In the last post I described VMware host-only networking and
the IP address’s to be assigned to each guest in the WAPT. This post will cover
setting up the Samurai WTF and OWASP Broken Web Application VM’s. Since the
Hacme VM will require an OS install, it will be covered in the next post.
First we must download the VM’s. Click the following links
to download the VM’s:
Once the VM’s have downloaded copy the download files to the
portable hard drive.
Samurai WTF is a Ubuntu based Linux distribution project
focused on Web Application Testing, originally written by Kevin Johnson
(securideas). At this time, the current version is 0.9.9, with version 2.0 in
release candidate state.
Samurai WTF version 0.9.9 is an iso image. You can download
the ISO from sourceforge.
Once the ISO is downloaded, create a new VM using VMware virtualization
software. Each VMware product has minor differences, but select the hardware
options (memory, processor, storage, etc.) based on the resources in the
system(s) this will be used on.
Samurai WTF version 2.0 is an iso image as well. You can download the
zip file from sourceforge. Once the ISO is downloaded, create a new VM using VMware virtualization software. Each VMware product has minor differences, but select the hardware options (memory, processor, storage, etc.) based on the resources in the system(s) this will be used on.
Once Samurai is started, login, click here for the username and password. After login set the IP address to
172.16.254.250. For reference on setting static IP address in Ubuntu based
Samurai, click here.
With Samurai setup, next set up OWASP Broken Web
Applications (OBWA). You can downloaded the latest version here. Once the download is complete, extract the file to the portable hard drive.
Using VMware, either import or open, depending on the VMware version being
used, to use the prebuilt VM.
Once OBWA is started, login using root:owaspbwa. After login
set the IP address to 172.16.254.200. OBWA is Ubuntu based, so setting the IP
address is identical to setting the IP for Samurai.
With the IP’s set, a quick ping to Samurai and OBWA from
each system will ensure that networking is set up on both hosts.
In the next post, I will discussing building the Hacme host.
The Hacme host will have Windows XP SP 3 as the installed OS. I will cover installing Hacme Bank, Hacme
Books, Hacme Casino, Hacme Shipping, and Hacme Travel.
Dinnis, great post, but Kevin and I have a much newer version out. Check out www.samurai-wtf.org to download version. 2.0rc5 which is the latest. Enjoy!
ReplyDeleteThanks Justin, I have updated the links to point to 2.0RC5.
DeleteKeep up the great work with Samurai.
Dennis
It is a good article for this specific topic.
ReplyDeleteThe removal of info definitely takes an individual to some sense of disappointment.
In order to solve this issue, the authorities have designed a a lot of info retrieval remedies.
User should be knowledgeable of the accessible data files retrieval tools to make certain that he is able to handle the information removal situation in just a best way.
usb recovery