ComputerSecurityStudent (CSS)

[Login]

[Join Now]

|SECURITY TOOLS >> BeeBox >> bWAPP v2.2 >> Current Page

|Views: 65631

(bWAPP v2.2: Lesson 1)

{ Download and Prepare bWAPP Virtual Machine }

Section 0. Background Information

What is bWAPP?
- bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
- bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
- Special thanks goes to Malik Mesellem for creating such a wonderful application and environment. For more extensive training, please visit www.itsecgames.com.
- By downloading and using this software, you agree to bWAPP's license terms.
Lab Notes
- In this lab we will do the following:
  1. Download bWAPP
  2. Configure Keyboard
  3. Configure Date and Time
  4. Verify bWAPP is working
Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2015 No content replication of any kind is allowed without express written permission.

Section 1. Download 7-Zip (Pre-Requisite)

Open a Command Prompt
- Note(FYI):
  1. If 7-zip is already installed on your host system, then skip Section 1 and proceed to Section 2.
- Instructions:
  1. Click the Start Button
  2. Type cmd in the search box
  3. Click the cmd icon
Determine System Type
- Instructions:
  1. systeminfo | find "System Type:"
- Note(FYI):
  1. x64 - 64 Bit Operating System
  2. x86 - 32 Bit Operating System
Open Firefox
- Instructions:
  1. Click the Start Button
  2. Type firefox in the search box
  3. Click the firefox icon
Save Files Configuration Location
- Instructions:
  1. Tools --> Options
  2. Click the General Tab
  3. Click the radio button Always ask me where to save files
  4. Click the OK button
Start 7-Zip Download
- Instructions:
  1. http://www.7-zip.org
  2. Click Download
  3. Click the Save File Button
- Note(FYI):
  1. Use Section 1, Step 2 to determine if you should download the 32-bit or 64-bit version.
Save 7-Zip
- Instructions:
  1. Navigate to C:\temp
  2. Click the Save Button
Open Executable File
- Instructions:
  1. Tools --> Download
  2. Double Click on 7z*.msi file
  3. Click the OK Button
Open Executable File
- Instructions:
  1. Click the Run Button
7-Zip Setup Wizard
- Instructions:
  1. Click the Next Button
7-Zip EULA
- Instructions:
  1. Check I Accept...
  2. Click the Next Button
7-Zip Custom Setup
- Instructions:
  1. Click the Next Button
7-Zip Installation
- Instructions:
  1. Click the Install Button
7-Zip Completion
- Instructions:
  1. Click the Finish Button

Section 2. Download bWAPP VM

Download Windows bWAPP
- Instructions:
  1. http://sourceforge.net/projects/bwapp/files/bee-box/bee-box_v1.6.7z/download
  2. Click direct link
  3. Select VMware Player for Windows
  4. Click the Save File Radio button
  5. Click the OK Button
Download Location
- Instructions:
  1. Navigate to your preferred download directory
    - In my case, E:\VMs\bWAPP
  2. Click the Save Button
Go To Downloads Folder (Part 1)
- Instructions:
  1. Tools --> Downloads
Go To Downloads Folder (Part 2)
- Instructions:
  1. Right Click on bee-box_v1.6.7z
  2. Open Containing Folder
Extract Files
- Instructions:
  1. Right Click on bee-box_v1.6
  2. Select 7-Zip
  3. Extract Here
Extract Process
- Note(FYI):
  1. The Extraction Process will take between 2 to 5 minutes.
  2. Continue to Next Step after the extraction completes.

