The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.

The vulnerable SOAP service is available on http://<ip>/Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods

More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

• SQL Injection (Error-based)
• SQL Injection (Blind)
• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Insecure Direct-Object Reference
• Username Enumeration
• Path Traversal
• Exposed phpinfo()
• Exposed Administrative Interface
• Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip

Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip

Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD

This Virtual machine is using ubuntu (32 bit)

Other packages used: -

• PHP
• Apache
• MySQL

This virtual machine is having medium difficulty level with tricks.

One need to break into VM using web application and from there escalate privileges to gain root access

For any query ping me at https://twitter.com/IndiShell1046

Enjoy the machine

For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:

• bWAPP
• Mutillidae (nowasp)
• Web for Pentester I (from pentesterlab.com)
• DVWA
• Django.nV
• Google Gruyere
• OWASP Juice Shop

The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs.

User credentials:

root // password
tux // password

Xtreme Vulnerable Web Application (XVWA)

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility.

XVWA is designed to understand following security issues.

• SQL Injection – Error Based
• SQL Injection – Blind
• OS Command Injection
• XPATH Injection
• Formula Injection
• PHP Object Injection
• Unrestricted File Upload
• Reflected Cross Site Scripting
• Stored Cross Site Scripting
• DOM Based Cross Site Scripting
• Server Side Request Forgery (Cross Site Port Attacks)
• File Inclusion
• Session Issues
• Insecure Direct Object Reference
• Missing Functional Level Access Control
• Cross Site Request Forgery (CSRF)
• Cryptography
• Unvalidated Redirect & Forwards
• Server Side Template Injection

Machine Name: - Billi_b0x 2

Author Name: - Manish Kishan Tanwar (@indishell1046)

=========

This Virtual machine is using ubuntu (32 bit)

Other packages used: -

PHP Apache MySQL Apache tomcat

This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Gaining low or root privilege shell can be done in two ways (for both)

You've received intelligence of a new Villain investing heavily into Space and Laser Technologies. Although the Villian is unknown we know the motives are ominous and apocalyptic.

Hack into the Moonraker system and discover who's behind these menacing plans once and for all. Find and destroy the Villain before it's too late!

-- Difficulty: Challenging

-- Flag is /root/flag.txt

-- Tested on VMware

-- DCHP enabled

-- No extra tools besides what's on Kali by default

-- Learning Objectives: Client-side Attacks, NoSQL, RESTful, NodeJS, Linux Enumeration and Google-fu.

Thanks to /u/limbernie on Reddit for testing!

Good luck and have fun!

'hackme' is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently privilege escalate as root. The lab was created to mimic real life environment.

'hackme' uses DHCP and in the possible event that the mysqld shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently.

Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities.

As this is a wordpress based lab, it is designed so that users can practice following vulnerabilities: - LFI - RFI - CSRF - File Upload - SQL

There is a total of 3 flags. Completion is only registered on exploiting all vulnerabilities and flags.

Hint: “Everything is not what it seems to be.”

Visit our website http://hackingarticles.in

Hackable - Secret Hacker | Vulnerable Web Application Server

Web List

• DVWA
• BodgeIt Store
• bWAPP
• Commix
• CryptOMG
• Mutillidae 2
• sqli-labs
• Magical
• WebGoat
• WordPress 5.0
• Git
• Phpmyadmin

Git Tools

• fsociety
• the hydra
• xbruteforcer
• WAScan
• wpscan
• sqlmap

Blog Post : https://secrethackersite.blogspot.com/2019/10/hackable-secret-hacker-vulnerable-web.html