2022年5月16日 星期一

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)

2022-05-16

續這2篇

[研究]OWASP WebGoat 8.2.2、Webwolf 8.2.2滲透測試學習平台安安裝、啟動 (Windows 2019)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822webwolf-822.html

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows 10)

WebGoat 是一個由 OWASP 維護的、故意不安全的 Web 應用程式,旨在教授 Web 應用程序安全課程。 

Category:OWASP WebGoat Project
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

8.2.2版是2021-09-05 釋出
https://github.com/WebGoat/WebGoat/releases
此處可下載到 webgoat-server-8.2.2.jar 和 webwolf-8.2.2.jar 檔案。

GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
https://github.com/WebGoat/WebGoat
網頁上說需要 Java 17,指令類似如下
java   -Dfile.encoding=UTF-8   -jar   webgoat-8.2.3.jar 
( 會執行失敗,有官方網頁沒說的問題,稍後說 )

Microsoft Build of OpenJDK
直接下載 (找格式為 .msi 的安裝方便些,此處 .msi 被翻譯成「微星」,看的很不習慣)

Oracle JDK下載
直接下載

Java 17 安裝後,隨便啟動個「命令提示字元」視窗,測試一下,確認版本。

C:\>java  -version
openjdk version "17.0.1" 2021-10-19 LTS
OpenJDK Runtime Environment Microsoft-28056 (build 17.0.1+12-LTS)
OpenJDK 64-Bit Server VM Microsoft-28056 (build 17.0.1+12-LTS, mixed mode, sharing)

C:\>

啟動 WebGoat 其實只要下面即可,不用 -Dfile.encoding=UTF-8 參數

java   -jar   webgoat-server-8.2.2.jar  

上次在 Windows Server 2019 會失敗,但這次在 Windows 10 會正常執行,所以又補了這篇。

Microsoft Windows [版本 10.0.17763.2867]
(c) 2018 Microsoft Corporation. 著作權所有,並保留一切權利。

C:\Users\Administrator>cd\WebGoat

C:\WebGoat>dir
 磁碟區 C 中的磁碟沒有標籤。
 磁碟區序號:  D2BA-DEE4

 C:\WebGoat 的目錄

2022/05/16  下午 03:33    <DIR>          .
2022/05/16  下午 03:33    <DIR>          ..
2022/05/05  下午 01:39        96,411,569 webgoat-server-8.2.2.jar
2022/05/05  下午 01:40        53,814,896 webwolf-8.2.2.jar
               2 個檔案     150,226,465 位元組
               2 個目錄  87,354,695,680 位元組可用

C:\WebGoat>jar -jar webgoat-server-8.2.2.jar
無效的選項: j
請使用 'jar --help' 以取得更多的資訊。

C:\WebGoat>java -jar webgoat-server-8.2.2.jar
15:33:44.558 [main] INFO org.owasp.webgoat.StartWebGoat - Starting WebGoat with args:

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.4.3)

