WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.
WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.
WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.
WebGoat Shooting Range vulnerability environment build Jar version
The project address
Github.com/WebGoat/Web…
Environment description
Linux: Ubuntu 16.04.6 LTS
Java version: JDK-13.0.2
WebGoat: WebGoat – server – 8.0.0. M26
Environmental WebGoat
1. Update the source
sudo -i
apt-get update && apt-get clean
apt install -y curl git
Copy the code
2. Install the Java environment on Ubuntu
Tar -xvf jdk-13.0.2_linux-x64_bin.tar.gz # decompress sudo mv jdk-13.0.2 /usr/bin/java13_64 # to the installation location
#Configure the Java environment variables of ubuntu for the current user
vim ~/.bashrc
#Add the following lines
#java env begin
export JAVA_HOME=/usr/bin/java13_64
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end
source ~/.bashrc
java --version
javac --version
#Configure Java environment variables for user root
sudo -i
vim ~/.bashrc
#Add the following lines
#java env begin
export JAVA_HOME=/usr/bin/java13_64
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end
source ~/.bashrc
java --version
javac --version
Copy the code
Run the WebGoat
Java-jar webgoat-server-8.0.0.m26.jar --server.port=8080 --server.address=0.0.0.0Copy the code
Use NOhup if you need to run in the background
Nohup java-jar webgoat- server-8.0.0.m26.jar --server.address= 0.0.0.0&Copy the code
The latest version of WebGoat needs Java 11. By default WebGoat starts on port 8080 with –server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)
Visit the WebGoat
Make sure WebGoat is running correctly before logging in. Go to http://IP:8080/WebGoat (note the case of WebGoat) and click the “Register New User” link under the login button to Register a user.
Then log in.
Since the rev WebGoat
1. Start the script
vim /usr/local/webgoat/startwebgoat.sh
Copy the code
#! /bin/shSleep 30 nohup Java jar/usr/local/the webgoat/webgoat - server - 8.0.0. M25. Jar - server port = 8080 -- server. The address = 0.0.0.0 & Sleep 60 nohup Java jar/usr/local/webgoat/webwolf - 8.0.0. M25. Jar - server port = 9090 -- server. The address = 0.0.0.0 &Copy the code
2. It starts after startup
cp /usr/local/webgoat/startwebgoat.sh /etc/init.d/
chmod 755 /etc/init.d/startwebgoat.sh
cd /etc/init.d/
update-rc.d startwebgoat.sh defaults 95
Copy the code
Their thinking
From freebuf
Project description
Webgoat Docker Image Release 8.0 Webgoat
Read more
WEBGOAT – 1 WEBGOAT 8 Install, configure, and use tutorial (CentOS) Ubuntu Install Java SE 13.0.2