Sunday, June 18, 2017

Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

Hi BTS readers, so far i have gave the Web Application Pen Testing tutorials .  Now it is time to for practicing your skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA).  This time i came with different web application  that will develop your knowledge in Web App PenTesting.
The BodgeIt Store
Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.
With this Vulnerable Application , you can practice the Following attacks:
  • Cross Site Scripting (XSS)
  • SQL injection (SQLi)
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
There is also a ‘scoring’ page (linked from the ‘About Us’ page) where you can see various hacking challenges and whether you have completed them or not.
How to setup the Pen Testing Lab?
Requirements:
Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).
step 1:Install the Tomcat
Install the Tomcat in your system.  If you don’t know how to do install the tomcat , do google search.
Step 2: Start the server
Start the tomcat server.
In Ubuntu, type the following command in Terminal:
 sudo /etc/init.d/tomcat6 start
For windows users, just click the tomcat server in all programs.
Step 3:
Open the browser and type “localhost:8080”. It will show a page “It works !”.   There you can access the manager webapp(http://localhost:8080/manager/html) page.  Clicking the link will ask to enter the username and password.  enter your computer username and password.
Step 4:
Now you are in “Tomcat Web Application Manager” page.  Scroll down and there you can see the WAR file to deploy form.
Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file .  Now click the Deploy button.
Yes,  Now the Application successfully installed..
Access the BodgeIt in this location: http://localhost:8080/bodgeit/
Enjoy ..! if you have any queries, please comment here.

No comments:

Post a Comment

SQL Injection to WebShell

An SQL Injection attack is not only limited to dumping a database, but can also allow the attacker to upload files to the remote server an...