2022-05-16 15:33:45.944  INFO 2840 --- [           main] org.owasp.webgoat.StartWebGoat           : Starting StartWebGoat v8.2.2 using Java 17.0.2 on WIN-VD8I3DJAJH2 with PID 2840 (C:\WebGoat\webgoat-server-8.2.2.jar started by Administrator in C:\WebGoat)
2022-05-16 15:33:45.944 DEBUG 2840 --- [           main] org.owasp.webgoat.StartWebGoat           : Running with Spring Boot v2.4.3, Spring v5.3.4
2022-05-16 15:33:45.944  INFO 2840 --- [           main] org.owasp.webgoat.StartWebGoat           : No active profile set, falling back to default profiles: default
2022-05-16 15:33:50.351  INFO 2840 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-05-16 15:34:19.882  INFO 2840 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 181 ms. Found 2 JPA repository interfaces.
2022-05-16 15:34:20.945  WARN 2840 --- [           main] io.undertow.websockets.jsr               : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
2022-05-16 15:34:20.975  INFO 2840 --- [           main] io.undertow.servlet                      : Initializing Spring embedded WebApplicationContext
2022-05-16 15:34:20.975  INFO 2840 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 34847 ms
2022-05-16 15:34:21.285  INFO 2840 --- [           main] org.owasp.webgoat.HSQLDBDatabaseConfig   : Starting internal database on port 9001 ...
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited
[Server@6e9c413e]: [Thread[main,5,main]]: setDatabaseName(0,webgoat)
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited
[Server@6e9c413e]: [Thread[main,5,main]]: setDatabasePath(0,C:\Users\Administrator/.webgoat-8.2.2//data/webgoat)
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited
[Server@6e9c413e]: [Thread[main,5,main]]: setDaemon(true)
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) entered
[Server@6e9c413e]: [Thread[main,5,main]]: checkRunning(false) exited
[Server@6e9c413e]: [Thread[main,5,main]]: setAddress(127.0.0.1)
[Server@6e9c413e]: [Thread[main,5,main]]: setTrace(false)
[Server@6e9c413e]: Initiating startup sequence...
[Server@6e9c413e]: Server socket opened successfully in 0 ms.
2022-05-16 15:34:21.590  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : Checkpoint start
2022-05-16 15:34:21.590  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : checkpointClose start
2022-05-16 15:34:21.590  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : checkpointClose synched
2022-05-16 15:34:21.590  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : checkpointClose script done
2022-05-16 15:34:21.622  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : checkpointClose end
2022-05-16 15:34:21.628  INFO 2840 --- [erver @6e9c413e] hsqldb.db.HSQLDB80CBCA1A87.ENGINE        : Checkpoint end - txts: 1
[Server@6e9c413e]: Database [index=0, id=0, db=file:C:\Users\Administrator/.webgoat-8.2.2//data/webgoat, alias=webgoat] opened successfully in 295 ms.
[Server@6e9c413e]: Startup sequence completed in 295 ms.
[Server@6e9c413e]: 2022-05-16 07:34:21.628 HSQLDB server 2.5.1 is online on port 9001
[Server@6e9c413e]: To close normally, connect and execute SHUTDOWN SQL
[Server@6e9c413e]: From command line, use [Ctrl]+[C] to abort abruptly
2022-05-16 15:34:21.800  INFO 2840 --- [           main] o.f.c.internal.license.VersionPrinter    : Flyway Community Edition 7.1.1 by Redgate
2022-05-16 15:34:22.002  INFO 2840 --- [           main] o.f.c.i.database.base.DatabaseType       : Database: jdbc:hsqldb:hsql://127.0.0.1:9001/webgoat (HSQL Database Engine 2.5)
2022-05-16 15:34:22.080  INFO 2840 --- [           main] o.f.core.internal.database.base.Schema   : Creating schema "container" ...
2022-05-16 15:34:22.080  INFO 2840 --- [           main] o.f.c.i.s.JdbcTableSchemaHistory         : Creating Schema History table "container"."flyway_schema_history" ...
2022-05-16 15:34:22.142  INFO 2840 --- [           main] o.f.core.internal.command.DbMigrate      : Current version of schema "container": null
2022-05-16 15:34:22.159  INFO 2840 --- [           main] o.f.core.internal.command.DbMigrate      : Migrating schema "container" to version "1 - init"
2022-05-16 15:34:22.173  INFO 2840 --- [           main] o.f.core.internal.command.DbMigrate      : Migrating schema "container" to version "2 - version"
2022-05-16 15:34:22.189  INFO 2840 --- [           main] o.f.core.internal.command.DbMigrate      : Successfully applied 2 migrations to schema "container" (execution time 00:00.068s)
2022-05-16 15:34:22.481  INFO 2840 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-05-16 15:34:22.684  INFO 2840 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.4.28.Final
2022-05-16 15:34:22.935  INFO 2840 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2022-05-16 15:34:23.278  INFO 2840 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect
2022-05-16 15:34:24.335  INFO 2840 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-05-16 15:34:24.351  INFO 2840 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-05-16 15:34:25.654  WARN 2840 --- [           main] o.o.webgoat.lessons.CourseConfiguration  : Lesson: webgoat.title has no endpoints, is this intentionally?
2022-05-16 15:34:25.842  WARN 2840 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-05-16 15:34:26.158  INFO 2840 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@72bdd7c7, org.springframework.security.web.context.SecurityContextPersistenceFilter@d5bb1c4, org.springframework.security.web.header.HeaderWriterFilter@7102ac3e, org.springframework.security.web.authentication.logout.LogoutFilter@2f382a5e, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2e32fc22, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@465b38e6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@64dae3b7, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7d17ee50, org.springframework.security.web.session.SessionManagementFilter@2db2a05f, org.springframework.security.web.access.ExceptionTranslationFilter@772caabe, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@33379242]
2022-05-16T15:34:28.002+08:00 [main] WARN FilenoUtil : Native subprocess control requires open access to the JDK IO subsystem
Pass '--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED' to enable.
2022-05-16 15:34:30.758  INFO 2840 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2022-05-16 15:34:31.227  INFO 2840 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 2 endpoint(s) beneath base path '/actuator'
2022-05-16 15:34:31.294  INFO 2840 --- [           main] io.undertow                              : starting server: Undertow - 2.2.4.Final
2022-05-16 15:34:31.309  INFO 2840 --- [           main] org.xnio                                 : XNIO version 3.8.0.Final
2022-05-16 15:34:31.340  INFO 2840 --- [           main] org.xnio.nio                             : XNIO NIO Implementation Version 3.8.0.Final
2022-05-16 15:34:31.472  INFO 2840 --- [           main] org.jboss.threads                        : JBoss Threads version 3.1.0.Final
2022-05-16 15:34:31.529  INFO 2840 --- [           main] o.s.b.w.e.undertow.UndertowWebServer     : Undertow started on port(s) 8080 (http) with context path '/WebGoat'
2022-05-16 15:34:31.553  INFO 2840 --- [           main] org.owasp.webgoat.StartWebGoat           : Started StartWebGoat in 46.622 seconds (JVM running for 47.623)
2022-05-16 15:36:15.923  INFO 2840 --- [  XNIO-1 task-2] io.undertow.servlet                      : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-05-16 15:36:15.923  INFO 2840 --- [  XNIO-1 task-2] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2022-05-16 15:36:15.923  INFO 2840 --- [  XNIO-1 task-2] o.s.web.servlet.DispatcherServlet        : Completed initialization in 0 ms
2022-05-16 15:36:15.955 DEBUG 2840 --- [  XNIO-1 task-2] org.owasp.webgoat.i18n.Messages          : Loading properties [messages.properties] with encoding 'UTF-8'
2022-05-16 15:36:15.955 DEBUG 2840 --- [  XNIO-1 task-2] org.owasp.webgoat.i18n.Messages          : No properties file found for [classpath:i18n/messages_zh] - neither plain properties nor XML
2022-05-16 15:36:15.955 DEBUG 2840 --- [  XNIO-1 task-2] org.owasp.webgoat.i18n.Messages          : No properties file found for [classpath:i18n/messages_zh_TW] - neither plain properties nor XML

