ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> BeeBox >> bWAPP v2.2 >> Current Page |Views: 19864

(bWAPP v2.2: Lesson 1)

{ Download and Prepare bWAPP Virtual Machine }


Section 0. Background Information
  1. What is bWAPP?
    • bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
    • bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
    • Special thanks goes to Malik Mesellem for creating such a wonderful application and environment. For more extensive training, please visit www.itsecgames.com.
    • By downloading and using this software, you agree to bWAPP's license terms.

  2. Lab Notes
    • In this lab we will do the following:
      1. Download bWAPP
      2. Configure Keyboard
      3. Configure Date and Time
      4. Verify bWAPP is working
     
  3. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

     

Section 1. Download 7-Zip (Pre-Requisite)
  1. Open a Command Prompt
    • Note(FYI):
      1. If 7-zip is already installed on your host system, then skip Section 1 and proceed to Section 2.
    • Instructions:
      1. Click the Start Button
      2. Type cmd in the search box
      3. Click the cmd icon

     

  2. Determine System Type
    • Instructions:
      1. systeminfo | find "System Type:"
    • Note(FYI):
      1. x64 - 64 Bit Operating System
      2. x86 - 32 Bit Operating System

     

  3. Open Firefox
    • Instructions:
      1. Click the Start Button
      2. Type firefox in the search box
      3. Click the firefox icon

     

  4. Save Files Configuration Location
    • Instructions:
      1. Tools --> Options
      2. Click the General Tab
      3. Click the radio button Always ask me where to save files
      4. Click the OK button

     

  5. Start 7-Zip Download
    • Instructions:
      1. http://www.7-zip.org
      2. Click Download
      3. Click the Save File Button
    • Note(FYI):
      1. Use Section 1, Step 2 to determine if you should download the 32-bit or 64-bit version.

     

  6. Save 7-Zip
    • Instructions:
      1. Navigate to C:\temp
      2. Click the Save Button

     

  7. Open Executable File
    • Instructions:
      1. Tools --> Download
      2. Double Click on 7z*.msi file
      3. Click the OK Button

     

  8. Open Executable File
    • Instructions:
      1. Click the Run Button

     

  9. 7-Zip Setup Wizard
    • Instructions:
      1. Click the Next Button

     

  10. 7-Zip EULA
    • Instructions:
      1. Check I Accept...
      2. Click the Next Button

     

  11. 7-Zip Custom Setup
    • Instructions:
      1. Click the Next Button

     

  12. 7-Zip Installation
    • Instructions:
      1. Click the Install Button

     

  13. 7-Zip Completion
    • Instructions:
      1. Click the Finish Button

     

Section 2. Download bWAPP VM
  1. Download Windows bWAPP

     

  2. Download Location
    • Instructions:
      1. Navigate to your preferred download directory
        • In my case, E:\VMs\bWAPP
      2. Click the Save Button

     

  3. Go To Downloads Folder (Part 1)
    • Instructions:
      1. Tools --> Downloads

     

  4. Go To Downloads Folder (Part 2)
    • Instructions:
      1. Right Click on bee-box_v1.6.7z
      2. Open Containing Folder

     

  5. Extract Files
    • Instructions:
      1. Right Click on bee-box_v1.6
      2. Select 7-Zip
      3. Extract Here

     

  6. Extract Process
    • Note(FYI):
      1. The Extraction Process will take between 2 to 5 minutes.
      2. Continue to Next Step after the extraction completes.

