Skip to main content

Web Pentest Lab Setup using bWAPP in Windows 10

bWAPP, or a buggy web application, is a deliberately insecure web application. It helps security enthusiasts, systems engineers, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful web application penetration testing and ethical hacking projects. It is made for educational purposes.
Some of the vulnerabilities included in bWAPP:
  • SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP and SMTP injections
  • Blind SQL and Blind OS Command injection
  • Bash Shellshock (CGI) and Heartbleed vulnerability (OpenSSL)
  • Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
  • Cross-Site Request Forgery (CSRF)
  • AJAX and Web Services vulnerabilities (JSON/XML/SOAP/WSDL)
  • Malicious, unrestricted file uploads and backdoor files
  • Authentication, authorization and session management issues
  • Arbitrary file access and directory traversals
  • Local and remote file inclusions (LFI/RFI)
  • Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures
  • HTTP parameter pollution and HTTP response splitting
  • Denial-of-Service (DoS) attacks: Slow HTTP and XML Entity Expansion
  • Insecure distcc, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
  • HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
  • Unvalidated redirects and forwards, and cookie poisoning
  • Cookie poisoning and insecure cryptographic storage
  • Server Side Request Forgery (SSRF)
  • XML External Entity attacks (XXE)
Download WAMP servehereSelect save or run. Click open. After that follow the next steps.
Next you will see the Select Destination Location screen. Click Next to continue.
Next you will see the Ready to install screen. Click Install to continue.
Once the files are extracted, you will be asked to select your default browser. Select your default browser’s .exe file, then click Open to continue.
Once the progress bar is completely green, the PHP Mail Parameters screen will appear. Leave the SMTP server as localhost, and change the email address to one of your choosing. Click Next to continue.
Download the latest version of the Software from the here
Extract BWAPP lab set up in the location” C:\wamp\WWW\bWAPP” as is shown below.
Edit the file ‘admin/settings.php’ with your own database connection settings. Leave blank db_password and db_name options
Browse to the file ‘install.php’ in the directory ‘bWAPP
//localhost/bWAPP/install.php
Click on ‘here‘ (Click ‘here’ to install bWAPP). The database ‘bWAPP‘ will be created
Again Edit the file ‘admin/settings.php’ and setup the db_name see the screenshot below
Go to the login page. If you browse the bWAPP root folder you will be redirected. //localhost/bWAPP/
 Login with the default credentials or make a new user.
Default credentials:
User name: bee
Password: bug
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets.

Comments

Post a Comment

Popular posts from this blog

Discrete Mathematics - Rules of Inference

To deduce new statements from the statements whose truth that we already know,  Rules of Inference  are used. What are Rules of Inference for? Mathematical logic is often used for logical proofs. Proofs are valid arguments that determine the truth values of mathematical statements. An argument is a sequence of statements. The last statement is the conclusion and all its preceding statements are called premises (or hypothesis). The symbol “ ∴ ∴ ”, (read therefore) is placed before the conclusion. A valid argument is one where the conclusion follows from the truth values of the premises. Rules of Inference provide the templates or guidelines for constructing valid arguments from the statements that we already have. Table of Rules of Inference Rule of Inference Name Rule of Inference Name P ∴ P ∨ Q P ∴ P ∨ Q Addition P ∨ Q ¬ P ∴ Q P ∨ Q ¬ P ∴ Q Disjunctive Syllogism P Q ∴ P ∧ Q P Q ∴ P ∧ Q Conjunction P → Q Q → R ∴ P → R P → Q Q → R ∴ P → R ...
Post a Comment
Read more

Digital Circuits - Shift Registers

We know that one flip-flop can store one-bit of information. In order to store multiple bits of information, we require multiple flip-flops. The group of flip-flops, which are used to hold (store) the binary data is known as  register . If the register is capable of shifting bits either towards right hand side or towards left hand side is known as  shift register . An ‘N’ bit shift register contains ‘N’ flip-flops. Following are the four types of shift registers based on applying inputs and accessing of outputs. Serial In − Serial Out shift register Serial In − Parallel Out shift register Parallel In − Serial Out shift register Parallel In − Parallel Out shift register Serial In − Serial Out (SISO) Shift Register The shift register, which allows serial input and produces serial output is known as Serial In – Serial Out  (SISO)  shift register. The  block diagram  of 3-bit SISO shift register is shown in the following figure. This block d...
Post a Comment
Read more

discrete mathematics: Venn Diagrams

Venn Diagrams Venn diagram, invented in 1880 by John Venn, is a schematic diagram that shows all possible logical relations between different mathematical sets. Examples Set Operations Set Operations include Set Union, Set Intersection, Set Difference, Complement of Set, and Cartesian Product. Set Union The union of sets A and B (denoted by  A ∪ B A ∪ B ) is the set of elements which are in A, in B, or in both A and B. Hence,  A ∪ B = { x | x ∈ A   O R   x ∈ B } A ∪ B = { x | x ∈ A   O R   x ∈ B } . Example  − If  A = { 10 , 11 , 12 , 13 } A = { 10 , 11 , 12 , 13 }  and B =  { 13 , 14 , 15 } { 13 , 14 , 15 } , then  A ∪ B = { 10 , 11 , 12 , 13 , 14 , 15 } A ∪ B = { 10 , 11 , 12 , 13 , 14 , 15 } . (The common element occurs only once) Set Intersection The intersection of sets A and B (denoted by  A ∩ B A ∩ B ) is the set of elements which are in both A and B. Hence,  A ∩ B = { x | x ∈ A   A N D...
Post a Comment
Read more