Section 3. Create a New Virtual Machine

Open VMware Player on your windows machine.
- Instructions:
  1. Click the Start Button
  2. Type "vmware player" in the search box
  3. Click on VMware Player
Create a New Virtual Machine. (See Below)
- Instructions:
  1. Click on Open a Virtual Machine
Open Virtual Machine
- Instructions:
  1. Navigate To Extracted Virtual Machine Location
    - In my case, the directory was E:\VMs\bWAPP\bee-box_v1.6\bee-box
  2. Click bee-box
  3. Click the Open Button
Configure Memory Settings
- Instructions:
  1. Click on Memory
  2. Select 512 MB
- Note(FYI):
  1. Do not click the OK button
Configure CD/DVD Drive (Part 1)
- Instructions:
  1. Click the Add... Button
  2. Click on CD/DVD Drive
  3. Click the Next Button
- Note(FYI):
  1. The CD/DVD Drive is necessary for VM Tools updates.
Configure CD/DVD Drive (Part 2)
- Instructions:
  1. Click radio button Use Physical Drive
  2. Click the Next Button
Configure CD/DVD Drive (Part 3)
- Instructions:
  1. Physical drive: Auto detect
  2. Device status: Check Connect at power on
  3. Click the Finish Button
Configure Network Adapter
- Instructions:
  1. Click on Network Adapter
  2. Device Status: Check Connect at power on
  3. Click the Bridged radio button
  4. Click the OK Button

Section 4. Play bee-box v1.6

Play Virtual Machine
- Instructions:
  1. Click on bee-box v1.6
  2. Click on Play virtual machine
GRUB Loading Screen
- Note(FYI):
  1. You will see the GRUB loading screen
  2. This can be used to hack the root password if you ever lose it.
Ubuntu Loading Screen
- Note(FYI):
  1. You will see an ubuntu loading screen

Section 5. Configure Keyboard Layout

Configure Keyboard (Part 1)
- Note(FYI):
  1. This step is not necessary if you speak Dutch, because the Keyboard is already set to Belgium.
- Instructions:
  1. System --> Preferences --> Keyboard
Choose a Layout (Part 2)
- Instructions:
  1. Click the Add... button
  2. Layouts: USA
  3. Variants: Default
  4. Click the Add button
Set Default Layout (Part 3)
- Instructions:
  1. Click the USA default radio button
Remove Belgium (Part 4)
- Instructions:
  1. Click Belgium Radio Button
  2. Click the Remove Button
  3. Click the Close Button

Section 6. Configure Date and Time

Configure Time and Date
- Instructions:
  1. System --> Administration --> Time and Date
Configure Time and Date Settings
- Instructions:
  1. Click the Unlock Button
Authenticate
- Instructions:
  1. Password for bee: bug
  2. Click the Authenticate Button
Configure Time and Date Settings
- Instructions:
  1. Time zone: Click the downdrop menu
Time zone
- Instructions:
  1. Time zone: Select your preferred timezone
  2. Click the Close Button
Configure Time and Date Settings
- Instructions:
  1. Click the Close Button

Section 7. Open bWAPP

Open bWAPP
- Instructions:
  1. Click the bWAPP - Start icon
Login to bWAPP
- Instructions:
  1. Login: bee
  2. Password: bug
  3. Set the security level: low
  4. Click the Login Button
Display bWAPP Lessons
- Note(FYI):
  1. Clicking on the bWAPP downdrop menu will display all the Hack Lessons.

Section 9. Proof of Lab

Open Terminal Window
- Instructions:
  1. Click the Terminal Window Icon
Proof of Lab
- Instructions:
  1. ps -eaf | grep apache2 | grep -v grep | wc -l
  2. ps -eaf | grep mysql | grep -v grep | wc -l
  3. echo "select * from bWAPP.users;" | mysql -uroot -pbug
  4. date
  5. echo "Your Name"
    - Put in your actual name in place of "Your Name"
    - e.g., echo "John Gray"
- Proof of Lab Instructions
  1. Press the <Ctrl> and <Alt> key at the same time.
  2. Press the <PrtScn> key.
  3. Paste into a word document
  4. Upload to Moodle

Section 10. Shutdown bee-box

Poweroff Machine
- Instructions:
  1. sudo su -
  2. [sudo] password for bee: bug
  3. poweroff