{"id":69,"date":"2023-03-10T20:02:13","date_gmt":"2023-03-10T20:02:13","guid":{"rendered":"https:\/\/yashinfosec.com\/?p=69"},"modified":"2023-03-10T20:02:14","modified_gmt":"2023-03-10T20:02:14","slug":"vuln-web-app-home-lab-using-raspberry-pi","status":"publish","type":"post","link":"https:\/\/yashinfosec.com\/?p=69","title":{"rendered":"Vuln Web-App Home Lab using Raspberry-Pi"},"content":{"rendered":"\n

Hello readers, Today in this blog I will explain how to setup a Vulnerable Web Application in your Home Lab using a Raspberry-Pi<\/p>\n\n\n\n

If you are also a cybersecurity enthusiast like me and want to have a specific and complex Lab setup just like me then go ahead this article is for you. <\/p>\n\n\n\n

Basically, if you also have a Raspberry Pi and want to host a Vulnerable Web Application on it, here are the steps you need to follow<\/p>\n\n\n\n

First, let’s see the requirements of our project:-
1. Raspberry Pi (I’m using Raspberry Pi 3b+)
2. 16GB memory card
3. A laptop or computer to perform operations
4. Ethernet cable to connect it to Network
5. Memory card Reader<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In this project we are going to do the headless installation, so we don’t need a monitor, keyboard, or mouse<\/p>\n\n\n\n

Step 1:- Connect SD card to laptop\/computer using an SD card reader and flash Ubuntu Server using Raspberry Pi Imager <\/p>\n\n\n\n

here is the link to download the Raspberry Pi imager link<\/a><\/p>\n\n\n\n


CHOOSE OS > Other general-purpose OS > Ubuntu >Ubuntu Server.04.2 LTS (32-bit) [You can install 64-bit if you are using Raspberry Pi 4]
choose SD card as storage and open settings > check enable SSH, and set Username and Password > write<\/p>\n\n\n\n

Note:- if the imager pops any warning msg press ‘yes’<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Step 2:- Now we need to download a vulnerable website, install a web server, and host the website
first, insert the memory card into Raspberry pi and power the raspberry pi, let the raspberry pi boot completely wait for a few minutes,
when the pi is booted, SSH into pi using the credentials created in the previous step<\/p>\n\n\n\n

Installing web server<\/span><\/strong><\/p>\n\n\n\n

Now let’s see the software we will be using
1. Apache 2 as the web server
2. MariaDB as Database server
3. php-mysql as the action block
Now we have a bunch of commands to use in order to install and configure the web server
1. apt-get update && apt-get upgrade && apt-get dist-upgrade \/\/Linux command to update
2. apt-get -y install apache2 libapache2-mod-php \/\/command to install the web server and its dependencies
3. apt-get -y install mariadb-server mariadb-client \/\/command to install the database server and its dependencies
4. apt-get -y install php php-mysqli php-gd \/\/command to install the php and its dependencies
5. systemctl enable apache2 \/\/command to run the web server on startup
6. systemctl enable mariadb \/\/command to run the database server on startup
7. systemctl start apache2 \/\/command to start the web server
8. systemctl start mariadb <\/strong>\/\/command to start the database server
9. apt-get -y install unzip \/\/command to install unzip<\/p>\n\n\n\n

Downloading and Hosting Vulnerable WebApp:-<\/strong><\/span><\/p>\n\n\n\n

Now we will download and configure DVWA on port 80 and juice-shop on port 3000<\/p>\n\n\n\n