執行結果正常

訊息顯示 Undertow started on port(s) 8080 (http) with context path '/WebGoat'

http://127.0.0.1:8080/WebGoat
注意,是 HTTP,還有注意 WebGoat 的大小寫



檢查誰用了 Port 8080

Microsoft Windows [版本 10.0.17763.2867]
(c) 2018 Microsoft Corporation. 著作權所有,並保留一切權利。

C:\Users\Administrator>netstat -nao | find "8080"
  TCP    127.0.0.1:8080         0.0.0.0:0              LISTENING       2840
  TCP    127.0.0.1:8080         127.0.0.1:49761        TIME_WAIT       0
  TCP    127.0.0.1:8080         127.0.0.1:49762        TIME_WAIT       0
  TCP    127.0.0.1:8080         127.0.0.1:49763        TIME_WAIT       0
  TCP    127.0.0.1:8080         127.0.0.1:49764        TIME_WAIT       0

C:\Users\Administrator>tasklist /fi "pid eq 2840"

映像名稱                       PID 工作階段名稱      工作階段 #    RAM使用量
========================= ======== ================ =========== ============
java.exe                      2840 Console                    1    341,848 K

C:\Users\Administrator>


(下圖) 上圖登入畫面按下 Register New User,建立一個帳號就可以登入 


左邊選單是依照 OWASP Top 10:2017 的順序,但是目前最新版已經是 OWASP Top 10:2021,WebGoat 最新版 8.2.2 尚未更上腳步。

首頁 - OWASP Top 10:2021

要結束程式,「命令提示字元」中按下 Ctrl-C 中斷程式即可。

********************************************************************************

啟動 WebWolf

有些挑戰需要運行本地網絡服務器。 WebWolf 可當攻擊者,解決 WebGoat 中的一些任務和挑戰。例如,一項任務可能要求提供文件或連接回自己的環境或接收電子郵件。為了在不連接到 Internet 的情況下運行 WebGoat,此工具稱為 WebWolf。

請另外新開一個「命令提示字元」視窗,因為原來的仍在執行中,沒有回到提示字元狀態下,執行下面 ( WebGoat 網站 和 資料庫用的 Port 要和上面啟動時設定相同,免得 WebWolf 找不到資料庫系統 )

Microsoft Windows [版本 10.0.17763.2867]
(c) 2018 Microsoft Corporation. 著作權所有,並保留一切權利。

C:\Users\Administrator>cd\WebGoat

C:\WebGoat>java -jar webwolf-8.2.2.jar
It seems the application is startd on a OS with non default UTF-8 encoding:MS950
Please add: -Dfile.encoding=UTF-8

C:\WebGoat>java -jar webwolf-8.2.2.jar -Dfile.encoding=UTF-8
It seems the application is startd on a OS with non default UTF-8 encoding:MS950
Please add: -Dfile.encoding=UTF-8

C:\WebGoat>java -Dfile.encoding=UTF-8 -jar webwolf-8.2.2.jar

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::                (v2.4.3)

