Installing Security Shepherd on VMWare Workstation 12 Player

In this post we will install Security Shepherd. A vulnerable web app for us to hack. You can download the ISO image here.

Once you download the software, depackage it, as it should be in a compressed file.

Next, open VMWare Player. In the menu in thr top left choose Player>File>Open. Navigate to the Security Shepherd image and choose it. A dialogue box should open.


Choose Import and the image should load into the virtual machine environment.

AvantLink Affiliate Program


Once the image is loaded we get the following screen, letting us know the image has loaded successfully.


Before we start the virtual machine image we need to do a little bit of networking. We want to be able to see the image on our network from our attacking Kali machine, so we need to bridge Security Shepherd to the internet. From the menu, choose Edit virtual machine settings.


Next we click on the Host-only network adapter and choose the radio button that is titled> Bridged.


Choose okay and play the virtual machine. Sign in with securityshepherd / owaspSecurityShepherd. Change the user password with the passwd command. In the VM, run “ifconfig” to find the IP address of the network adapter. On your host machine, open https:///.


Sign in with admin / password. Change the admin password (cannot be password again). And that concludes this blog post. It’s time to play with our new Security Shepherd virtual machine. In the next post I’ll show a tutorial on the solution to the first challenge. So stay tuned for that. Please let me know if you have any problems in the comments below and happy hacking!! 😉

QuBits 2017-08-21
Celebrate SysAdmins With Savings from The Linux Foundation!



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.