    \n
  1. cd \/var\/www\/<\/li>\n\n\n\n
  2. wget https:\/\/github.com\/ethicalhack3r\/DVWA\/archive\/master.zip<\/a><\/li>\n\n\n\n
  3. unzip master.zip<\/li>\n\n\n\n
  4. rm -rf html\/<\/li>\n\n\n\n
  5. mv DVWA-master\/  html\/<\/li>\n\n\n\n
  6. cp config\/config.inc.php.dist\u00a0 \u00a0 config\/config.inc.php
    now enter these commands to create and configure the database<\/li>\n\n\n\n
  7. mysql -u root\n
      \n
    1. create database dvwa;<\/li>\n\n\n\n
    2. grant all on dvwa.* to dvwa@localhost identified by ‘p@ssw0rd’;<\/li>\n\n\n\n
    3. flush privileges;<\/li>\n\n\n\n
    4. exit<\/li>\n<\/ol>\n<\/li>\n\n\n\n
    5. nano  \/etc\/php\/7.3\/apache2\/php.ini    >>> “allow_url_include = Off >> On”<\/li>\n\n\n\n
    6. systemctl restart apache2<\/li>\n\n\n\n
    7. chmod a+w hackable\/uploads<\/li>\n\n\n\n
    8. chmod a+w  external\/phpids\/0.6\/lib\/IDS\/tmp\/phpids_log.txt<\/li>\n\n\n\n
    9. chmod a+w config\/<\/li>\n<\/ol>\n\n\n\n

      Now let’s download and configure juice-shop
      1. apt-get -y install docker
      2. docker pull santosomar\/juice-shop-arm64
      3. docker run -d –name juice-shop -p 3000:3000 santosomar\/juice-shop-arm64<\/p>\n\n\n\n

      Now we need to run this docker on the startup, we will configure crontab
      1. crontab -e >1
      2. @reboot docker run -d –name juice-shop -p 3000:3000 santosomar\/juice-shop-arm64<\/p>\n\n\n\n

      \"\"<\/figure>\n\n\n\n

      The default username and password for DVWA is admin:password<\/p>\n","protected":false},"excerpt":{"rendered":"

