WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.
In this chance, I will tell you about how to installation webgoat.
Follow the steps below :
1. Download webgoat Here
2. Download java Here
3. Extract webgoat with this command :
root@bt:~#7z x WebGoat-OWASP_Standard-5.3_RC1.7z
Information :
7z = used for unzip WebGoat-OWASP_Standard-5.3_RC1.7z
x = used for extract file with full path
4. Then, move the directory WebGoat-5.3_RC1 to /pentest/web :
root@bt:~#mv WebGoat-5.3_RC1 /pentest/web/
5. Entered into the directory WebGoat-5.3_RC1, change webgoat.sh to be executable :
root@bt:/pentest/web/WebGoat-5.3_RC1# chmod +x webgoat.sh
6. Run webgoat with this command :
root@bt:/pentest/web/WebGoat-5.3_RC1# sh webgoat.sh start80
7. Browse to http://localhost/webgoat/attack
username : guest
password : guest
8. To stop webgoat use this command :
root@bt:~#sh webgoat.sh stop
ENJOY YOUR WEBGOAT!!
WARNING
While running this program, your machine is extremely vulnerable to attack if you are not running on localhost. If tou are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
This program is for educational purposes only. Use of these techniques without permission could lead to job termination, financial liability, and/or criminal penalties.
thanks for sharing and may be useful for the readers,, thanks
ReplyDeleteST3 Telkom