Results 1 to 10 of 10

Thread: How to run webgoat 5.3 standard on BT4

Threaded View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    10

    Default How to run webgoat 5.3 standard on BT4

    hi all,

    this is not a real howto but some hints to let you play with WebGoat in BT4.

    First download webgoat from this link and visit the OWASP WebGoat pages for more info about WebGoat.

    Next you have to install p7zip to extract the archive, you can do this with the apt package manager from console running

    apt-get install p7zip

    and then extract the archive using

    p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

    You can leave it in your root folder but if you like "clean desktops" move it inside /pentest/web/webgoat, you can do this from terminal with

    mkdir /pentest/web/webgoat
    mv WebGoat-5.3_RC1/* /pentest/web/webgoat


    now make /pentest/web/webgoat/webgoat.sh executable with

    chmod +x /pentest/web/webgoat/webgoat.sh

    and then install openjdk-6-jre and openjdk-6-jdk with apt:

    apt-get install openjdk-6-jre openjdk-6-jdk

    Now you can run webgoat on port 80 or 8080 running

    sh /pentest/web/webgoat/webgoat.sh start80 or sh /pentest/web/webgoat/webgoat.sh start8080

    and to stop tomcat and webgoat use

    sh /pentest/web/webgoat/webgoat.sh stop

    Open up firefox and connect to http://127.0.0.1/webgoat/attack or http://127.0.0.1:8080/webgoat/attack according to the port you use to run tomcat. the username and password are both guest.

    OWASP provide some intresting readings, you can find them on OWASP wiki and on the books page.

    Hope this helps noobs like me who want to learn something about webapp security.

    bye
    Last edited by n0x|2m; 01-23-2010 at 07:43 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •