Nettacker target WordPress site setup fails with HTTP 500 and missing database tables errors #1168
Description
Issue Description:
I am attempting to run the OWASP Nettacker against a local WordPress installation on Kali Linux (http://localhost/wordpress-vuln/) using the command:
text
python3.11 nettacker.py -i 192.168.29.62 -m wp_xmlrpc_bruteforce_vuln
However, the WordPress test site is not accessible due to persistent setup and configuration issues.
Symptoms & Errors:
Accessing http://localhost/wordpress-vuln/ in Firefox results in:
text
Looks like there’s a problem with this site
http://localhost/wordpress-vuln/wp-admin/setup-config.php might have a temporary problem or it could have moved.
Error code: 500 Internal Server Error
The WordPress database is empty with no tables created (confirmed via MariaDB shell):
sql
MariaDB [wordpress_vuln]> SELECT COUNT(*) FROM wp_options;
ERROR 1146 (42S02): Table 'wordpress_vuln.wp_options' doesn't exist
PHP error logs show fatal errors related to missing wp_options table and undefined constants such as DB_USER.
WordPress wp-config.php is present, readable by Apache, and contains correct database credentials.
Extensive troubleshooting steps taken, including:
Recreating the MariaDB database and user with full privileges.
Running rsync to sync WordPress core files to the correct web directory.
Checking and fixing file and directory permissions recursively for Apache user.
Temporarily renaming wp-config.php to force the WordPress installation wizard.
Attempting to run the WordPress installation wizard in browser without success due to HTTP 500 error.
Trying to generate/import WordPress SQL schema manually but encountering file not found and permission errors.
Environment:
Kali Linux (Latest)
Apache 2.4.65
MariaDB 10.x
PHP 8.x
Python 3.11
OWASP Nettacker (Latest GitHub release)
WordPress Latest downloaded from official site
Possible Causes & Observations:
The HTTP 500 Internal Server Error at wp-admin/setup-config.php suggests server configuration issues, PHP errors, or permission problems.
The database is uninitialized and missing tables which WordPress requires to run.
The WordPress installer wizard cannot complete presumably due to the 500 error.
Nettacker scan fails due to inability to interact properly with the target WordPress installation.
Requested Support:
Guidance on troubleshooting and resolving HTTP 500 error on WordPress installation setup page.
Recommended steps for manually recovering or creating WordPress database tables if the installer does not run.
Advice on Nettacker compatibility or workarounds for scanning WordPress targets with incomplete installs or errors.
Any known issues with PHP 8.x configurations affecting WordPress setup on Kali Linux environment.
Best practices to set up a local test WordPress site for Nettacker vulnerability scanning.
Attached Logs and Details:
PHP error logs showing fatal errors.
MariaDB console outputs confirming missing tables.
Permissions and ownership settings for /var/www/html/wordpress-vuln.
Exact Nettacker command run.
This issue blocks effective pentesting using Nettacker on WordPress sites running locally on Kali Linux.