Dr AnonyMous - Setup bWAPP in Kali Linux | Extremely Buggy Web Application

Dr Anonymous 

Setup bWAPP in Kali Linux | Extremely Buggy Web Application

 

We can't directly attack any web application without proper legal permission. That will consider as a crime.

If we do not practice our penetration testing skills then we can't improve our skills. So we need a place where we can test our attacks and run our tools. The place is our home. Home is 127.0.0.1. Our localhost. We can do any activity here.

Previously we have installed Damn Vulnerable Web Application in our localhost. Today we are going to set bWAPP (Buggy Web App) in our Kali Linux machine.

Setup bWAPP in Kali Linux | Extremely Buggy Web Application

bWAPP is extremely buggy. It is free and open-source. It helps students to test their skills, professionals run their tools in a safe environment. bWAPP has over 100+ web vulnerabilities.

first we need to download bWAPP from here.

bWAPP download from sourceforge
bWAPP download from sourceforge
Then we open our terminal and change our directory to Downloads because there we have our downloaded zip file.

cd Downloads

Now we unzip the zip file in directly in our apache web folder using following command:-

sudo unzip -d /var/www/html bWAPP_latest.zip
If it prompt for the password then we type our password and press Enter.
Then it will extract the zip file in our apache web folder.

extract bWAPP in apache web folder
Here we extract bWAPP in apache web folder
 To check our apache web folder we go to the directory:-

cd /var/www/html
Then we run ls to check the files here.

ls

bWAPP in apache folder

In the above screenshot we can see a folder named bWAPP, and we change the permission of that folder using following command:-

sudo chmod -R 777 bWAPP
Now we start our required services applying following commands:-

sudo service apache2 start

sudo service mysql start
Those commands will start Apache and mySQL services.

starting apache2 and mysql

Then we configure the settings for mySQL. We run following command to go to the admin directory:-

cd bWAPP/admin
Now we change the settings.php file using a text editor.

sudo mousepad settings.php
configuring settings.php


Now we change database connection settings.


Here we have changed the username to user and password to pass. Then we save and close it.

Now let's login to mysql using following command:-


sudo mysql
Now to setup a database, we start with creating a new user by applying following command:-


create user 'user'@'localhost' identified by 'pass';
Here using this command we are creating a user called 'user' running server on localhost and the password is 'pass'. Remember that this username and password should exactly same as the password and username we have entered in the configuration file bWAPP.

creating new user in sql database

In the screenshot we can see the query is OK. That means the user is created.

Then we grant this user all the privileges over the database. For that we type following command:-


grant all privileges on bWAPP.* to 'user'@'localhost' identified by 'pass';

granting all permissions in database


Then we open our browser and navigate to localhost/bWAPP/install.php

bWAPP installation page


Here we click for install it. If the configuration is perfect then it should successfully install.
bWAPP sucessfully installed

Then we go to login page clicking on the menu bar.

bWAPP login page

The default username is bee and the default password is bug. Using those we click on login with low security level.

installed bWAPP in our Kali Linux
Successfully Installed


YES, it is done.

We have logged in bWAPP portal with low security level. We can change the default password, create new user from the main menu. We can choose a bug for our practice testing from the menu.

To re-open it we should start apache2 and mySQL services and navigate to http://localhost/bWAPP/  from browser.


bWAPP covers all major known web vulnerabilities, including all risks from the OWASP top 10 project!

It is for security testing and educational purpose only.

Which bug do you want to hack today ? We are curious to know comment down please.

Post a Comment

Previous Post Next Post