Saturday, July 27, 2013

HOWTO : WebGoat 5.4 on Ubuntu Server 12.04 LTS

Step 1 :

Install Ubuntu Server 12.04 LTS as usual. Select OpenSSH server and Tomcat Server at the end of the installer.

Step 2 :

Download the WebGoat 5.4.

wget http://webgoat.googlecode.com/files/WebGoat-5.4.war

Step 3 :

Copy the WebGoat.war to the Tomcat directory.

mv WebGoat-5.4.war WebGoat.war
sudo cp WebGoat.war /var/lib/tomcat6/webapps/


Step 4 :

Edit the tomcat-users.xml for the WebGoat 5.4.

sudo nano /etc/tomcat6/tomcat-users.xml

Insert the following before </tomcat-users> tag :

<role rolename="webgoat_basic"/>
<role rolename="webgoat_admin"/>
<role rolename="webgoat_user"/>
<role rolename="tomcat"/>
<user password="webgoat" roles="webgoat_admin" username="webgoat"/>
<user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
<user password="tomcat" roles="tomcat" username="tomcat"/>
<user password="guest" roles="webgoat_user" username="guest"/>


Step 5 :

Restart Tomcat.

sudo /etc/init.d/tomcat6 restart

Step 6 :

Open a browser (e.g. Firefox) and point to the WebGoat (e.g. 192.168.56.102).

http://192.168.56.102:8080/WebGoat/attack

Enter the username and password for both as "guest".

Tutorial

OWASP WebGoat v5.4 Web Hacking Simulation WalkThrough Series

That's all! See you.