bee-box - Hacking and defacing bWAPP - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

bee-box - Hacking and defacing bWAPP

bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP, our extremely buggy web application.

bee-box gives you several ways to hack and deface the bWAPP website. It's even possible to hack the bee-box to get full root access...

With bee-box you have the opportunity to explore all bWAPP vulnerabilities! Hacking, defacing and exploiting without going to jail... how cool is that? :)

You can download bee-box from here. Have fun!
bw




These are the requirements for installing bee-box:

  • Windows, Linux or Mac OS
  • VMware Player, Workstation or Fusion

An overview of the installation steps:

  • Extract the 'rar' file.
  • Double click on the VM configuration file (bee-box.vmx), or import the VM into the VMware software.
  • Start the VM. It will login automatically.
  • Check the IP address of the VM.
  • Go to the bWAPP login page. If you browse the bWAPP root directory you will be redirected. 
    example: http://[IP]/bWAPP/
    example: http://[IP]/bWAPP/login.php
  • Login with the default bWAPP credentials, or make a new user. 
    default credentials: bee/bug
  • You are ready to explore and exploit the bee!



Some additional notes:

  • Linux credentials:
    bee/bug - root/bug
  • MySQL credentials:
    root/bug
  • Modify the Postfix settings (relayhost,...) to your environment.
    config file: /etc/postfix/main.cf
  • Take a snapshot of the VM before hacking the bee-box.
    There is also a backup of the bWAPP website (/var/www/bWAPP_BAK).
  • To reinstall the bWAPP database, delete the database with phpmyadmin
    (http://[IP]/phpmyadmin/).

    Afterwards, browse to the following page: https://[IP]/bWAPP/install.php
  • Don't upgrade the Linux operating system, you will lose all fun :)
  • Check the SecurityTube (www.securitytube.net) for some amazing hacking videos.
    Thanks Vivek!

We also offer a 2-day comprehensive web security course 'Attacking and Defending Web Applications with bWAPP'. This course can be scheduled on demand, at your location!




Source :

http://itsecgames.blogspot.fr/

No comments:

Post a Comment