Lab26: 1

Marius 23 Apr 2017

For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:

  • bWAPP
  • Mutillidae (nowasp)
  • DVWA
  • Django.nV
  • Google Gruyere
  • Web for Pentester I (from

The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. There are a few suggested exercises in a text file on the desktop.

User credentials:

root // password
tux // password