1
00:00:00,990 --> 00:00:08,610
As a target systems, we will use a few devices, one of the target devices will be oos broken web applications

2
00:00:08,730 --> 00:00:09,810
or a.

3
00:00:10,730 --> 00:00:16,280
A broken Web applications is a virtual machine that hosts a lot of applications prepared for training

4
00:00:16,280 --> 00:00:23,870
purposes, these apps are intentionally have a lot of vulnerabilities and could also be accessed from

5
00:00:23,870 --> 00:00:25,310
a main page.

6
00:00:25,810 --> 00:00:32,090
The virtual machine is prepared by a WASP Open Web application security project, which is one of the

7
00:00:32,090 --> 00:00:36,770
most important communities around in the application security market.

8
00:00:39,440 --> 00:00:42,800
So I am now on my host machine, it's a MacBook.

9
00:00:43,960 --> 00:00:50,830
Over Web browser and Google for O.W. Aspey Broken Web applications.

10
00:00:51,310 --> 00:00:52,330
Those are my keywords.

11
00:00:53,270 --> 00:00:59,950
The first Web site is the official website of the Broken Web Applications Project hosted under the old

12
00:01:00,070 --> 00:01:02,560
WASP dot org domain.

13
00:01:02,830 --> 00:01:03,760
So let's click it.

14
00:01:04,780 --> 00:01:07,630
Now, this is a Web page of broken web applications.

15
00:01:07,810 --> 00:01:09,860
I'll call it B way from now on.

16
00:01:10,900 --> 00:01:14,310
So there are some explanations about this project here.

17
00:01:14,320 --> 00:01:15,640
So you can read them if you want.

18
00:01:15,880 --> 00:01:21,310
But over here on the right hand side, we have download the latest release.

19
00:01:21,470 --> 00:01:22,340
So click on that.

20
00:01:23,740 --> 00:01:27,460
Now we're directed to the Sound Forge Web site.

21
00:01:28,990 --> 00:01:31,780
So these are the side effects of GDP.

22
00:01:33,070 --> 00:01:36,160
We'll have to see a lot more approval pages like this one.

23
00:01:37,700 --> 00:01:43,580
OK, so these are all the releases of the project, and the latest version is right here at the top.

24
00:01:44,810 --> 00:01:52,570
So click on it and now I have three different options to download Gotabaya file the zip file and a DOT

25
00:01:52,580 --> 00:01:53,650
seven zip file.

26
00:01:54,590 --> 00:02:01,970
Now an obeah file is a virtual appliance used by virtualization applications such as VMware and Oracle

27
00:02:01,970 --> 00:02:02,760
Virtual Box.

28
00:02:03,140 --> 00:02:07,400
It's a package that contains files used to describe a virtual machine.

29
00:02:08,450 --> 00:02:16,580
ZIP and 7C are the archive files and they contain the exact same VM so you can download any one of them

30
00:02:16,910 --> 00:02:18,890
where the seven Z file is smaller.

31
00:02:19,910 --> 00:02:24,400
OK, so I want to download the seven zip file, which is the most popular one already.

32
00:02:24,770 --> 00:02:29,480
So click on the link and download will start in just a couple of seconds.

33
00:02:29,510 --> 00:02:30,230
There we go.

34
00:02:41,680 --> 00:02:42,690
And the downloads finished.

35
00:02:42,740 --> 00:02:51,520
So now I have an otherwise BBWAA archive file, so I'll open it with an on Arqiva and double click and

36
00:02:51,520 --> 00:02:53,540
here are the files inside the archive.

37
00:02:54,610 --> 00:02:57,610
So I already have the VM, so I won't extract it again.

38
00:02:58,300 --> 00:03:00,730
When you extract it, you will have a folder like this.

39
00:03:02,000 --> 00:03:05,660
So go to the folder and here are the files of the virtual machine.

40
00:03:06,910 --> 00:03:15,790
If you run the VMAX file, double click the PVM starts, if it's the first run, it asks you whether

41
00:03:15,790 --> 00:03:17,380
you moved it or copied it.

42
00:03:17,380 --> 00:03:20,050
Select copy and continue.

43
00:03:21,870 --> 00:03:27,570
Right, so while IBM is starting, let's have a look at its settings by clicking this button.

44
00:03:28,780 --> 00:03:33,400
Click here to look at the memory, 1024 megabytes of RAM as recommended.

45
00:03:34,510 --> 00:03:37,450
Click Schwall to turn back to the settings.

46
00:03:38,200 --> 00:03:44,010
Network settings are here to my VM is in an unrecognized network mode.

47
00:03:44,500 --> 00:03:48,510
Don't pay any attention that your VM is probably in that mode by default.

48
00:03:48,520 --> 00:03:54,640
I choose share with my Mac so that I can use the VM in that mode.

49
00:03:56,700 --> 00:03:59,880
So now the PVM has started and we're ready to log in.

50
00:04:00,910 --> 00:04:07,360
It has a route user with the password, Owais BBWAA by default, I have change it before.

51
00:04:07,360 --> 00:04:10,870
So I log into the VMS by using this credential.

52
00:04:13,080 --> 00:04:18,570
If config that check, if it has got an IP address and there it is, so yes, it has.

53
00:04:19,500 --> 00:04:26,760
Now, putting a system on the Internet, Google DNS, for example, 88 directory, and will receive

54
00:04:26,760 --> 00:04:27,470
the replies.

55
00:04:28,230 --> 00:04:33,510
So it seems everything's fine and we're ready to use housebroken Web applications, VM.