Checkout SlayerLabs.com!
Networks Engineered to Exploit.
- Windows/UNIX - Domains/Subnets - Initial/Post/Lateral - Low Cost VPN Ranges -
Install WebGoat on Ubuntu 18.04
Checkout the Official OWASP Documentaiton first, and use this as a supplementary guide during install.
After a fresh install of Ubuntu Server 18.04 use sudo throughout the install or switch users to root and update.
sudo su -
apt update
Java Install
OWASP WebGoat 8 will need Java 11 installed. To install Java add the needed repo:
add-apt-repository ppa:linuxuprising/java
Then install Java 11:
apt install oracle-java11-installer
Now set Java 11 as the default version:
apt install oracle-java11-set-default
Verify Java version and $JAVA_HOME is set correctly:
java -version
echo $JAVA_HOME
WebGoat Install
Navigate to desired install location and download the latest release of webgoat
cd /opt
wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M23/webgoat-server-8.0.0.M23.jar
Set desired permissions and ownership:
chmod 755 webgoat-server-8.0.0.M23.jar
chown grace:grace webgoat-server-8.0.0.M23.jar
Exit out of your root shell to desired low priv user you’ll be running the service as.
If you’re running the app on a VM or would like to use a different non-default port make sure to set these when executing the app. Example:
# Use defaults - localhost and port 8080
java -jar webgoat-server-8.0.0.M23.jar
# Use port 8000 and ip 192.168.1.10
java -jar webgoat-server-8.0.0.M23.jar --server.port=8000 --server.address=192.168.1.10
Once the app is up and running, open a web browser and navigate to the WebGoat page: /WebGoat/
Going straight to the IP:port will give you a connection refused. Make sure the directory is included, case sensitive - ex: http://127.0.0.1:8080/WebGoat/
Register/Create a new user at the login page and you’re all set.