Backup
mysql -u labuser -p lab_wp_db < /media/sf_PentestShare/wordpress_db_backup.sql
Phase 5 – Final Configurations
9. Update wp-config.php
I checked and updated the database section in /var/www/html/wp-config.php:
define( 'DB_NAME', 'lab_wp_db' );
define( 'DB_USER', 'labuser' );
define( 'DB_PASSWORD', 'StrongPassword123!' );
define( 'DB_HOST', 'localhost' );
10. File Permissions (IMPORTANT!)
WordPress wouldn’t load correctly at first. I got a blank screen due to Apache lacking permissions to access some folders.
Solution:
sudo chown -R www-data:www-data /var/www/html
sudo find /var/www/html -type d -exec chmod 755 {} \;
sudo find /var/www/html -type f -exec chmod 644 {} \;
Phase 6 – Launch the Site
Restarted Apache:
sudo systemctl restart apache2
Then visited:
http://localhost
The site loaded successfully. A perfect local replica of the live environment – ready to test against.
Troubleshooting Recap
Here are some issues I hit and how I resolved them:
| Problem | Fix |
|---|---|
| White screen | Permissions on /var/www/html |
| “Error Establishing Database Connection” | Mismatch in wp-config.php credentials |
| Shared folder not accessible | Installed virtualbox-guest-utils and mounted folder |
| Apache not showing site | Default index.html file not removed |
What’s Next?
In the next post, I’ll begin testing this local WordPress site using Kali tools – focusing on enumeration and low-hanging fruit like plugin or user exposure.