2022-05-16 15:41:59.573  INFO 540 --- [           main] org.owasp.webwolf.WebWolf                : Starting WebWolf v8.2.2 using Java 17.0.2 on WIN-VD8I3DJAJH2 with PID 540 (C:\WebGoat\webwolf-8.2.2.jar started by Administrator in C:\WebGoat)
2022-05-16 15:41:59.573 DEBUG 540 --- [           main] org.owasp.webwolf.WebWolf                : Running with Spring Boot v2.4.3, Spring v5.3.4
2022-05-16 15:41:59.573  INFO 540 --- [           main] org.owasp.webwolf.WebWolf                : No active profile set, falling back to default profiles: default
2022-05-16 15:42:02.171  INFO 540 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-05-16 15:42:02.296  INFO 540 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 108 ms. Found 2 JPA repository interfaces.
2022-05-16 15:42:03.218  WARN 540 --- [           main] io.undertow.websockets.jsr               : UT026010: Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
2022-05-16 15:42:03.249  INFO 540 --- [           main] io.undertow.servlet                      : Initializing Spring embedded WebApplicationContext
2022-05-16 15:42:03.249  INFO 540 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 3539 ms
2022-05-16 15:42:03.746  INFO 540 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-05-16 15:42:03.923  INFO 540 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.4.28.Final
2022-05-16 15:42:04.219  INFO 540 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2022-05-16 15:42:04.629  INFO 540 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect
2022-05-16 15:42:05.716  INFO 540 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-05-16 15:42:05.732  INFO 540 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-05-16 15:42:06.327  WARN 540 --- [           main] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-05-16 15:42:06.726  INFO 540 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7f353d99, org.springframework.security.web.context.SecurityContextPersistenceFilter@35d5ac51, org.springframework.security.web.header.HeaderWriterFilter@546e61d5, org.springframework.security.web.authentication.logout.LogoutFilter@761e788f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@22a736d7, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2a3194c6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1e8ab90f, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4649d70a, org.springframework.security.web.session.SessionManagementFilter@60783105, org.springframework.security.web.access.ExceptionTranslationFilter@5bc7e78e, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@210308d5]
2022-05-16 15:42:06.898  INFO 540 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2022-05-16 15:42:07.383  INFO 540 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 2 endpoint(s) beneath base path '/actuator'
2022-05-16 15:42:07.414  INFO 540 --- [           main] io.undertow                              : starting server: Undertow - 2.2.4.Final
2022-05-16 15:42:07.430  INFO 540 --- [           main] org.xnio                                 : XNIO version 3.8.0.Final
2022-05-16 15:42:07.461  INFO 540 --- [           main] org.xnio.nio                             : XNIO NIO Implementation Version 3.8.0.Final
2022-05-16 15:42:07.585  INFO 540 --- [           main] org.jboss.threads                        : JBoss Threads version 3.1.0.Final
2022-05-16 15:42:07.647  INFO 540 --- [           main] o.s.b.w.e.undertow.UndertowWebServer     : Undertow started on port(s) 9090 (http)
2022-05-16 15:42:07.663  INFO 540 --- [           main] org.owasp.webwolf.WebWolf                : Started WebWolf in 8.975 seconds (JVM running for 9.72)

訊息顯示 Undertow started on port(s) 9090 (http)

連上

http://localhost:9090/WebWolf

注意,是 HTTP,還有注意 WebWolf 的大小寫

會自動轉址到

http://localhost:9090/login

帳號、密碼用剛剛 WebGoat 註冊的就可以登入了。



結論:情況有些出乎預料,
第1次 Windows Server 2019上安裝很不順利,
第2次 Windows 10上安裝很順利,
第3次 Windows Server 2019上安裝很順利。

(完)

相關

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows Server 2019)(二)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822-windows-server-2019.html

[研究]OWASP WebGoat 8.2.2 滲透測試學習平台 (Windows 10)

[研究]OWASP WebGoat 8.2.2、Webwolf 8.2.2滲透測試學習平台安安裝、啟動 (Windows 2019)
https://shaurong.blogspot.com/2022/05/owasp-webgoat-822webwolf-822.html

[研究] OWASP WebGoat 8.0 安裝
http://shaurong.blogspot.com/2018/06/owasp-webgoat-80.html

[研究] OWASP WebGoatFor.Net 安裝
http://shaurong.blogspot.com/2016/12/owasp-webgoatfornet.html

[研究] OWASP WebGoat 7.1 安裝
http://shaurong.blogspot.com/2016/12/owasp-webgoat-71.html

[研究] OWASP Zed Attack Proxy (ZAP) 2.4.2、2.6.0 滲透測試、弱點掃描工具安裝與試用
http://shaurong.blogspot.com/2015/10/owasp-zed-attack-proxy-zap-242.html

沒有留言:

張貼留言