Being "Vulnerable" at home?
-
Do I have/need to have “Digital Ocean” or “Linode” in order to successfully practice “Pen Tests” on a home network?
I’ve tried numerous times downloading ‘bWAPP” and have been unsuccessful.
Thank you! -
Greetings, @James-Tobin!
So, I wouldn't install bwapp on an internet-facing system. You could lock it down so that only you can access it, but it is a purposefully vulnerable system, so you'd have to be very diligent and effective in your security defenses. The dangers far outweigh the benefits.
The better solution is to spin up a local virtual machine using a hypervisor like VirtualBox or VMware Workstation Player and then install bwapp on your new VM. You can easily configure that VM on a private/host-only virtual network and then you won't have to worry about the baddies out there.
A third option is to download the bee-box, which is a pre-built virtual machine with the bwapp already installed. You can grab that here...
https://sourceforge.net/projects/bwapp/files/bee-box/bee-box_v1.6.7z/download
Download that and import it into your hypervisor and you'll be ready to go!
I hope that helps,
Daniel -
@daniel-lowrie87
Daniel - many, MANY thanks! (I'm watching you and Wes right now CySA+) I'm a "Noob" so my questions might be confusing. I have Kali set-up on Oracle's "Virtual Box" on my laptop. I've tried downloading the "bee-box" on that but again, no go. I believe my problem is not understanding, "...configure that VM on a private/host-only virtual network"...
Anyway, thank you again for your response, I will try the link you sent...because...well, just maybe...