OWASP Broken Web Applications Download
OWASP Broken Web Applications Download
Step 1: Download the Virtual Machine from ONE of the links below:
OWASP_Broken_Web_Apps_VM_1.2.7z (1.8GB): https://sourceforge.net/projects/owaspbwa/files/1.2/OWASP_Broken_Web_Apps_VM_1.2.7z/download
OWASP_Broken_Web_Apps_VM_1.2.7z (1.8GB): https://velocity.ncsu.edu/dl/cadvVlz/354964 (Password: CSC515_2018)
OWASP_Broken_Web_Apps_VM_1.2.zip (2.3GB): https://velocity.ncsu.edu/dl/cadvVlz/354965 (Password: CSC515_2018)
The.7z files require using 7zip (http://www.7-zip.org/) to extract the contents. The contents of .zip files may be extracted using most standard archive utilities.
Step 2: Extract/Decompress the files (using the appropriate archive utility)
Setting up the VM in Virtualbox
Setting up the VM in Virtualbox
If you have not done so already, download and install virtualbox, available at https://www.virtualbox.org/. If you have previous, extensive use of virtualbox you may need to adapt these instructions (e.g. you may already have a correctly configured host network)
Step 1: Open Up Virtualbox
Step 2: Configure a Host Network
Step 2a: Go to File->Host Network Manager
Step 2b: In the Host Network Manager, click “Create”.
A new Host-only network will appear
Step 2c: Select the new Host-Only Network, and click “Properties”.
Step 2d: In the “Adapter” panel, set the IPV4 address to 192.168.160.1
Step 2e: Select the “DHPC Server” Panel
Step 2f: Select “Enable Server”
Step 2g: Configure the server addresses as follows:
Server Address: 192.168.160.2
Server Mask: 255.255.255.0
Lower Address Bound: 192.168.160.3
Upper Address Bound: 192.168.160.254
Step 2h: Click "close"
Step 3: Create a New VM
Step 3a: Click "new" on the main Virtualbox screen
Step 3b: On the New VM screen, name the VM “OWASP”. Select “Linux” for the VM Type and “Ubuntu (64-bit)” for the version.
Step 3c: Click "Continue"
Step 3d: The default memory size should be fine. On the Memory Size page, click “continue”
Step 3e: On the hard disk screen, select “Use an existing virtual hard disk”
Step 3f: Select the OWASP Broken Web Apps-cl1.vmdk file
Step 3g: Click "Create"
Step 4: Connect the Machine to the Network
Step 4a: Select the OWASP VM
Step 4b: Select "Settings"
The Settings screen will open up
Step 4c: Select the "Network" Settings
The Network Settings screen will open up
Step 4d: On the Network Settings Screen, for “Attached to”: select “Host-Only Adaptor”. For the “Name”, make sure it is the adaptor you set up in Step 2.
Step 4e: Click "OK"
Step 5: Start the Machine
Step 5a: Select the OWASP VM
Step 5b: Click "Start"
Step 5c: The machine will appear in a separate window. Follow the prompts. Login using username “root” and password “owaspbwa.
Step 5d: Note the URL that is provided to access the web apps. This is the URL you will use to access DVWA and Gruyere.
Step 6: Accessing the Machine
Access the DVWA and Gruyere applications through any web browser using the url provided (e.g. http://192.168.160.101). Note – this may differ across installations
Using DVWA
Using DVWA
Step 1: Once the VM is set up, access owaspbwa in any web browser using the url provided (see steps 5d and 6 of “Setting up the VM in Virtualbox”)
Step 2: Click on the DVWA link
Step 3: Login Using:
Username: admin
Password: admin
Conclusion: You should be taken to the main application screen
Note: If you receive a 503 error when you attempt to access DVWA, close your browser and clear the browser cache. Then restart the VM and attempt to access DVWA again.
Using Gruyere
Using Gruyere
Step 1: Once the VM is set up, access owaspbwa in any web browser using the url provided (see steps 5d and 6 of “Setting up the VM in Virtualbox”)
Step 2: Click on the Gruyere link. It is in the second table from the top
Conclusion: You should be taken to the Gruyere homepage
Note: If you receive a 503 error when you attempt to access Gruyere, close your browser and clear the browser cache. Then restart the VM and attempt to access Gruyere again.
Page updated
Report abuse