      Hello readers, Today in this blog I will explain how to setup a Vulnerable Web Application in your Home Lab using a<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":283,"footnotes":""},"categories":[1],"tags":[4,5],"class_list":["post-69","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-dvwa","tag-vulnerable-web-app","col-md-12"],"yoast_head":"\nVuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yashinfosec.com\/?p=69\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com\" \/>\n<meta property=\"og:description\" content=\"Hello readers, Today in this blog I will explain how to setup a Vulnerable Web Application in your Home Lab using a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yashinfosec.com\/?p=69\" \/>\n<meta property=\"og:site_name\" content=\"yashinfosec.com\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-10T20:02:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-10T20:02:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg\" \/>\n<meta name=\"author\" content=\"cyaswanthsurya@gmail.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cyaswanthsurya@gmail.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/yashinfosec.com\/?p=69#article\",\"isPartOf\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69\"},\"author\":{\"name\":\"cyaswanthsurya@gmail.com\",\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/person\/bed735a207318046f8035adf83f1dff3\"},\"headline\":\"Vuln Web-App Home Lab using Raspberry-Pi\",\"datePublished\":\"2023-03-10T20:02:13+00:00\",\"dateModified\":\"2023-03-10T20:02:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69\"},\"wordCount\":614,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/yashinfosec.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg\",\"keywords\":[\"DVWA\",\"vulnerable web app\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/yashinfosec.com\/?p=69#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/yashinfosec.com\/?p=69\",\"url\":\"https:\/\/yashinfosec.com\/?p=69\",\"name\":\"Vuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com\",\"isPartOf\":{\"@id\":\"https:\/\/yashinfosec.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69#primaryimage\"},\"image\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg\",\"datePublished\":\"2023-03-10T20:02:13+00:00\",\"dateModified\":\"2023-03-10T20:02:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/yashinfosec.com\/?p=69#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/yashinfosec.com\/?p=69\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/yashinfosec.com\/?p=69#primaryimage\",\"url\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg\",\"contentUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/yashinfosec.com\/?p=69#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/yashinfosec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vuln Web-App Home Lab using Raspberry-Pi\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/yashinfosec.com\/#website\",\"url\":\"https:\/\/yashinfosec.com\/\",\"name\":\"yashinfosec.com\",\"description\":\"Explore Security In-depth\",\"publisher\":{\"@id\":\"https:\/\/yashinfosec.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/yashinfosec.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/yashinfosec.com\/#organization\",\"name\":\"yashinfosec.com\",\"url\":\"https:\/\/yashinfosec.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png\",\"contentUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png\",\"width\":250,\"height\":250,\"caption\":\"yashinfosec.com\"},\"image\":{\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/person\/bed735a207318046f8035adf83f1dff3\",\"name\":\"cyaswanthsurya@gmail.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=96&d=mm&r=g\",\"caption\":\"cyaswanthsurya@gmail.com\"},\"sameAs\":[\"http:\/\/yashinfosec.com\"],\"url\":\"https:\/\/yashinfosec.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yashinfosec.com\/?p=69","og_locale":"en_US","og_type":"article","og_title":"Vuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com","og_description":"Hello readers, Today in this blog I will explain how to setup a Vulnerable Web Application in your Home Lab using a","og_url":"https:\/\/yashinfosec.com\/?p=69","og_site_name":"yashinfosec.com","article_published_time":"2023-03-10T20:02:13+00:00","article_modified_time":"2023-03-10T20:02:14+00:00","og_image":[{"url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg","type":"","width":"","height":""}],"author":"cyaswanthsurya@gmail.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"cyaswanthsurya@gmail.com","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/yashinfosec.com\/?p=69#article","isPartOf":{"@id":"https:\/\/yashinfosec.com\/?p=69"},"author":{"name":"cyaswanthsurya@gmail.com","@id":"https:\/\/yashinfosec.com\/#\/schema\/person\/bed735a207318046f8035adf83f1dff3"},"headline":"Vuln Web-App Home Lab using Raspberry-Pi","datePublished":"2023-03-10T20:02:13+00:00","dateModified":"2023-03-10T20:02:14+00:00","mainEntityOfPage":{"@id":"https:\/\/yashinfosec.com\/?p=69"},"wordCount":614,"commentCount":0,"publisher":{"@id":"https:\/\/yashinfosec.com\/#organization"},"image":{"@id":"https:\/\/yashinfosec.com\/?p=69#primaryimage"},"thumbnailUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg","keywords":["DVWA","vulnerable web app"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/yashinfosec.com\/?p=69#respond"]}]},{"@type":"WebPage","@id":"https:\/\/yashinfosec.com\/?p=69","url":"https:\/\/yashinfosec.com\/?p=69","name":"Vuln Web-App Home Lab using Raspberry-Pi - yashinfosec.com","isPartOf":{"@id":"https:\/\/yashinfosec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/yashinfosec.com\/?p=69#primaryimage"},"image":{"@id":"https:\/\/yashinfosec.com\/?p=69#primaryimage"},"thumbnailUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:576\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg","datePublished":"2023-03-10T20:02:13+00:00","dateModified":"2023-03-10T20:02:14+00:00","breadcrumb":{"@id":"https:\/\/yashinfosec.com\/?p=69#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yashinfosec.com\/?p=69"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/yashinfosec.com\/?p=69#primaryimage","url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg","contentUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/rpi.jpg","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/yashinfosec.com\/?p=69#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/yashinfosec.com\/"},{"@type":"ListItem","position":2,"name":"Vuln Web-App Home Lab using Raspberry-Pi"}]},{"@type":"WebSite","@id":"https:\/\/yashinfosec.com\/#website","url":"https:\/\/yashinfosec.com\/","name":"yashinfosec.com","description":"Explore Security In-depth","publisher":{"@id":"https:\/\/yashinfosec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yashinfosec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/yashinfosec.com\/#organization","name":"yashinfosec.com","url":"https:\/\/yashinfosec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/","url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png","contentUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png","width":250,"height":250,"caption":"yashinfosec.com"},"image":{"@id":"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/yashinfosec.com\/#\/schema\/person\/bed735a207318046f8035adf83f1dff3","name":"cyaswanthsurya@gmail.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/yashinfosec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=96&d=mm&r=g","caption":"cyaswanthsurya@gmail.com"},"sameAs":["http:\/\/yashinfosec.com"],"url":"https:\/\/yashinfosec.com\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/posts\/69","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=69"}],"version-history":[{"count":17,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions"}],"predecessor-version":[{"id":90,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/posts\/69\/revisions\/90"}],"wp:attachment":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}