Results 1 to 10 of 10

Thread: How to run webgoat 5.3 standard on BT4

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    10

    Default How to run webgoat 5.3 standard on BT4

    hi all,

    this is not a real howto but some hints to let you play with WebGoat in BT4.

    First download webgoat from this link and visit the OWASP WebGoat pages for more info about WebGoat.

    Next you have to install p7zip to extract the archive, you can do this with the apt package manager from console running

    apt-get install p7zip

    and then extract the archive using

    p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

    You can leave it in your root folder but if you like "clean desktops" move it inside /pentest/web/webgoat, you can do this from terminal with

    mkdir /pentest/web/webgoat
    mv WebGoat-5.3_RC1/* /pentest/web/webgoat


    now make /pentest/web/webgoat/webgoat.sh executable with

    chmod +x /pentest/web/webgoat/webgoat.sh

    and then install openjdk-6-jre and openjdk-6-jdk with apt:

    apt-get install openjdk-6-jre openjdk-6-jdk

    Now you can run webgoat on port 80 or 8080 running

    sh /pentest/web/webgoat/webgoat.sh start80 or sh /pentest/web/webgoat/webgoat.sh start8080

    and to stop tomcat and webgoat use

    sh /pentest/web/webgoat/webgoat.sh stop

    Open up firefox and connect to http://127.0.0.1/webgoat/attack or http://127.0.0.1:8080/webgoat/attack according to the port you use to run tomcat. the username and password are both guest.

    OWASP provide some intresting readings, you can find them on OWASP wiki and on the books page.

    Hope this helps noobs like me who want to learn something about webapp security.

    bye
    Last edited by n0x|2m; 01-23-2010 at 07:43 PM.

  2. #2
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default Re: How to run webgoat 5.3 standard on BT4

    Hi.

    Thanks for the write-up on installing webgoat. Unfortunately, I believe I have either missed a step or am doing something wrong...

    I followed your steps and installed both the JRE and JDK. My problem is when I launch the webgoat.sh I am not able to find /WebGoat/attack/, I receive a 404 resource not found error message:

    404
    type Status report
    message /WebGoat/attack
    description The requested resource (/WebGoat/attack) is not available.

    It seems as if my paths aren't correct and if so, not sure which files I need to modify and what to point to...

    Thanks for any help, anyone can provide...

  3. #3
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Re: How to run webgoat 5.3 standard on BT4

    Try: 127.0.0.1:8080/webgoat/attack (if you used webgoat.sh start8080
    127.0.0.1/webgoat/attack (if you used webgoat.sh start80)

    And yes it is lowercase w and lowercase g in webgoat. I had the exact same problem (404 error not found) Once I used the lowercase spelling all was working fine. Barring that, unless you are receiving errors while starting the webgoat script, it should be running for you.

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    10

    Default Re: How to run webgoat 5.3 standard on BT4

    just an update,
    i made a shortcut in the KDE menu to run webgoat

    add an item in the menu and in the "command" field write this

    sh -c "cd /pentest/web/webgoat;./webgoat.sh start8080"

    if you have your webgoat install in the /pentest/web/webgoat directory or replace it with the correct path

    you can also make commands to stop or start on port 80 as you like, just replace the "start8080" with the correct arguments (stop or start80)

    to make easy use of webscarab i suggest you to use foxyproxy.

    To do that set foxyproxy to work in mode "Use proxies based on their pre-defined patterns and priorities", create a new proxy and create a whitelist pattern for your webgoat application, ex

    *127.0.0.1:8080/webgoat/*

    or

    *127.0.0.1/webgoat/*

    if you use the port 80 to run webgoat

    bye
    Last edited by n0x|2m; 01-23-2010 at 07:58 PM.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    Cologne
    Posts
    4

    Default Re: How to run webgoat 5.3 standard on BT4

    Hi,

    you don't need openjdk-6-jre and openjdk-6-jdk

    Just change "javac" to "java" in line #17 in webgoat.sh.

    So you are able to use WebGoat and Burp is not freezing any more.

    Cheers,
    McFranco
    Last edited by McFranco; 03-04-2010 at 12:30 AM.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Re: How to run webgoat 5.3 standard on BT4

    Quote Originally Posted by 5k1zk17 View Post
    Hi.

    Thanks for the write-up on installing webgoat. Unfortunately, I believe I have either missed a step or am doing something wrong...

    I followed your steps and installed both the JRE and JDK. My problem is when I launch the webgoat.sh I am not able to find /WebGoat/attack/, I receive a 404 resource not found error message:

    404
    type Status report
    message /WebGoat/attack
    description The requested resource (/WebGoat/attack) is not available.

    It seems as if my paths aren't correct and if so, not sure which files I need to modify and what to point to...

