WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WARNING 1:  While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program.  WebGoat’s default configuration binds to localhost to minimize the exposure.

WARNING 2:  This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

WebGoat Shooting Range vulnerability environment build Jar version

The project address

Github.com/WebGoat/Web…

Environment description

Linux: Ubuntu 16.04.6 LTS

Java version: JDK-13.0.2

WebGoat: WebGoat – server – 8.0.0. M26

Environmental WebGoat

1. Update the source

sudo -i
apt-get update && apt-get clean
apt install -y curl git
Copy the code

2. Install the Java environment on Ubuntu

Tar -xvf jdk-13.0.2_linux-x64_bin.tar.gz # decompress sudo mv jdk-13.0.2 /usr/bin/java13_64 # to the installation location
#Configure the Java environment variables of ubuntu for the current user
vim ~/.bashrc 
#Add the following lines
#java env begin
export  JAVA_HOME=/usr/bin/java13_64
export  CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export  PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end

source ~/.bashrc
java --version
javac --version

#Configure Java environment variables for user root
sudo -i
vim ~/.bashrc 
#Add the following lines
#java env begin
export  JAVA_HOME=/usr/bin/java13_64
export  CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export  PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end

source ~/.bashrc
java --version
javac --version
Copy the code

Run the WebGoat

Java-jar webgoat-server-8.0.0.m26.jar --server.port=8080 --server.address=0.0.0.0Copy the code

Use NOhup if you need to run in the background

Nohup java-jar webgoat- server-8.0.0.m26.jar --server.address= 0.0.0.0&Copy the code

The latest version of WebGoat needs Java 11. By default WebGoat starts on port 8080 with –server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)

Visit the WebGoat

Make sure WebGoat is running correctly before logging in. Go to http://IP:8080/WebGoat (note the case of WebGoat) and click the “Register New User” link under the login button to Register a user.

Then log in.

Since the rev WebGoat

1. Start the script

vim /usr/local/webgoat/startwebgoat.sh
Copy the code
#! /bin/shSleep 30 nohup Java jar/usr/local/the webgoat/webgoat - server - 8.0.0. M25. Jar - server port = 8080 -- server. The address = 0.0.0.0 & Sleep 60 nohup Java jar/usr/local/webgoat/webwolf - 8.0.0. M25. Jar - server port = 9090 -- server. The address = 0.0.0.0 &Copy the code

2. It starts after startup

cp /usr/local/webgoat/startwebgoat.sh /etc/init.d/
chmod 755 /etc/init.d/startwebgoat.sh
cd /etc/init.d/
update-rc.d startwebgoat.sh defaults 95
Copy the code

Their thinking

From freebuf

Project description

Webgoat Docker Image Release 8.0 Webgoat

Read more

WEBGOAT – 1 WEBGOAT 8 Install, configure, and use tutorial (CentOS) Ubuntu Install Java SE 13.0.2