带你快速搭建靶场漏洞环境｜WebGoat之Jar版

最新推荐文章于 2025-06-22 20:01:40 发布

原创最新推荐文章于 2025-06-22 20:01:40 发布 · 466 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#jar #ubuntu #linux

本文介绍OWASP WebGoat的安装步骤与环境配置过程，包括Linux环境下Java环境的搭建及WebGoat服务的启动与自启设置。通过实际操作指导读者如何利用此故意不安全的应用来学习Web应用安全。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat’s default configuration binds to localhost to minimize the exposure.

WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

WebGoat靶场漏洞环境搭建Jar版

项目地址

github.com/WebGoat/Web…

环境描述

Linux： Ubuntu 16.04.6 LTS

Java版本：jdk-13.0.2

WebGoat：webgoat-server-8.0.0.M26

环境WebGoat

1.更新源

sudo -i
apt-get update && apt-get clean
apt install -y curl git

2.ubuntu安装Java环境

tar -xvf jdk-13.0.2_linux-x64_bin.tar.gz #解压
sudo mv jdk-13.0.2 /usr/bin/java13_64 #移动到安装位置
 #配置当前用户ubuntu的Java环境变量
vim ~/.bashrc 
#添加以下几行
#java env begin
exportJAVA_HOME=/usr/bin/java13_64
exportCLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
exportPATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end

source ~/.bashrc
java --version
javac --version
 #配置root用户的Java环境变量
sudo -i
vim ~/.bashrc 
#添加以下几行
#java env begin
exportJAVA_HOME=/usr/bin/java13_64
exportCLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
exportPATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
#java env end

source ~/.bashrc
java --version
javac --version

运行WebGoat

java -jar webgoat-server-8.0.0.M26.jar --server.port=8080 --server.address=0.0.0.0

如果需要后台运行可以使用nohup

nohup java -jar webgoat-server-8.0.0.M26.jar --server.address=0.0.0.0 &

The latest version of WebGoat needs Java 11. By default WebGoat starts on port 8080 with --server.port you can specify a different port. With server.address you can bind it to a different address (default localhost)

访问WebGoat

在登录前务必确认WebGoat正确运行。进入页面，http://IP:8080/WebGoat（注意WebGoat的大小写），点击登录按钮下的，Register new user链接，注册一个用户。

然后登入。

自启WebGoat

1.启动脚本

vim /usr/local/webgoat/startwebgoat.sh

#!/bin/sh
sleep 30
nohup java -jar /usr/local/webgoat/webgoat-server-8.0.0.M25.jar --server.port=8080 --server.address=0.0.0.0 &
sleep 60 
nohup java -jar /usr/local/webgoat/webwolf-8.0.0.M25.jar --server.port=9090 --server.address=0.0.0.0 &

2.开机自启

cp /usr/local/webgoat/startwebgoat.sh /etc/init.d/
chmod 755 /etc/init.d/startwebgoat.sh
cd /etc/init.d/
update-rc.d startwebgoat.sh defaults 95

解题思路

来自freebuf

项目说明

Webgoat官方DockerHub：Official WebGoat Docker image release 8.0Webgoat官方GitHub：WebGoat/WebGoat