{"id":7919,"date":"2023-12-05T21:56:38","date_gmt":"2023-12-05T12:56:38","guid":{"rendered":"\/blog\/?p=7919"},"modified":"2023-12-05T22:08:27","modified_gmt":"2023-12-05T13:08:27","slug":"webgoat-2","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=7919","title":{"rendered":"WebGoat"},"content":{"rendered":"\n

\ub2e4\uc6b4\ub85c\ub4dc: https:\/\/github.com\/WebGoat\/WebGoat\/releases<\/a><\/p>\n\n\n\n

\n\n\n\n

WebGoat\uc740 \ubcf4\uc548 \ubb38\uc81c\ub85c localhost\uc5d0\uc11c\ub9cc \uc811\uc18d \uac00\ub2a5\ud558\ubbc0\ub85c, \uc678\ubd80\uc5d0\uc11c\ub3c4 \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub3c4\ub85d apache \uc6f9\uc11c\ubc84\uc758 Proxy \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc678\ubd80\uc5d0\uc11c \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub3c4\ub85d \uad6c\uc131\ud55c\ub2e4.<\/p>\n\n\n\n

apt -y install apache2\ncp -f \/etc\/apache2\/sites-available\/000-default.conf \/etc\/apache2\/sites-available\/000-default.conf.orig\na2enmod proxy\na2enmod proxy_http\n\nsed -i \"s\/<\\\/VirtualHost>\/\/g\" \/etc\/apache2\/sites-available\/000-default.conf\necho >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t#######################################\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t# Proxy\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t#######################################\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\tProxyRequests Off\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\tProxyPreserveHost On\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t<Proxy *>\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t\\tOrder deny,allow\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t\\tAllow from all\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\t<\/Proxy>\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\tProxyPass \/ http:\/\/127.0.0.1:8080\/\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"\\tProxyPassReverse \/ http:\/\/127.0.0.1:8080\/\" >> \/etc\/apache2\/sites-available\/000-default.conf\necho -e \"<\/VirtualHost>\" >> \/etc\/apache2\/sites-available\/000-default.conf\n<\/pre>\n\n\n\n
\n\n\n\n
WebGoat\uc744 systemd \uc11c\ube44\uc2a4\ub85c \ucd94\uac00<\/p>\n\n\n\n
#!\/bin\/bash\nCURRENT_DIR=`pwd -P`\nCURRENT_TIME=`date \"+%Y%m%d_%H%M%S\"`\n\nexport JAVA_HOME=\"\/opt\/jdk-17.0.5\"\nexport SERVICE_NAME=\"webgoat\"\nexport WEBGOAT_JAR=\"\/opt\/webgoat\/webgoat-2023.7.jar\"\nexport JAVA_OPTS=\"-Xms512M -Xmx1G -Xss512K -Dfile.encoding=UTF-8\"\n#export WEBGOAT_OPTS=\"--server.address=127.0.0.1 --server.port=8080\"\n\n# Check java\nif [ ! -f ${JAVA_HOME}\/bin\/java ]\nthen\n  echo \"${JAVA_HOME}\/bin\/java not found !\"\n  exit 1\nfi\n\n# Check webgoat.jar\nif [ ! -f ${WEBGOAT_JAR} ]\nthen\n  echo \"${WEBGOAT_JAR} not found !\"\n  exit 1\nfi\n\necho \"[Unit]\" > \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Description=A deliberately insecure Web Application\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"After=network.target\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"[Service]\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Type=simple\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Environment='JAVA_HOME=${JAVA_HOME}'\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Environment='TZ=Asia\/Seoul'\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"ExecStart=${JAVA_HOME}\/bin\/java ${JAVA_OPTS} -jar ${WEBGOAT_JAR} ${WEBGOAT_OPTS}\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"ExecStop=pkill -TERM webgoat\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"User=root\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Group=root\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"UMask=0007\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"RestartSec=10\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"Restart=always\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"[Install]\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\necho \"WantedBy=multi-user.target\" >> \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\nchmod 644 \/usr\/lib\/systemd\/system\/${SERVICE_NAME}.service\nsystemctl daemon-reload\nsystemctl disable ${SERVICE_NAME}.service<\/pre>\n\n\n\n
\n\n\n\n
\uc6f9\ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c http:\/\/10.10.10.32\/WebGoat \uc73c\ub85c \uc811\uc18d<\/p>\n","protected":false},"excerpt":{"rendered":"
\ub2e4\uc6b4\ub85c\ub4dc: https:\/\/github.com\/WebGoat\/WebGoat\/releases WebGoat\uc740 \ubcf4\uc548 \ubb38\uc81c\ub85c localhost\uc5d0\uc11c\ub9cc \uc811\uc18d \uac00\ub2a5\ud558\ubbc0\ub85c, \uc678\ubd80\uc5d0\uc11c\ub3c4 \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub3c4\ub85d apache \uc6f9\uc11c\ubc84\uc758 Proxy \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc678\ubd80\uc5d0\uc11c \uc811\uc18d\uc774 \uac00\ub2a5\ud558\ub3c4\ub85d \uad6c\uc131\ud55c\ub2e4. WebGoat\uc744 systemd \uc11c\ube44\uc2a4\ub85c \ucd94\uac00 \uc6f9\ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c http:\/\/10.10.10.32\/WebGoat \uc73c\ub85c \uc811\uc18d<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66,15,12],"tags":[],"class_list":["post-7919","post","type-post","status-publish","format-standard","hentry","category-computing_fortify","category-computing_tools","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7919"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7919\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}