1. Home
  2. Training Library
  3. Programming
  4. Programming Courses
  5. A Practical Introduction to HTML Injection

Installing Beebox

Contents

keyboard_tab

The course is part of this learning path

Installing Beebox
Overview
Difficulty
Intermediate
Duration
1h 34m
Students
18
Ratings
5/5
starstarstarstarstar
Description

This course explores HTML injection, stored HTML injection, and other types of attacks in order to begin carrying out some web pen testing in a practical way. 

Intended Audience

This course is intended for anyone who wants to learn the necessary skills to become an ethical hacker and/or a bug bounty hunter.

Prerequisites

We recommend that this course be taken as part of our Web Penetration Testing & Bug Bounty Hunting learning path.

Transcript

Hi. Within this section, we're going to start learning about the weapon testing and in order to do that, we need some broken applications. I mean, by broken, I mean vulnerabilities. So, applications that are designed to be hacked so that we can understand the vulnerabilities. We can understand how hackers exploit them and we can understand how we can submit them to the administration to get some rewards back or get some bounties back. There're a couple of different applications or there are a couple of different tools that we're going to use for that purpose and we're going to start with something called bWAPP or BeeBox. We're going to see what it is. And the reason why we are not doing that in a real website is that it's not legal, first of all. Maybe it is legal to just do this on your own and try to find a way to hack into to get some bounty but it's not legal to show this to the other people and even if it was then I would find some bugs or I would find some security flaws and they will just close it down so you won't get to practice it. So, you can just write beebox download to Google to see what I'm talking about. So, if you write beebox download, you can see it comes with these sourceforge.net in the first place and itsecgames.com in the second place. So, they're basically the same thing. sourceforge.net is just a way to download this and itsecgames.com is the host of this application. And it says that the claim is an extremely buggy web app. It actually contains a lot of vulnerabilities that we're going to see how to discover and how to use to get access to that website and you can download it from here as well but let me show you first and something called OSWAP. So, this is Open Source Foundation and this is a foundation basically and they have the purpose of making the web a safer place security wise. And they come up with different tools and different projects every year and they are very good. So, if you want to learn about web pentesting then you're going to come across with OSWAP anytime. So, if we go to OWASP top 10, which is a project of OSWAP, they actually gather data to show us what kind of vulnerabilities of what kind of exploits that we come across when it comes to web pentesting. And actually this bWAPP thing contains all of these vulnerabilities, the most popular vulnerabilities that we come across in real life scenarios so that we get to see them and we get to learn them. So, this course is designed around this as well. So, we will try our best to see different kinds of vulnerabilities, different kinds of methods to hack websites and we know the most popular ones and we're going to focus on the most popular ones so that you won't spend like days or months to just find a vulnerability in a website. So, if you go to the sourceforge.net or here, it doesn't matter because itsecgames also directs you to the sourceforge.net as well. And you don't have to do that by the way because I'm going to share the link with you. Just make sure that you download this 1.2GB file, not the 15MB file from here. You have to come over here to seven zip and download this 1.2GB file from there. Just click on this and it will start to download for you. So, it will be like a zipped file, I believe because It's in the seven z extension. All you have to do is just unzip it. So, I have of course, downloaded this in order not to make you wait. So, I'm just going to cancel this one. So, feel free to pause the video and come back when it's done. So, I'm going to cancel this. And again for the unzipping process, you can use WinRaR, WinZip or any other zip thing that you have in your computer. I'm doing this in Mac by the way, but it doesn't matter. It's just the same procedure in Windows as well. So, let me show you where I've saved it. So, in the virtual machines, I have the bee_box folder right now. It's unzipped. So, if it's zipped, you have to unzip it and we see the vmdk files over here. As you can see, the vmdk files are a little bit different than the ova files that we have seen. We cannot automatically install this to the virtual box by just double clicking on them. We have to do this manually and I'm going to show you how it's done. There are 12 files over here and we have to open the virtual box in order to do that. So, what to do next is to find this new button. It can be in different places like from here or from there. Doesn't matter. You will see a new button. Just click on the new button and it will pop up a window for you to create a new virtual box or a virtual machine. I'm going to call this Beebox. And type will be Linux and the version will be Ubuntu(64-bit) for me. If you're using a 32-bit computer, then you should choose 32-bit but I'm going to go for a 64-bit in here. Just make sure you choose the respective one and then we can just hit Continue. Now, if you have more than 4GB, then feel free to use this with 2GB of RAM. If you have 4GB or less, make sure you just don't increase It. I have 32GB of RAM in this computer, then I'm just going to do these 2GB and 2GB will be more than enough for this. Again. if you have less, just go for 1GB of RAM. Of course, we can change it afterwards as well. And we're going to use this at the same time with CAELinux. That's why I'm suggesting to go with 1 or 2. So over here, we're going to say use an existing virtual hard disk file and we didn't do that in CAELinuX because we have been using an ova file but this time, we have to manually import the vmdk file. So, just click on this and as you can see, we cannot see the vmdk file here. We have to edit manually as well. So, it's fairly easy to do. Just click on the add button and find the bee-box folder that you have downloaded and choose the vmdk but not the 1 or 2 or 3. Just choose the bee-box vmdk That one. This one over here. Just say Open and it will be presented in here like that and say Choose and then, here you go. It's already embedded in here and then you can say Create but before we start this, we have to go into the settings of this Beebox because we're going to change something. In the system tab, you can just adjust the RAM in a way that you want, adjust the processors in a way that you want. Since I have 16 CPUs,  I can allocate one or three or four. Maybe I'm going to go for this as 2 but if you have less you can go for 1. With your memory, it's not important. We're not going to use the UI in this machine so I'm going to just give it a like a 40MBs or something, a moderate amount. So after that, let's see the most important part is the network part actually. So, feel free to play with this. If you're not satisfied with your memory, you can just change it later on. But don't forget to go into the network and choose the Nat Network. So, it's in the same Nat Network with CAELinux and don't forget to allow all the promiscuous mode like we have done in CAELinux before. So, this Nat Network is the same Nat Network I used in CAELinux so that's how it's going to be connected with CAELinux. Just open the Kali or not the Kali, Beebox first. Then we're going to open the Kali in the next lecture. Just make sure this Beebox is running. As you can see, it's built on top of the Ubuntu and it contains the website that we're going to be searching for vulnerabilities learning about pentesting. It acts like a web server so wait until it's opened. And when it's opened, you will be presented like a page like this. This is our operating system. All we got to do is to come over here and choose the bee bWAPP start and sometimes the mouse is funny over here. Then you can click on this and just use your arrows in your keyboard to hit this Start. And most of the times, you don't have to install but if you start it, okay and if it doesn't work, then you may come over here to install as well. But if you hit on start most of the time it will just pop open for you. And if you're seeing this, then it's working all right. Now, it's time to open the CAELinux and do some pentesting using this bWAPP application. Let's do that in the next lecture.

 

About the Author
Students
431
Courses
55
Learning Paths
3

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.