 

Section 3. Create a New Virtual Machine
  1. Open VMware Player on your windows machine.
    • Instructions:
      1. Click the Start Button
      2. Type "vmware player" in the search box
      3. Click on VMware Player

     

  2. Create a New Virtual Machine. (See Below)
    • Instructions:
      1. Click on Open a Virtual Machine

     

  3. Open Virtual Machine
    • Instructions:
      1. Navigate To Extracted Virtual Machine Location
        • In my case, the directory was E:\VMs\bWAPP\bee-box_v1.6\bee-box
      2. Click bee-box
      3. Click the Open Button

     

  4. Configure Memory Settings
    • Instructions:
      1. Click on Memory
      2. Select 512 MB
    • Note(FYI):
      1. Do not click the OK button

     

  5. Configure CD/DVD Drive (Part 1)
    • Instructions:
      1. Click the Add... Button
      2. Click on CD/DVD Drive
      3. Click the Next Button
    • Note(FYI):
      1. The CD/DVD Drive is necessary for VM Tools updates.

     

  6. Configure CD/DVD Drive (Part 2)
    • Instructions:
      1. Click radio button Use Physical Drive
      2. Click the Next Button

     

  7. Configure CD/DVD Drive (Part 3)
    • Instructions:
      1. Physical drive: Auto detect
      2. Device status: Check Connect at power on
      3. Click the Finish Button

     

  8. Configure Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Device Status: Check Connect at power on
      3. Click the Bridged radio button
      4. Click the OK Button

 

Section 4. Play bee-box v1.6
  1. Play Virtual Machine
    • Instructions:
      1. Click on bee-box v1.6
      2. Click on Play virtual machine

     

  2. GRUB Loading Screen
    • Note(FYI):
      1. You will see the GRUB loading screen
      2. This can be used to hack the root password if you ever lose it.
     
  3. Ubuntu Loading Screen
    • Note(FYI):
      1. You will see an ubuntu loading screen

 

Section 5. Configure Keyboard Layout
  1. Configure Keyboard (Part 1)
    • Note(FYI):
      1. This step is not necessary if you speak Dutch, because the Keyboard is already set to Belgium.
    • Instructions:
      1. System --> Preferences --> Keyboard

     

  2. Choose a Layout (Part 2)
    • Instructions:
      1. Click the Add... button
      2. Layouts: USA
      3. Variants: Default
      4. Click the Add button

     

  3. Set Default Layout (Part 3)
    • Instructions:
      1. Click the USA default radio button

     

  4. Remove Belgium (Part 4)
    • Instructions:
      1. Click Belgium Radio Button
      2. Click the Remove Button
      3. Click the Close Button

 

Section 6. Configure Date and Time
  1. Configure Time and Date
    • Instructions:
      1. System --> Administration --> Time and Date

     

  2. Configure Time and Date Settings
    • Instructions:
      1. Click the Unlock Button

     

  3. Authenticate
    • Instructions:
      1. Password for bee: bug
      2. Click the Authenticate Button

     

  4. Configure Time and Date Settings
    • Instructions:
      1. Time zone: Click the downdrop menu

     

  5. Time zone
    • Instructions:
      1. Time zone: Select your preferred timezone
      2. Click the Close Button

     

  6. Configure Time and Date Settings
    • Instructions:
      1. Click the Close Button

     

Section 7. Open bWAPP
  1. Open bWAPP
    • Instructions:
      1. Click the bWAPP - Start icon

     

  2. Login to bWAPP
    • Instructions:
      1. Login: bee
      2. Password: bug
      3. Set the security level: low
      4. Click the Login Button

     

  3. Display bWAPP Lessons
    • Note(FYI):
      1. Clicking on the bWAPP downdrop menu will display all the Hack Lessons.

 

Section 9. Proof of Lab
  1. Open Terminal Window
    • Instructions:
      1. Click the Terminal Window Icon

     

  2. Proof of Lab
    • Instructions:
      1. ps -eaf | grep apache2 | grep -v grep | wc -l
      2. ps -eaf | grep mysql | grep -v grep | wc -l
      3. echo "select * from bWAPP.users;" | mysql -uroot -pbug
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle

 

Section 10. Shutdown bee-box
  1. Poweroff Machine
    • Instructions:
      1. sudo su -
      2. [sudo] password for bee: bug
      3. poweroff

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth