Thursday, November 20, 2014

WebGoat install video with Mr. Boettcher!


My man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application!

He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found.  And to make it even easier, he's given you some instructions below.

Hope you enjoy, especially if you've had issues setting up WebGoat in the past.

 

 

Webgoat 5.4 instructions
========================
1. search google and download the war file

            (From Bryan: Here's the link -- https://code.google.com/p/webgoat/downloads/list )


2. install tomcat
    sudo apt-get install tomcat7
3. move the war file to tomcat webapp directory
    sudo mv ~/Downloads/WebGoat-5.4.war /var/lib/tomcat7/webapps/WebGoat.war
4. edit tomcat-users.xml by adding the content below
    sudo vi /var/lib/tomcat7/conf/tomcat-users.xml
5. restart tomcat
        sudo /etc/init.d/tomcat7 restart
6. in your browser, type localhost:8080/WebGoat/attack

<role rolename="webgoat_basic"/>
<role rolename="webgoat_user"/>
<role rolename="webgoat_admin"/>
<user username="basic" password="basic" roles="webgoat_basic,webgoat_user"/>
<user username="guest" password="guest" roles="webgoat_user"/>
<user username="webgoat" password="webgoat" roles="webgoat_admin"/>
<user username="admin" password="admin" roles="webgoat_admin"/>


Here is a new episode of Brakeing Down Security!

No comments: