How to install bWAPP in Web Security Dojo. How to run bee-box in VirtualBox (SOLVED)

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.

bWAPP is for web application security-testing and educational purposes only.

Have fun with this free and open source project!

Differences between bWAPP and bee-box

bWAPP is a set of web applications for searching and testing vulnerabilities. A bee-box is a Linux virtual machine with a pre-installed bWAPP.

With a bee-box, you can hack even at the system level. A full set of vulnerabilities is available in the bee-box.

How to install bWAPP in Web Security Dojo

bWAPP is not present in Web Security Dojo, but it can be easily installed there. Create the install_bWAPP.sh file with the following content:

#!/bin/bash  
   
cd /tmp
 
temp="$(curl -sL -A 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' https://sourceforge.net/projects/bwapp/files/bWAPP/)"
if [ $? -ne '0' ]; then
    exit 1
fi
 
temp2="$(echo "${temp}" | grep -o -E '/projects/bwapp/files/bWAPP/bWAPPv[A-Za-z0-9.]{2,}/' | head -n 1)"
 
temp3="$(curl -sL -A 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36' https://sourceforge.net"${temp2}")"
if [ $? -ne '0' ]; then
    exit 1
fi
 
wget -O bWAPPv.zip "$(echo "${temp3}" | grep -o -E 'https://sourceforge.net/projects/bwapp/files/bWAPP/bWAPPv[A-Za-z0-9.]{2,}/bWAPPv[A-Za-z0-9.]{2,}zip/download' | head -n 1)"
 
unzip bWAPPv.zip
 
sudo mkdir /var/www/bwapp
sudo mv bWAPP/* /var/www/bwapp/
 
sudo sed -i 's/$db_password = "";/$db_password = "dojo";/' /var/www/bwapp/admin/settings.php
 
sudo chmod 777 /var/www/bwapp/passwords/
sudo chmod 777 /var/www/bwapp/images/
sudo chmod 777 /var/www/bwapp/documents/
sudo mkdir /var/www/bwapp/logs/
sudo chmod 777 /var/www/bwapp/logs/
 
sudo chown -R www-data:www-data /var/www/bwapp/
 
sudo rm -rf /tmp/bWAPP* evil
sudo rm INSTALL.txt README.txt release_notes.txt ClientAccessPolicy.xml crossdomain.xml
 
cd

Run this script with the command:

sudo bash install_bWAPP.sh

Go to http://localhost/bwapp/install.php for installation. Click 'here' to install bWAPP. The 'bWAPP' database will be created and populated.

Go to the login page http://localhost/bwapp/login.php

Now 'bWAPP' will always be accessible by the http://localhost/bwapp/ link.

How to install bee-box in VirtualBox

Download bee-box.

Requirements

• Windows, Linux or Mac OS
• VMware Player, Workstation, Fusion, or Oracle VirtualBox

Steps to install the bee-box in VirtualBox

It is assumed that you have already installed VirtualBox.

• Unzip the compressed file.
• To install into VirtualBox, create a new virtual machine without storage devices. Instead of starting Virtual Machine, go to the settings and in the Storage tab connect the bee-box.vmdk file from the unpacked archive as a storage devices.
• Before running, go to the virtual machine settings. In the Network settings tab, change the ‘Attached to’ to ‘Bridged Adapter’.

• Now start the virtual machine.
• Find out the IP address of the virtual machine:

ip a

The screenshot shows that the IP address of the machine is 192.168.0.227.

In the main machine's web browser, enter the IP address of the virtual machine, for example http://192.168.0.227/bWAPP/login.php.

Log in with the default bWAPP credentials or create a new user. The default credentials are bee/bug. Now everything is ready.