Virtual Machines
single series all timeline

Search Result: web app (78 results)

Name: Gemini Inc v1

Date release: 2018-01-09

Author: 9emin1

Series: Gemini Inc


Description:

I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.

Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.

GeminiInc v1 has been created that replicate an issue that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.

Adding a little made-up background story to make it more interesting...


Introduction:

Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.

Tweet me your writeup @ https://twitter.com/sec_9emin1


File Information:

Filename: Gemini-Pentest-v1.zip

File size: 3283684247

SHA 1: 47ca8fb27b9a4b59aa6c85b8b1fe4df564c19a1e


Virtual Machine:

Format: Virtual Machine (VMWare)

Operating System: Debian


Networking:

DHCP Service : Enabled

IP Address: Automatically Assigned


More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/

Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v1-vm-walkthrough/

The VM has been tested on the following platform and is working:

  • Mac OSX VMWare Fusion
  • Windows 10 VMWare Player
  • Windows 10 VMWare Workstation

It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.

more...

Name: Gemini Inc v2

Date release: 2018-07-10

Author: 9emin1

Series: Gemini Inc

Description: I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.

Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.

GeminiInc v2 has been created that replicate a few issues that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.

Adding a little made-up background story to make it more interesting…

Introduction: Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.

Tweet me your writeup @ https://twitter.com/sec_9emin1

File Information:

  • Filename: Gemini-Pentest-v2.zip
  • File size: 2239959453
  • SHA 1: 5f210dd9a52a701bab262a9def88009b1ca46300

Virtual Machine:

  • Format: Virtual Machine (VMWare)
  • Operating System: Debian

Networking:

  • DHCP Service : Enabled
  • IP Address: Automatically Assigned

More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/

Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v2-virtual-machine-walkthrough/

The VM has been tested on the following platform and is working:

  • Mac OSX VMWare Fusion
  • Windows 10 VMWare Player
  • Windows 10 VMWare Workstation

It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.

more...

Welcome to CSRF Minefield!

CSRF Minefield is an Ubuntu Server 18.04 based virtual machine, that is heavily ridden with Cross-Site Request Forgery (CSRF) vulnerabilities. This VM hosts 11 real-world web applications that were found vulnerable to CSRF vulnerability and your aim is to find them and detonate them before they explode the target network.

What is CSRF?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - OWASP

How to find or test for a CSRF vulnerability?

As a starting point, you can use the following resources by the OWASP Project:

OWASP Testing Guide OWASP Code Review Guide

List of Web applications included in this version of CSRF Minefield (along with access details):

  1. Bolt CMS 3.6.6
  2. http://192.168.126.162/bolt | Username:admin Password:admin123
  3. PilusCart 1.4.1
  4. http://192.168.126.162/pilus | Username:admin Password:admin123
  5. zzzphp CMS 1.6.1
  6. http://192.168.126.162/zzzphp | Admin link: http://192.168.126.162/zzzphp/admin537/login.php | Username:admin Password:admin123
  7. CMSSite 1.0
  8. http://192.168.126.162/cmssite/ | Username:victor Password:victor
  9. OOP CMS Blog 1.0
  10. http://192.168.126.162/oop/ | Admin link: http://192.168.126.162/oop/admin | Username:admin Password:123
  11. Integria IMS 5.0.83
  12. http://192.168.126.162/integriaims/ | Username:admin Password:integria
  13. ZeusCart 4.0
  14. http://192.168.126.162/zeuscart/ | Admin link: http://192.168.126.162/zeuscart/admin | Username:admin Password:admin123
  15. WSTMart 2.0.8
  16. http://192.168.126.162/wstmart/ | Admin link: http://192.168.126.162/wstmart/admin.php | Username:admin Password:admin123
  17. Simple Online Hotel Reservation System
  18. http://192.168.126.162/hotelcal | Admin link: http://192.168.126.162/hotelcal/admin | Username:admin Password:admin
  19. OrientDB 3.0.17 GA Community Edition
    • Command to start web app:/opt/orient/bin/server.sh | http://192.168.126.162:2480/studio/index.html | Username:root Password:toor
  20. Apache CouchDB 2.3.1
    • Command to start web app:/opt/couchdb/bin/couchdb | http://192.168.126.162:5984/_utils/index.html | Username:root Password:toor

How to get started?

  1. Download the VM from here and extract the Zip file.
  2. Import / Open OVF with VMWare Player or VMWare Workstation
  3. Run the VM
  4. Access the VM on IP address 192.168.126.162
  5. VM login details:
  6. Username: ptlab
  7. Password: ptlab
  8. To login as root: sudo su //(password same as above)
  9. Start hunting!
  10. There might be a few vulnerabilities of other kind. Let's see if you can find them as well.

In case you run into any troubles, contact me on @yaksas443 (twitter) or csc[at]yaksas[dot]in

May the force be with you!

---------------SPOILERS AHEAD!!--------------------

Credits (vulnerability researchers):

  1. Bolt CMS 3.6.6 - FelipeGaspar
  2. PilusCart 1.4.1 - Gionathan Reale
  3. zzzphp CMS 1.6.1 - Yang Chenglong
  4. CMSSite 1.0 - Mr Winst0n
  5. OOP CMS Blog 1.0 - Mr Winst0n
  6. Integria IMS 5.0.83 - Javier Olmedo
  7. ZeusCart 4.0 - mqt
  8. WSTMart 2.0.8 - linfeng
  9. Simple Online Hotel Reservation System - Mr Winst0n
  10. OrientDB 3.0.17 GA Community Edition - Ozer Goker
  11. Apache CouchDB 2.3.1 - Ozer Goker
more...