User Tools

Site Tools



BlueTeam VM is a Oracle VirtualBox Virtual Machine with a Vulnerable Web App (DVWA) (Apache2/PHP/MySQL). The main function of this VM is to legally test your hacking tools and skills in a easy to setup and recover environment.

The RedTeam vs. BlueTeam term derrive from the military. Both groups exist of security professionals (a RedTeam attacks a BlueTeam server), and an opposing group, the BlueTeam, who need to defend. Originally, the exercises were used in the military to test force-readiness. They have also been used to test physical security of sensitive sites like nuclear facilities and the Department of Energy's National Laboratories and Technology Centers. In the '90s, experts began using red team-blue team exercises to test information security systems.


  • Debian 9.3.0 x64 VirtualBox image
  • Pre-setup webserver (PHP/SQL)
  • VirtualBox Additions pre-compiled and pre-installed


1. After you downloaded this VBox image, import it into your VirtualBox installation as a 64-bit Debian Linux OS. Use the downloaded disk image as hard drive image. If you don't have VirtualBox installed yet visit the download page here:

2. Install the “Oracle VM VirtualBox Extension Pack” from the official site: , this VM is packed with the guest additions pre-installed! We need these extensions for full support. This allows you to have a high resolution and clipboard sharing for example.

3. Set the network properties of the VM to “Bridge mode”.

Getting started

  • First you need to login: user: blueteam , pass: toor
  • Root password: toor
  • All defaults for DVWA apply
  • Find the IP of the VM either by executing ifconfig or ip -a, or scan your local network
  • Fire up Kali or any other distro of choice and start with the tutorials.
  • Navigate to: “http://YOUR VM IP/dvwa/login.php” and see if you manage to login.


There are already many interesting courses to learn howto hack a web server such as this, I think this is the best one to get you started using it:


wiki/blueteam.txt · Last modified: 2018/01/14 10:35 by stephan

Page Tools