Skip to main content

Setting Up WebGoat on Windows

What is WebGoat?

 According to OWASP site: WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat.
There are other 'goats' such as WebGoat for .Net. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson.

There are many ways to setup WebGoat in your Windows machine:

  1. Using Docker 
  2. Standalone setup with Java
  3. Cloning it from the Github repository then compiling with Maven
In this tutorial, we will be setting up WebGoat with Java. So first, let's make sure that you have the following:
  1. Java installed in your system. You can download the latest version here.
  2. The WebGoat .jar file which can be downloaded from here. Make sure you get the latest one under the The OWASP WebGoat Release. At the time of writing this tutorial, I can download version 7.1.

Great! Now that we have the two prerequisites above, we can proceed with the setup.

1. Open you command prompt as an Administrator.
2. Open the directory where you put the webgoat .jar file you just downloaded in the terminal using CD command. In my case I saved it to Downloads folder so I am going to type:

cd %UserProfile%\Downloads

3. Now, you should be in the right directory. Type the following command:

java -jar webgoat-container-7.1-exec.jar

*webgoat-container-7.1-exec.jar is the filename of the downloaded .jar file

You can also add additional parameter to open webgoat in different port aside from 8080

java -jar webgoat-container-7.1-exec.jar --server.port=9090


4. Press Enter and let it initialize.
5. If you see the message below, you are good to go! You can now access WebGoat via 127.0.0.1:8080/WebGoat

*8080 since I didn't change the default port. You can change this with the --server.port parameter in case there are already services running on port 8080 in your machine.


Cheers!
Labels:

Popular posts from this blog

Importing Exploit-DB Exploits into Metasploit in Kali Linux for Offline Access

You're going to need three terminals open for this. Terminal 1 for starting metasploit Terminal 2 for importing the exploit to local Metasploit repository Terminal 3 for searchsploit which we will use to search for the exploit instead of opening your browser and looking in exploitdb. Let's be done with it! 1. First, open the first terminal to run metasploit with the following commands: > service postgresql start > msfconsole  2. Go to Terminal 3 and run the following command to update its database: > searchsploit -u 3. Open Terminal 2, then go to the metasploit modules directory by: > cd .msf4/modules 4. Then create a directory inside the msf4 modules folder: > mkdir exploits 5. Now, back to the Terminal 3. We will to search for an exploit we want to import. Let's first try to look for the explore ms15-100 by typing: > searchsploit msf15-100 After pressing Enter, you should be able to see the search result. It will be a t...
Read whole post

Using Termux in Android to Download Youtube Videos

In termux: apt update && apt upgrade Give termux access to your phone's filesystem via ~/storage/shared termux-setup-storage Install python: packages install python Install youtube-dl pip install youtube-dl Create a folder to store your downloaded videos: mkdir /data/data/com.termux/files/home/storage/shared/Youtube Create youtube-dl config (volume-down key emulates Ctrl in termux): nano ~/.config/youtube-dl/config The contents of my config is as follows: --no-mtime -o /data/data/com.termux/files/home/storage/shared/Youtube/%(title)s.%(ext)s -f "best[height<=480]" (the height<=480 tells youtube-dl to download the best quality version up to 480px in width. You can change to 240, 360, 720 or 1080, etc to suit your needs / bandwidth restrictions. Save with "Volume-down" + O, then close nano with "Vol-down" + X Create "termux-url-opener" in ~/bin to enable one-click download via the "Share" menu i...
Read whole post

Reset Local Admin Password / Add New User Account Without Logging In to Windows

You may need this tutorial for a number of different reasons. As for me -- a colleague left the company. His company-owned laptop having his Microsoft account as the only available user and we cannot recover his password. We needed his files so we cannot just reset the computer. So our only choice is to create a new local admin account and make sure this never happens again. Before we begin, please make sure that you have the DVD installer for your Windows OS. If you're all set, follow along the instructions below carefully: 1. Insert your Windows DVD into your DVD reader. 2. Boot from the DVD. You can do this by pressing the correct key while the computer is starting up. The key to press depends on the computer brand but it is commonly F2 or Esc . Please refer to this article . 3. Once you’re able to boot from the DVD, you will see the Windows Setup . It looks like this: 4. Now press Shift + F10 to bring up the Command Prompt. 5. Once the Command Prompt i...
Read whole post