wapt lab

All posts tagged wapt lab

Good Evening friends. Today we will see a step by step guide  on how to create a web application pentest lab .

For creating this lab, I am using a host machine with Windows 7 installed on it.  We also need the following softwares.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation   or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above softwares to your system. Install Wamp server.  For this WAPT lab,  we will use vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the wamp server. Now open a browser and and type localhost in the urlbar to see if you can see the victim webapp as shown below.

wapt1

Click on “Create Database” to create some data which we will use in our future howto’s.

wapt2

Now let’s change the permissions of the wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.

wapt3

You should see the httpd.conf as shown below.  Type CTRL+F and search for word “stuff”. After you find it, make changes  as shown below in the red box. Save the file by typing CTRL+S  and restart the wamp server.

wapt4

Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.

wapt5

Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.

wapt6

 

wapt7

Your web application pentest lab is ready. Happy hacking.