Back to Posts

WebGoat 8 Install

Posted in Pentesting

 Checkout SlayerLabs.com!
Networks Engineered to Exploit.
- Windows/UNIX - Domains/Subnets - Initial/Post/Lateral - Low Cost VPN Ranges -


Install WebGoat on Ubuntu 18.04

Checkout the Official OWASP Documentaiton first, and use this as a supplementary guide during install.

After a fresh install of Ubuntu Server 18.04 use sudo throughout the install or switch users to root and update.

sudo su -
apt update


Java Install

OWASP WebGoat 8 will need Java 11 installed. To install Java add the needed repo:

add-apt-repository ppa:linuxuprising/java


Then install Java 11:

apt install oracle-java11-installer


Now set Java 11 as the default version:

apt install oracle-java11-set-default


Verify Java version and $JAVA_HOME is set correctly:

java -version
echo $JAVA_HOME


WebGoat Install

Navigate to desired install location and download the latest release of webgoat

cd /opt
wget https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M23/webgoat-server-8.0.0.M23.jar


Set desired permissions and ownership:

chmod 755 webgoat-server-8.0.0.M23.jar
chown grace:grace webgoat-server-8.0.0.M23.jar


Exit out of your root shell to desired low priv user you’ll be running the service as.

If you’re running the app on a VM or would like to use a different non-default port make sure to set these when executing the app. Example:

# Use defaults - localhost and port 8080
java -jar webgoat-server-8.0.0.M23.jar

# Use port 8000 and ip 192.168.1.10 
java -jar webgoat-server-8.0.0.M23.jar --server.port=8000 --server.address=192.168.1.10


Once the app is up and running, open a web browser and navigate to the WebGoat page: /WebGoat/

Going straight to the IP:port will give you a connection refused. Make sure the directory is included, case sensitive - ex: http://127.0.0.1:8080/WebGoat/

Register/Create a new user at the login page and you’re all set.

Custom Cyber Ranges >>

https://slayerlabs.com

Read Next

Proxmox Storage