Sunday, January 20, 2013

bWAPP - Samurai WTF

In one of the the previous articles I described the necessary steps to install bWAPP or a buggy web application. That was pretty easy.

In this article I will demonstrate the installation and configuration of bWAPP on the Samurai Web Testing Framework.

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web penetration testing environment. The image contains the best of the open source and free tools that focus on testing and attacking websites.


Once you have booted Samurai WTF you can copy the bWAPP tar file to the desktop.
Extract it from here. A new directory 'bWAPP' will be created.
cd /home/samurai/Desktop/

Move the directory 'bWAPP' and its entire content to the folder '/var/www'. You need root privileges!
sudo su
mv /home/samurai/Desktop/bWAPP /var/www

Edit the file 'admin/settings.php'. Use the Samurai MySQL settings.
You need to change the password to 'samurai'. Yes... the password of the MySQL root user on Samurai is actually 'samurai'.

Browse to the file 'install.php' in the directory 'bWAPP'. Click 'here'.
The database 'bWAPP' will be created and populated.

Go to the login page. You can login with the default credentials (bee/bug) or you can make a new user. It's up to you!

You are ready to explore and exploit the bee!
Choose your favorite bug and a security level (low - medium - high).

If you have questions or if you want to help me with this project, don't hesitate to contact me! I speak human...



Malik Mesellem