How to install and use Open Web Application Security Project Broken Web Application (OWASP -BWA) in Ubuntu Virtualbox

   In this tutorial I'm going to share on How to install and use Open Web Application  Security Project Broken Web Apps (OWASP-BWA) in Ubuntu Virtualbox .

What will be covered in this Tutorial ?

  1. Download and extract OWASP -BWA .
  2. Add OWASP-BWA new Virtual Machine in Virtualbox .
  3. Run and access  OWASP -BWA .

1) Download and extract OWASP -BWA .

1.1) Download OWASP -BWA on the net by searching on Google or find it here .

1.2) Copy the downloaded file to your desired location .

1.3) Extract the file by going to the folder, right click the file and choose "Extract Here" .

2. Add OWASP-BWA new Virtual Machine in Virtualbox .

2.1) Add new Virtual Machine (VM) by adding new name and type which is "Linux" and choose "Ubuntu" type version .

2.2) Allocate memory size for Virtual Machine . I choose to run on 512 MB of RAM . Then click "Next" .

2.3) Use existing virtual hard disk . Then click the "file" button and choose the extracted file "OWASP Broken Web Apps-cl1.vmdk" 

OWASP Broken Web Apps-cl1.vmdk

2.4) Click "Create" .

3. Run and access  OWASP -BWA .

  You need to run different machine to access OWASP BWA for your hacking and learning purposes. In below example, I run Windows XP to access OWASP-BWA . You can also use Kali Linux or any other distro that you have in your Virtualbox. To access OWASP-BWA, you need to use internet browser .

3.1)  Click Windows XP and go to "Settings>Network" . Then, set the network parameter . Change the attached information to  "Internal Network" .

3.2) Give a name for your internal network  .In this example i give the name as"Pentestlab" .

3.3) Repeat steps "3.1" and "3.2" above but this time set it for  OWASP-BWA .

3.4) Run both system . by clicking "Start" button for both systems.

3.5) Key in the username and password for OWASP-BWA. Username for OWASP-BWA is "root" and password is "owaspbwa" .

3.6) Check OWASP-BWA ip address  by running "ifconfig" command. You will need this ip address to access  OWASP-BWA .

3.6) Try to ping OWASP-BWA from Windows XP terminal .

If you have problem ping OWASP-BWA, check your virtualbox network connection settings.

3.7) Open the web browser and access OWASP-BWA by typing OWASP-BWA ip address .

3.8)  You should be able to login to OWASP-BWA .To run test on the vulnerabilities, click any web application given on the list.

key in username and password .

3.9) Once you are in the vulnerable application, Click start to run .

Read Previous: How to install Metasploitable in Ubuntu Virtualbox
Next Post »