|
1 | 1 | This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. |
2 | 2 |
|
| 3 | +##### Prerequisites: |
| 4 | +- docker-compose |
| 5 | +- git |
| 6 | + |
| 7 | +##### Steps: |
| 8 | +- Clone the repo:<br>`git clone https://github.com/softwaresecured/JavaVulnerableLab.git` |
| 9 | + |
| 10 | +- Change into the directory:<br>`cd JavaVulnerableLab/` |
| 11 | + |
| 12 | +- And start the app:<br> `sudo docker-compose up` |
| 13 | + |
| 14 | +- After the build process, navigate to:<br> |
| 15 | +`http://localhost:8080/JavaVulnerableLab/install.jsp` |
| 16 | + |
| 17 | +- And click *Install* (leaving the default options)<br> |
| 18 | + |
| 19 | + |
| 20 | + |
| 21 | + |
| 22 | +### The following is the previous README describing other installation methods |
| 23 | + |
3 | 24 | ---------------------------------- |
4 | | -The full course on Hacking and Securing Web Java Programs is available in |
| 25 | +The full course on Hacking and Securing Web Java Programs is available in |
5 | 26 | ----------------------------------- |
6 | 27 | https://www.udemy.com/hacking-securing-java-web-programming/ |
7 | 28 |
|
8 | 29 | **Warning**: Don't run this app in Your Main Machine or in an online server. Install it in Vitual Machine. |
9 | 30 |
|
10 | | - |
| 31 | + |
11 | 32 | How to Use/Setup ? |
12 | 33 | ------------- |
13 | 34 |
|
14 | 35 | **Method 1.Very Easiest Method : VirtualBox VM** |
15 | | - The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. |
16 | | - |
| 36 | + The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. |
| 37 | + |
17 | 38 | Steps: |
18 | | - |
| 39 | + |
19 | 40 | 1. Install the VirtualBox : https://www.virtualbox.org/wiki/Downloads |
20 | 41 | 2. Download the VM Image from here : http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download |
21 | 42 | 3. Import the JavaVulnerable.ova into VirtualBox. |
22 | | - 4. Change the Network Settings to Host-Only Network |
23 | | - 5. Start the Machine and Log into the Machine( Credentials; username: root password: cspf) |
| 43 | + 4. Change the Network Settings to Host-Only Network |
| 44 | + 5. Start the Machine and Log into the Machine( Credentials; username: root password: cspf) |
24 | 45 | 6. Start Tomcat by entering "service tomcat start" in the Terminal |
25 | 46 | 7. Start mysql by entering "service mysql start" in the Terminal |
26 | 47 | 8. Find the IP Address of Machine |
27 | | - 9. In your Browser, go to "http://[IP_ADDRESS_OF_VM]:8080/JavaVulnerableLab/install.jsp |
| 48 | + 9. In your Browser, go to "http://[IP_ADDRESS_OF_VM]:8080/JavaVulnerableLab/install.jsp |
28 | 49 | 10. Click the Install Button |
29 | 50 | 11. Enjoy :) |
30 | | - |
| 51 | + |
31 | 52 | **Method 2.Easiest Method : Standalone Web Application** |
32 | | - In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. |
33 | | - |
| 53 | + In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. |
| 54 | + |
34 | 55 | Steps: |
35 | | - |
| 56 | + |
36 | 57 | 1. Install JDK |
37 | 58 | 2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download |
38 | 59 | 3. Double Click the JavaVulnerable.jar to run( if double click is not working, run this command "java -jar JavaVulnerable.jar" in your Terminal or CMD) |
39 | | - 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp |
| 60 | + 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp |
40 | 61 | 5. Click the Install Button |
41 | | - |
| 62 | + |
42 | 63 | **Method 3. Using War file:** |
43 | | - This is a NORMAL method to deploy the WAR file. |
44 | | - |
| 64 | + This is a NORMAL method to deploy the WAR file. |
| 65 | + |
45 | 66 | Steps: |
46 | | - |
| 67 | + |
47 | 68 | 1. Install Apache Tomcat server |
48 | 69 | 2. Go to http://[Tomcat_INSTALLED_IP]:8080/manager/ (make sure you have modified tomcat-users.xml file of the tomcat to allow the manager). |
49 | 70 | 3. Download our WAR file from here: https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download |
50 | 71 | 4. Deploy the WAR in Apache Tomcat manager. |
51 | | - 5. Go to http://[Tomcat_INSTALLED_IP]:8080/JavaVulnerableLab/install.jsp |
| 72 | + 5. Go to http://[Tomcat_INSTALLED_IP]:8080/JavaVulnerableLab/install.jsp |
52 | 73 | 6. Click the Install Button |
53 | | - |
| 74 | + |
54 | 75 |
|
55 | 76 | Get the VulnerableSpring Project from here: |
56 | 77 | https://github.com/breakthesec/VulnerableSpring |
57 | | - |
|
0 commit comments