How to run webgoat 5.3 standard on BT4
hi all,
this is not a real howto but some hints to let you play with WebGoat in BT4.
First download webgoat from this link and visit the OWASP WebGoat pages for more info about WebGoat.
Next you have to install p7zip to extract the archive, you can do this with the apt package manager from console running
apt-get install p7zip
and then extract the archive using
p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
You can leave it in your root folder but if you like "clean desktops" move it inside /pentest/web/webgoat, you can do this from terminal with
mkdir /pentest/web/webgoat
mv WebGoat-5.3_RC1/* /pentest/web/webgoat
now make /pentest/web/webgoat/webgoat.sh executable with
chmod +x /pentest/web/webgoat/webgoat.sh
and then install openjdk-6-jre and openjdk-6-jdk with apt:
apt-get install openjdk-6-jre openjdk-6-jdk
Now you can run webgoat on port 80 or 8080 running
sh /pentest/web/webgoat/webgoat.sh start80 or sh /pentest/web/webgoat/webgoat.sh start8080
and to stop tomcat and webgoat use
sh /pentest/web/webgoat/webgoat.sh stop
Open up firefox and connect to http://127.0.0.1/webgoat/attack or http://127.0.0.1:8080/webgoat/attack according to the port you use to run tomcat. the username and password are both guest.
OWASP provide some intresting readings, you can find them on OWASP wiki and on the books page.
Hope this helps noobs like me who want to learn something about webapp security.
bye
Re: How to run webgoat 5.3 standard on BT4
Hi.
Thanks for the write-up on installing webgoat. Unfortunately, I believe I have either missed a step or am doing something wrong...
I followed your steps and installed both the JRE and JDK. My problem is when I launch the webgoat.sh I am not able to find /WebGoat/attack/, I receive a 404 resource not found error message:
404
type Status report
message /WebGoat/attack
description The requested resource (/WebGoat/attack) is not available.
It seems as if my paths aren't correct and if so, not sure which files I need to modify and what to point to...
Thanks for any help, anyone can provide...
Re: How to run webgoat 5.3 standard on BT4
Try: 127.0.0.1:8080/webgoat/attack (if you used webgoat.sh start8080
127.0.0.1/webgoat/attack (if you used webgoat.sh start80)
And yes it is lowercase w and lowercase g in webgoat. I had the exact same problem (404 error not found) Once I used the lowercase spelling all was working fine. Barring that, unless you are receiving errors while starting the webgoat script, it should be running for you.
Re: How to run webgoat 5.3 standard on BT4
just an update,
i made a shortcut in the KDE menu to run webgoat
add an item in the menu and in the "command" field write this
sh -c "cd /pentest/web/webgoat;./webgoat.sh start8080"
if you have your webgoat install in the /pentest/web/webgoat directory or replace it with the correct path
you can also make commands to stop or start on port 80 as you like, just replace the "start8080" with the correct arguments (stop or start80)
to make easy use of webscarab i suggest you to use foxyproxy.
To do that set foxyproxy to work in mode "Use proxies based on their pre-defined patterns and priorities", create a new proxy and create a whitelist pattern for your webgoat application, ex
*127.0.0.1:8080/webgoat/*
or
*127.0.0.1/webgoat/*
if you use the port 80 to run webgoat
bye
Re: How to run webgoat 5.3 standard on BT4
Hi,
you don't need openjdk-6-jre and openjdk-6-jdk
Just change "javac" to "java" in line #17 in webgoat.sh.
So you are able to use WebGoat and Burp is not freezing any more.
Cheers,
McFranco
Re: How to run webgoat 5.3 standard on BT4
Quote:
Originally Posted by
5k1zk17
Hi.
Thanks for the write-up on installing webgoat. Unfortunately, I believe I have either missed a step or am doing something wrong...
I followed your steps and installed both the JRE and JDK. My problem is when I launch the webgoat.sh I am not able to find /WebGoat/attack/, I receive a 404 resource not found error message:
404
type Status report
message /WebGoat/attack
description The requested resource (/WebGoat/attack) is not available.
It seems as if my paths aren't correct and if so, not sure which files I need to modify and what to point to...
Thanks for any help, anyone can provide...
Ran into the same problem! So I tried going to /webgoat instead of /webgoat/attack and it asked me for the username and password, in which I just entered guest and guest. I then went to /webgoat/attack and things worked fine from there!
Re: How to run webgoat 5.3 standard on BT4
hi all!
after following the steps above i get this :confused: however there are those files and directories :( any idea? or tip how can i reinstall the whole thing? it is enough to del the directories?
thanks for the answers:):)
root@bt:~# sh /pentest/web/webgoat/webgoat.sh start80
chmod: cannot access `././tomcat/bin/*.sh': No such file or directory
cp: cannot stat `./tomcat/conf/server_80.xml': No such file or directory
/pentest/web/webgoat/webgoat.sh: line 39: ./tomcat/bin/startup.sh: No such file or directory
Open http://127.0.0.1/WebGoat/attack
Username: guest
Password: guest
Or try http://guest:guest@127.0.0.1/WebGoat/attack
tail: cannot open `./tomcat/logs/catalina.out' for reading: No such file or directory
tail: no files remaining
Re: How to run webgoat 5.3 standard on BT4
Quote:
Originally Posted by
50cent
hi i followd your steps and iam stuck here please help
root@bt:~# p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z
7-Zip (A) 4.58 beta Copyright (c) 1999-2008 Igor Pavlov 2008-05-05
p7zip Version 4.58 (locale=C,Utf16=off,HugeFiles=on,1 CPU)
Processing archive: WebGoat-OWASP_Standard-5.3_RC1.7z
Error: Can not open file as archive
Without having done this tutorial, yet, my only assumption could be that you aren't in the directory where you saved the WebGoat-OWASP_Standard-5.3_RC1.7z file to.
Re: How to run webgoat 5.3 standard on BT4
Quote:
Originally Posted by
pressf10
hi all!
after following the steps above i get this :confused: however there are those files and directories :( any idea? or tip how can i reinstall the whole thing? it is enough to del the directories?
thanks for the answers:):)
root@bt:~# sh /pentest/web/webgoat/webgoat.sh start80
chmod: cannot access `././tomcat/bin/*.sh': No such file or directory
cp: cannot stat `./tomcat/conf/server_80.xml': No such file or directory
/pentest/web/webgoat/webgoat.sh: line 39: ./tomcat/bin/startup.sh: No such file or directory
Open
http://127.0.0.1/WebGoat/attack
Username: guest
Password: guest
Or try
http://guest:guest@127.0.0.1/WebGoat/attack
tail: cannot open `./tomcat/logs/catalina.out' for reading: No such file or directory
tail: no files remaining
Hi all, those of you who are experiencing similar problems as above is because you need to navigate to the correct directory before running the script. If you had followed the HOW-TO exactly you will have to navigate to the folder /pentest/web/webgoat and run the script like so:
Code:
root@bt:~# cd /pentest/web/webgoat
root@bt:/pentest/web/webgoat# sh /pentest/web/webgoat/webgoat.sh start8080
hope this solved some problems for newbies like myself i ran into the same stumble block being new to linux and all.
Cheers happy BTing
