Lab26: 1.1

Marius 27 Jun 2017

For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:

  • bWAPP
  • Mutillidae (nowasp)
  • Web for Pentester I (from
  • DVWA
  • Django.nV
  • Google Gruyere
  • OWASP Juice Shop

The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs.

User credentials:

root // password
tux // password