In my new article, i just add notes and some pictures for the installation. Hope you will easier to install it. WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. First download webgoat from WebGoat Google code downloads and visit the OWASP WebGoat pages for more info about WebGoat.
Next you have to install p7zip to extract the archive, you can do this with the apt package manager from console running
apt-get install p7zip
and then extract the archive using
p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
You can leave it in your root folder but if you like "clean desktops" move it inside /pentest/web/webgoat, you can do this from terminal with
mkdir /pentest/web/webgoat
mv WebGoat-5.3_RC1/* /pentest/web/webgoat
now make /pentest/web/webgoat/webgoat.sh executable with
chmod +x /pentest/web/webgoat/webgoat.sh
and then install openjdk-6-jre and openjdk-6-jdk with apt:
apt-get install openjdk-6-jre openjdk-6-jdk
If we install netbeans, the java and tomcat will be installed
Now you can run webgoat on port 80 or 8080 running
sh /pentest/web/webgoat/webgoat.sh start80 or
sh /pentest/web/webgoat/webgoat.sh start8080
and to stop tomcat and webgoat use:
sh /pentest/web/webgoat/webgoat.sh stop
we can test with localhost http://127.0.0.1 on web browser, if successfully the page will appear like picture this:
Open up firefox and connect to http://127.0.0.1/WebGoat/attack or http://127.0.0.1:8080/WebGoat/attack according to the port you use to run tomcat (and also maybe the "WebGoat" if ain't appear, just change with "webgoat" like picture below). The username and password are both guest.
Finally, WebGoat already installed on my computer.
References:
http://www.backtrack-linux.org/forums/backtrack-howtos/214-how-run-webgoat-5-3-standard-bt4.html
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
0 comments:
Post a Comment