    Thanks for any help, anyone can provide...
    Ran into the same problem! So I tried going to /webgoat instead of /webgoat/attack and it asked me for the username and password, in which I just entered guest and guest. I then went to /webgoat/attack and things worked fine from there!

  7. #7
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Question Re: How to run webgoat 5.3 standard on BT4

    hi all!

    after following the steps above i get this however there are those files and directories any idea? or tip how can i reinstall the whole thing? it is enough to del the directories?

    thanks for the answers

    root@bt:~# sh /pentest/web/webgoat/webgoat.sh start80
    chmod: cannot access `././tomcat/bin/*.sh': No such file or directory
    cp: cannot stat `./tomcat/conf/server_80.xml': No such file or directory
    /pentest/web/webgoat/webgoat.sh: line 39: ./tomcat/bin/startup.sh: No such file or directory

    Open http://127.0.0.1/WebGoat/attack
    Username: guest
    Password: guest
    Or try http://guest:guest@127.0.0.1/WebGoat/attack

    tail: cannot open `./tomcat/logs/catalina.out' for reading: No such file or directory
    tail: no files remaining

  8. #8
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    1

    Default

    hi i followd your steps and iam stuck here please help

    root@bt:~# p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

    7-Zip (A) 4.58 beta Copyright (c) 1999-2008 Igor Pavlov 2008-05-05
    p7zip Version 4.58 (locale=C,Utf16=off,HugeFiles=on,1 CPU)

    Processing archive: WebGoat-OWASP_Standard-5.3_RC1.7z

    Error: Can not open file as archive

    dude i too have the same problem..pls reply if you happen to get a solution

    Quote Originally Posted by pressf10 View Post
    hi all!

    after following the steps above i get this however there are those files and directories any idea? or tip how can i reinstall the whole thing? it is enough to del the directories?

    thanks for the answers

    root@bt:~# sh /pentest/web/webgoat/webgoat.sh start80
    chmod: cannot access `././tomcat/bin/*.sh': No such file or directory
    cp: cannot stat `./tomcat/conf/server_80.xml': No such file or directory
    /pentest/web/webgoat/webgoat.sh: line 39: ./tomcat/bin/startup.sh: No such file or directory

    Open http://127.0.0.1/WebGoat/attack
    Username: guest
    Password: guest
    Or try http://guest:guest@127.0.0.1/WebGoat/attack

    tail: cannot open `./tomcat/logs/catalina.out' for reading: No such file or directory
    tail: no files remaining
    Last edited by lupin; 07-29-2010 at 01:48 AM. Reason: Merging

  9. #9
    Just burned his ISO
    Join Date
    Jul 2010
    Posts
    12

    Default Re: How to run webgoat 5.3 standard on BT4

    Quote Originally Posted by 50cent View Post
    hi i followd your steps and iam stuck here please help

    root@bt:~# p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

    7-Zip (A) 4.58 beta Copyright (c) 1999-2008 Igor Pavlov 2008-05-05
    p7zip Version 4.58 (locale=C,Utf16=off,HugeFiles=on,1 CPU)

    Processing archive: WebGoat-OWASP_Standard-5.3_RC1.7z

    Error: Can not open file as archive
    Without having done this tutorial, yet, my only assumption could be that you aren't in the directory where you saved the WebGoat-OWASP_Standard-5.3_RC1.7z file to.

  10. #10
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    17

    Default Re: How to run webgoat 5.3 standard on BT4

    Quote Originally Posted by pressf10 View Post
    hi all!

    after following the steps above i get this however there are those files and directories any idea? or tip how can i reinstall the whole thing? it is enough to del the directories?

    thanks for the answers

    root@bt:~# sh /pentest/web/webgoat/webgoat.sh start80
    chmod: cannot access `././tomcat/bin/*.sh': No such file or directory
    cp: cannot stat `./tomcat/conf/server_80.xml': No such file or directory
    /pentest/web/webgoat/webgoat.sh: line 39: ./tomcat/bin/startup.sh: No such file or directory

    Open http://127.0.0.1/WebGoat/attack
    Username: guest
    Password: guest
    Or try http://guest:guest@127.0.0.1/WebGoat/attack

    tail: cannot open `./tomcat/logs/catalina.out' for reading: No such file or directory
    tail: no files remaining
    Hi all, those of you who are experiencing similar problems as above is because you need to navigate to the correct directory before running the script. If you had followed the HOW-TO exactly you will have to navigate to the folder /pentest/web/webgoat and run the script like so:
    Code:
    root@bt:~# cd /pentest/web/webgoat
    root@bt:/pentest/web/webgoat# sh /pentest/web/webgoat/webgoat.sh start8080
    hope this solved some problems for newbies like myself i ran into the same stumble block being new to linux and all.
    Cheers happy BTing

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •