Back to Posts

WebGoat 8 Install

Posted in Pentesting

Networks Engineered to Exploit.
- Windows/UNIX - Domains/Subnets - Initial/Post/Lateral - Low Cost VPN Ranges -

Install WebGoat on Ubuntu 18.04

Checkout the Official OWASP Documentaiton first, and use this as a supplementary guide during install.

After a fresh install of Ubuntu Server 18.04 use sudo throughout the install or switch users to root and update.

sudo su -
apt update

Java Install

OWASP WebGoat 8 will need Java 11 installed. To install Java add the needed repo:

add-apt-repository ppa:linuxuprising/java

Then install Java 11:

apt install oracle-java11-installer

Now set Java 11 as the default version:

apt install oracle-java11-set-default

Verify Java version and $JAVA_HOME is set correctly:

java -version

WebGoat Install

Navigate to desired install location and download the latest release of webgoat

cd /opt

Set desired permissions and ownership:

chmod 755 webgoat-server-8.0.0.M23.jar
chown grace:grace webgoat-server-8.0.0.M23.jar

Exit out of your root shell to desired low priv user you’ll be running the service as.

If you’re running the app on a VM or would like to use a different non-default port make sure to set these when executing the app. Example:

# Use defaults - localhost and port 8080
java -jar webgoat-server-8.0.0.M23.jar

# Use port 8000 and ip 
java -jar webgoat-server-8.0.0.M23.jar --server.port=8000 --server.address=

Once the app is up and running, open a web browser and navigate to the WebGoat page: /WebGoat/

Going straight to the IP:port will give you a connection refused. Make sure the directory is included, case sensitive - ex:

Register/Create a new user at the login page and you’re all set.

Custom Cyber Ranges >>

Read Next

Proxmox Storage