We can't directly attack any web application without proper legal permission. That will consider as a crime.
If we do not practice our penetration testing skills then we can't improve our skills. So we need a place where we can test our attacks and run our tools.
The place is our home. Home is 127.0.0.1. Our localhost. We can do any activity here.
Previously we have installed Damn Vulnerable Web Application in our localhost. Today we are going to set bWAPP (Buggy Web App) in our Kali Linux machine.
bWAPP is extremely buggy. It is free and open-source. It helps students to test their skills, professionals run their tools in a safe environment. bWAPP has over 100+ web vulnerabilities.
first we need to download bWAPP from here.
Then we open our terminal and change our directory to Downloads because there we have our downloaded zip file.
Now we unzip the zip file in directly in our apache web folder using following command:-
If it prompt for the password then we type our password and press Enter.
Then it will extract the zip file in our apache web folder.
To check our apache web folder we go to the directory:-
Then we run ls to check the files here.
In the above screenshot we can see a folder named bWAPP, and we change the permission of that folder using following command:-
Now we start our required services applying following commands:-
Those commands will start Apache and mySQL services.
Then we configure the settings for mySQL. We run following command to go to the admin directory:-
Now we change the settings.php file using a text editor.
Now we change database connection settings.
Here we have changed the username to user and password to pass. Then we save and close it.
Now let's login to mysql using following command:-
Now to setup a database, we start with creating a new user by applying following command:-
Here using this command we are creating a user called 'user' running server on localhost and the password is 'pass'. Remember that this username and password should exactly same as the password and username we have entered in the configuration file bWAPP.
In the screenshot we can see the query is OK. That means the user is created.
Then we grant this user all the privileges over the database. For that we type following command:-
Then we open our browser and navigate to localhost/bWAPP/install.php
Here we click for install it. If the configuration is perfect then it should successfully install.
Then we go to login page clicking on the menu bar.
The default username is bee and the default password is bug. Using those we click on login with low security level.
YES, it is done.
We have logged in bWAPP portal with low security level. We can change the default password, create new user from the main menu. We can choose a bug for our practice testing from the menu.
To re-open it we should start apache2 and mySQL services and navigate to http://localhost/bWAPP/ from browser.
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP top 10 project!
It is for security testing and educational purpose only.
Which bug do you want to hack today ? We are curious to know comment down please.
For more tutorials on Kali Linux and cyber security follow us on blogger and for updates follow us on Twitter and Medium.
If we do not practice our penetration testing skills then we can't improve our skills. So we need a place where we can test our attacks and run our tools.
The place is our home. Home is 127.0.0.1. Our localhost. We can do any activity here.
Previously we have installed Damn Vulnerable Web Application in our localhost. Today we are going to set bWAPP (Buggy Web App) in our Kali Linux machine.
bWAPP is extremely buggy. It is free and open-source. It helps students to test their skills, professionals run their tools in a safe environment. bWAPP has over 100+ web vulnerabilities.
first we need to download bWAPP from here.
 |
| bWAPP download from sourceforge |
Now we unzip the zip file in directly in our apache web folder using following command:-
If it prompt for the password then we type our password and press Enter.
Then it will extract the zip file in our apache web folder.
 |
| Here we extract bWAPP in apache web folder |
Then we run ls to check the files here.
In the above screenshot we can see a folder named bWAPP, and we change the permission of that folder using following command:-
Now we start our required services applying following commands:-
Those commands will start Apache and mySQL services.
Then we configure the settings for mySQL. We run following command to go to the admin directory:-
Now we change the settings.php file using a text editor.
Now we change database connection settings.
Here we have changed the username to user and password to pass. Then we save and close it.
Now let's login to mysql using following command:-
Now to setup a database, we start with creating a new user by applying following command:-
Here using this command we are creating a user called 'user' running server on localhost and the password is 'pass'. Remember that this username and password should exactly same as the password and username we have entered in the configuration file bWAPP.
In the screenshot we can see the query is OK. That means the user is created.
Then we grant this user all the privileges over the database. For that we type following command:-
Then we open our browser and navigate to localhost/bWAPP/install.php
Here we click for install it. If the configuration is perfect then it should successfully install.
The default username is bee and the default password is bug. Using those we click on login with low security level.
 |
| Successfully Installed |
YES, it is done.
We have logged in bWAPP portal with low security level. We can change the default password, create new user from the main menu. We can choose a bug for our practice testing from the menu.
To re-open it we should start apache2 and mySQL services and navigate to http://localhost/bWAPP/ from browser.
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP top 10 project!
It is for security testing and educational purpose only.
Which bug do you want to hack today ? We are curious to know comment down please.
For more tutorials on Kali Linux and cyber security follow us on blogger and for updates follow us on Twitter and Medium.