Compare commits
31 Commits
add-licens
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
c0f2689f4a | ||
|
|
9f73fad599 | ||
|
|
d03f54d304 | ||
|
|
f1a9267cf3 | ||
|
|
24b08abf2f | ||
|
|
31eef99842 | ||
|
|
e8ba3d770b | ||
|
|
cfb0b6f7dc | ||
|
|
4f33b5185b | ||
|
|
e9781d45a3 | ||
|
|
7f55b828d3 | ||
|
|
36f63009d4 | ||
|
|
67d60dc3f2 | ||
|
|
802b891ba3 | ||
|
|
cd1dbca3a6 | ||
|
|
03dcff7d97 | ||
|
|
cb478ee375 | ||
|
|
82a233a048 | ||
|
|
4ea318641d | ||
|
|
23ec423cd0 | ||
|
|
78c38c4112 | ||
|
|
00275616e2 | ||
|
|
ff2a043182 | ||
|
|
08b0d3143e | ||
|
|
4df83e0ae4 | ||
|
|
85ee198c86 | ||
|
|
b6e5ee1f69 | ||
|
|
0230cb4ec5 | ||
|
|
a4f469a9dc | ||
|
|
fdb68b638e | ||
|
|
8a08cbf915 |
|
|
@ -15,6 +15,7 @@
|
||||||
<button class="button" type="button" name="comex2Button" onclick="location.href='CommandExec-2.php';">Command Execution Level 2</button>
|
<button class="button" type="button" name="comex2Button" onclick="location.href='CommandExec-2.php';">Command Execution Level 2</button>
|
||||||
<button class="button" type="button" name="comex3Button" onclick="location.href='CommandExec-3.php';">Command Execution Level 3</button>
|
<button class="button" type="button" name="comex3Button" onclick="location.href='CommandExec-3.php';">Command Execution Level 3</button>
|
||||||
<button class="button" type="button" name="comex4Button" onclick="location.href='CommandExec-4.php';">Command Execution Level 4</button>
|
<button class="button" type="button" name="comex4Button" onclick="location.href='CommandExec-4.php';">Command Execution Level 4</button>
|
||||||
|
<p align="center">NOTE: The purpose here is to find flags and roads to be used. Paste the paths to the URL is not a solution.</p>
|
||||||
</div>
|
</div>
|
||||||
</link>
|
</link>
|
||||||
<img src="../Resources/hmb.png" align="left" style="width:40%" alt="HummingbirdsCyberTeam">
|
<img src="../Resources/hmb.png" align="left" style="width:40%" alt="HummingbirdsCyberTeam">
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,8 @@
|
||||||
<p>
|
<p>
|
||||||
<div align="center"><b><h1> Did you notice anything changed? Browse the site.</h1></b></div>
|
<div align="center"><b><h1> Did you notice anything changed? Browse the site.</h1></b></div>
|
||||||
<!-- "There are 2 hints under the File Inclusion folder. They should be there -> " <!-->
|
<!-- "There are 2 hints under the File Inclusion folder. They should be there -> " <!-->
|
||||||
<!-- "Hint1 : FileInclusion\pages\dontOpen\hint1 <!-->
|
<!-- "Hint1 : FileInclusion\pages\dontOpen\hint1.php <!-->
|
||||||
<!-- "Hint2 : FileInclusion\hint2\hint2.php" <!-->
|
<!-- "Hint2 : FileInclusion\hint2\hint2.php" <!-->
|
||||||
|
<!-- "Paste the paths to the URL is not a solution!!" <!-->
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
|
||||||
48
README.md
48
README.md
|
|
@ -1,8 +1,17 @@
|
||||||
# Vulnerable Web Application V1.0
|
# Vulnerable Web Application
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<h2>Installation Guide</h2>
|
## What is Vulnerable-Web-Application
|
||||||
|
|
||||||
|
Vulnerable-Web-Application is a website that is prepared for people who are interested in web penetration and who want to have
|
||||||
|
information about this subject or to be working. In fact, the website is quite simple to install and use.
|
||||||
|
|
||||||
|
Vulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring
|
||||||
|
categories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can
|
||||||
|
create a database again.
|
||||||
|
|
||||||
|
## Installation Guide
|
||||||
|
|
||||||
If you want to run this tool, first of all you need to download web server solution like "xampp"- you can download xampp from
|
If you want to run this tool, first of all you need to download web server solution like "xampp"- you can download xampp from
|
||||||
[Xampp](https://www.apachefriends.org/tr/download.html). After your installation;
|
[Xampp](https://www.apachefriends.org/tr/download.html). After your installation;
|
||||||
|
|
@ -14,15 +23,32 @@ For Mac Os you need to install mampp and copy the files into the mamp/htdocs f
|
||||||
|
|
||||||
For Linux after download our files first you need to open apache server and copy the files to /var/www/html
|
For Linux after download our files first you need to open apache server and copy the files to /var/www/html
|
||||||
|
|
||||||
<b>Other Configurations:</b>
|
## Docker Container
|
||||||
|
You can also run the **Vulnerable Web Application** in Docker with the folowing command:
|
||||||
|
|
||||||
The php.ini file should be altered. You can find the location of your php.ini file under the folder which php is installed.
|
```
|
||||||
* allow_url_include = on - Allows for Remote File Inclusion
|
docker run -it --name vuln_app -p 9991:80 santosomar/vuln_app:latest /bin/bash
|
||||||
* allow_url_fopen = on - Allows for Remote File Inclusion
|
```
|
||||||
* safe_mode = off - (If PHP <= v5.4) Allows for SQL Injection
|
**Note**: You can change the port 9991 to any port you desire depending your implementation.
|
||||||
* magic_quotes_gpc = off - (If PHP <= v5.4) Allows for SQL Injection
|
|
||||||
|
|
||||||
<b>Installation</b>
|
### Other Configurations:
|
||||||
|
|
||||||
After all these configurations, firstly, open Xampp Control Panel and start Apache,MySQL. Your MySQL credentials have to be default.<b>[username:root <-> password:""]</b> Then open up our index.php file in the <b>Vulnerable Web Application</b> directory. Follow the directions and create database. If you messed up with database, you can reset the database. If database is ready, you can go to homepage and start hacking.
|
The `php.ini` file should be altered. You can find the location of your `php.ini` file under the folder which php is installed.
|
||||||
|
- `allow_url_include` = on - Allows for Remote File Inclusion
|
||||||
|
- `allow_url_fopen` = on - Allows for Remote File Inclusion
|
||||||
|
- `safe_mode` = off - (If PHP <= v5.4) Allows for SQL Injection
|
||||||
|
- `magic_quotes_gpc` = off - (If PHP <= v5.4) Allows for SQL Injection
|
||||||
|
|
||||||
|
## Application Setup
|
||||||
|
|
||||||
|
- After editing the previous configuration, open the Xampp Control Panel and start Apache,MySQL.
|
||||||
|
- Your MySQL credentials must stay the default credentials (e.g., username:root <-> password:"")
|
||||||
|
- Open up the `index.php` file in the <b>Vulnerable Web Application</b> directory. Follow the directions and create database.
|
||||||
|
|
||||||
|
**Note**: You can reset the database at any time, if needed or if you run into any problems. Once the database is ready, you can go to homepage and start hacking.
|
||||||
|
|
||||||
|
## License
|
||||||
|
The contents of this repository are licensed under the GNU General Public License v3.0.
|
||||||
|
|
||||||
|
## Version
|
||||||
|
1.0.0
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user