Monday, January 14, 2013

bWAPP - Installation

It is pretty easy to install bWAPP or a buggy web application. In order to do that, you have to meet some requirements first.

These are the requirements:
  • an operating system: Windows, Linux, Unix, Mac OS,...
  • a web server (Apache, IIS,...)
  • the PHP extensions
  • a MySQL installation
  • (or you could install WAMP or XAMPP)
No! I will not explain how to install Apache/IIS, PHP and MySQL.

An overview of the installation steps:

1)  Extract the 'zip' file.
2)  Move the directory 'bWAPP' and its entire content to the root of your web server.

3)  Give full permission to the folders 'passwords' and 'images'.
chmod 777 passwords/
chmod 777 images/
4)  Edit the file 'admin/settings.php' with your own database connection settings.
$db_server = "localhost"; // your database server (IP/name), here 'localhost'
$db_username = "root";  // your MySQL user, here 'root'
$db_password = "";  // your MySQL password, here 'blank'
5)  Browse to the file 'install.php' in the directory 'bWAPP'.
6)  Click on 'here' (Click 'here' to install bWAPP).
The database 'bWAPP' will be created and populated.
7)  Go to the login page. If you browse the bWAPP root folder you will be redirected.
8)  Login with the default credentials or make a new user.
default credentials: bee/bug
9)  You are ready to explore and exploit the bee!

Another option is to download bee-box. bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP.  bee-box gives you several ways to hack and deface the bWAPP website. It's even possible to hack the bee-box to get root access...
With bee-box you have the opportunity to explore all bWAPP vulnerabilities!

This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. IT security, ethical hacking, training and fun... all mixed together.


Malik Mesellem