Monday, December 31, 2007

WebGoat 5.0 on Ubuntu


Some days I love Ubuntu, some I friggin hate it. today I hate it.

WebGoat comes with a nifty little .sh script to check to make sure you have sun java 1.5x installed.

well, after installing sun java 1.5.x with synaptic finding the nifty directory its in "/usr/lib/jvm/java-1.5.0-sun" then pasting that in the script it still took a dump giving me

Please set JAVA_HOME to a Java 1.5 JDK install or JVM Is not 1.5 errors.

so I just deleted all that check code, put export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/ at the top of the script and it now works...

cg@segfault:~/Desktop/WebGoat-5.0$ sudo ./webgoat.sh start80
Using CATALINA_BASE: ./tomcat
Using CATALINA_HOME: ./tomcat
Using CATALINA_TMPDIR: ./tomcat/temp
Using JAVA_HOME: /usr/lib/jvm/java-1.5.0-sun/

Open http://127.0.0.1/WebGoat/attack
Username: guest
Password: guest
Or try http://guest:guest@127.0.0.1/WebGoat/attack

Here is my new startup script

#! /bin/sh

SYSTEM=`uname -s`
CATALINA_HOME=./tomcat
PATH=${PATH}:./tomcat/bin
export CATALINA_HOME PATH
export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun/
chmod +x ./$CATALINA_HOME/bin/*.sh

case "$1" in
start80)
cp -f $CATALINA_HOME/conf/server_80.xml $CATALINA_HOME/conf/server.xml
$CATALINA_HOME/bin/startup.sh
printf "\n Open http://127.0.0.1/WebGoat/attack"
printf "\n Username: guest"
printf "\n Password: guest"
printf "\n Or try http://guest:guest@127.0.0.1/WebGoat/attack \n\n\r"
sleep 2
tail -f $CATALINA_HOME/logs/catalina.out
;;
start8080)
cp -f $CATALINA_HOME/conf/server_8080.xml $CATALINA_HOME/conf/server.xml
$CATALINA_HOME/bin/startup.sh
printf "\n Open http://127.0.0.1:8080/WebGoat/attack"
printf "\n Username: guest"
printf "\n Password: guest"
printf "\n Or try http://guest:guest@127.0.0.1:8080/WebGoat/attack \n\n\r"
sleep 2
tail -f $CATALINA_HOME/logs/catalina.out
;;
stop)
$CATALINA_HOME/bin/shutdown.sh
;;
*)
echo $"Usage: $prog {start8080|start80|stop}"
exit 1
;;
esac

CG

4 comments:

Unknown said...

hi I'm trying to start webgoat and I've found your problem.
i've followed your post but the application doesn't start alright. i've sanded the problem to the developer, but i was thinking to ask you some help. look there: http://code.google.com/p/webgoat/issues/detail?id=4

this is the detailed problem, can you help me?

Unknown said...

I missed to said that the version of webgoat that i'm trying to use is the 5.1. can be different from 5.0

Rob Haag said...

Man, today I totally know what you went through. today I also 'hate it', usually I love it in an unnatural way :). Glad I found this, I was think of doing the very same thing (except I probably wouldn't have ditched the check stuff on first shot). Gonna try it right now. Thanks!

Anonymous said...

Greetings from germany.

Got mine "hate-this-freaking-ubuntu"-day today. Tried to install it after i used it once years ago. I managed to get it working back then.

This time its more tricky: First thing i did was modifying the *.sh file to make it work. Got a java error. Shit goes like:

java.lang.UnsupportedClassVersionError: Bad version number in .class file

So i pointed JAVA_HOME to /usr/lib/jvm/java-6-sun (webgoat support at google code sais i need java-1

This just led to some other java fuckups.

Hate to do it, but i guess i have to start my win xp vm..

Shouts to the scene,

i love this blog