bee-box - Hacking and defacing bWAPP - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


bee-box - Hacking and defacing bWAPP

bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP, our extremely buggy web application.

bee-box gives you several ways to hack and deface the bWAPP website. It's even possible to hack the bee-box to get full root access...

With bee-box you have the opportunity to explore all bWAPP vulnerabilities! Hacking, defacing and exploiting without going to jail... how cool is that? :)

You can download bee-box from here. Have fun!

These are the requirements for installing bee-box:

  • Windows, Linux or Mac OS
  • VMware Player, Workstation or Fusion

An overview of the installation steps:

  • Extract the 'rar' file.
  • Double click on the VM configuration file (bee-box.vmx), or import the VM into the VMware software.
  • Start the VM. It will login automatically.
  • Check the IP address of the VM.
  • Go to the bWAPP login page. If you browse the bWAPP root directory you will be redirected. 
    example: http://[IP]/bWAPP/
    example: http://[IP]/bWAPP/login.php
  • Login with the default bWAPP credentials, or make a new user. 
    default credentials: bee/bug
  • You are ready to explore and exploit the bee!

Some additional notes:

  • Linux credentials:
    bee/bug - root/bug
  • MySQL credentials:
  • Modify the Postfix settings (relayhost,...) to your environment.
    config file: /etc/postfix/
  • Take a snapshot of the VM before hacking the bee-box.
    There is also a backup of the bWAPP website (/var/www/bWAPP_BAK).
  • To reinstall the bWAPP database, delete the database with phpmyadmin

    Afterwards, browse to the following page: https://[IP]/bWAPP/install.php
  • Don't upgrade the Linux operating system, you will lose all fun :)
  • Check the SecurityTube ( for some amazing hacking videos.
    Thanks Vivek!

We also offer a 2-day comprehensive web security course 'Attacking and Defending Web Applications with bWAPP'. This course can be scheduled on demand, at your location!

Source :

No comments:

Post a Comment