สำหรับบทความนี้ผมจะขอรวมลิงค์ของ Vulnerable Web Applications ทั้งหลายที่เขาทำมาให้เราสามารถดาวน์โหลด Source Code ไปลองแฮกกันได้ ที่ http://127.0.0.1 นะผมจะทยอยอัพเดทเรื่อยๆ แต่หลักๆจะเอาตัวที่น่าสนใจ (ฮิตๆ ไว้ด้านบนนะแจ๊ะ) ส่วนรายละเอียดของแต่ละตัวว่าตัวไหนทำอะไรได้บ้างจะทยอยๆอัพเดทให้ทีตามความว่าง -..-
อันไหนไม่มีรูปไม่ต้องตกใจนะครับผมขี้เกียจ.
(ปล. รวมถึง os, application ที่ทำมาแล้วมีช่องโหว่ให้แฮกด้วยนะครับ อยู่ด้านล่างเน้อ)
Link: http://www.dvwa.co.uk
Link: http://owaspbricks.blogspot.com/p/home-page.html
Link: http://sechow.com/bricks/
Link: http://sourceforge.net/projects/mutillidae
4. Sqli-labs (อันนี้จะมีแต่ sqli อย่างเดียวนะครับแต่ครบมากๆ)
Link: https://github.com/Audi-1/sqli-labs
Link: http://www.securitytube.net/video/4171 (TUT)
Link: http://sourceforge.net/projects/bwapp/
ที่เหลือขอ Copy มานะครับเพราะยังไม่ได้ลอง
Offline: The following list references downloadable vulnerable
web applications to play with that can be installed on a standard
operating system (Linux, Windows, Mac OS X, etc) using a standard web
platform (Apache/PHP, Tomcat/Java, IIS/.NET, etc).
- The BodgeIt Store (Java): http://code.google.com/p/bodgeit/ (download)
- The ButterFly Security Project (PHP): http://sourceforge.net/projects/thebutterflytmp/ (download)
- bWAPP - an extremely buggy web application! (PHP): http://www.mmeit.be/bwapp/ (download) (docs)
- Damn Vulnerable Web Application - DVWA (PHP): http://www.dvwa.co.uk (download)
- Damn Vulnerable Web Services - DVWS (PHP): http://dvws.secureideas.net (download)
- OWASP Hackademic Challenges Project (PHP): https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project (download)
- Google Gruyere (Python): http://google-gruyere.appspot.com (download)
- Hacme Bank (.NET): http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx (download)
- Hacme Books (Java): http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx (download)
- Hacme Casino (Ruby on Rails): http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx (download)
- Hacme Shipping (ColdFusion): http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx (download)
- Hacme Travel (C++): http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx (download)
- OWASP Insecure Web App Project (Java): https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project (download - orphaned)
- Mutillidae (PHP): http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 (download)
- OWASP .NET Goat (C#): https://owasp.codeplex.com (download)
- Peruggia (PHP): http://peruggia.sourceforge.net (download)
- Puzzlemall (Java): https://code.google.com/p/puzzlemall/ (download) (docs)
- Stanford Securibench (Java) & Micro: http://suif.stanford.edu/~livshits/securibench/ (download)
- SQLI-labs (PHP): https://github.com/Audi-1/sqli-labs (download) (blog)
- SQLol (PHP): https://github.com/SpiderLabs/SQLol (download)
- OWASP Vicnum Project (Perl & PHP): https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project (download)
- VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88 (CVS download & vulns)
- WackoPicko (PHP): https://github.com/adamdoupe/WackoPicko (download) (whitepaper)
- OWASP WebGoat (Java): https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project (download) (guide)
- OWASP ZAP WAVE - Web Application Vulnerability Examples (Java): http://code.google.com/p/zaproxy/downloads/list
- Wavsep - Web Application Vulnerability Scanner Evaluation Project (Java): https://code.google.com/p/wavsep/ (download) (docs)
- WIVET - Web Input Vector Extractor Teaser: https://code.google.com/p/wivet/ (download) (tests)
- BadStore (ISO): http://www.badstore.net (download - registration required)
- OWASP BWA - Broken Web Applications Project (VMware - list): https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project (download)
- Drunk Admin Web Hacking Challenge (VMware): https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/ (download)
- Exploit.co.il Vuln Web App (VMware): http://exploit.co.il/projects/vuln-web-app/ (download)
- GameOver (VMware): http://sourceforge.net/projects/null-gameover/ (download)
- Hackxor (VMware): http://hackxor.sourceforge.net/cgi-bin/index.pl (download) (hints&tips)
- Hacme Bank Prebuilt VM (VMware): http://ninja-sec.com/index.php/hacme-bank-prebuilt-vmware-image-ninja-sec-com/ (download)
- Kioptrix4 (VMware & Hyper-V): http://www.kioptrix.com/blog/?p=604 (download)
- LAMPSecurity (VMware): http://sourceforge.net/projects/lampsecurity/ (download) (doc)
- Metasploitable (VMware): http://blog.metasploit.com/2010/05/introducing-metasploitable.html (download - torrent) (doc)
- Metasploitable 2 (VMware): https://community.rapid7.com/docs/DOC-1875 (download)
- Moth (VMware): http://www.bonsai-sec.com/en/research/moth.php (download)
- PHDays I-Bank (VMware): http://phdays.blogspot.com.es/2012/05/once-again-about-remote-banking.html (download)
- Samurai WTF (ISO - list): http://www.samurai-wtf.org (download)
- Sauron (Quemu) [Spanish]: http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html (solutions)
- UltimateLAMP (VMware - list): http://ronaldbradford.com/blog/ultimatelamp-2006-05-19/ (download)
- Virtual Hacking Lab (ZIP): http://sourceforge.net/projects/virtualhacking/ (download)
- Web Security Dojo (VMware, VirtualBox - list): http://www.mavensecurity.com/web_security_dojo/ (download)
- Acunetix:
- http://testasp.vulnweb.com (Forum - ASP)
- http://testaspnet.vulnweb.com (Blog - .NET)
- http://testphp.vulnweb.com (Art shopping - PHP)
- Cenzic CrackMeBank: http://crackme.cenzic.com
- Google Gruyere (Python): http://google-gruyere.appspot.com/start
- Hacking-Lab (eg. OWASP Top 10): https://www.hacking-lab.com/events/registerform.html?eventid=245
- Hack.me (beta): https://hack.me
- HackThisSite (HTS - Basic & Realistic (web) Missions): http://www.hackthissite.org
- Hackxor online demo: http://hackxor.sourceforge.net/cgi-bin/index.pl#demo (algo/smurf)
- HP/SpiDynamics Free Bank Online: http://zero.webappsecurity.com (admin/admin)
- IBM/Watchfire AltoroMutual: http://demo.testfire.net (jsmith/Demo1234)
- NTOSpider Web Scanner Test Site: http://www.webscantest.com (testuser/testpass)
- OWASP Hackademic Challenges Project - Live (PHP - Joomla): http://hackademic1.teilar.gr
Ref1: http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
Ref2: http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
3 comments:
Updates About Wrestlingwrestle-mania
Great Articlemesothelioma-lawsuit
Icc cricket World Cup 2019 UpdatesIcc cricket world cup 2019
World Cup 2019 UpdatesWorld cup 2019
ARTICLES Updates 2019Free Fb Hacks
Passive Income EducationPassive Income Education
Icc cricket World Cup 2019 UpdatesIcc cricket world cup 2019
Passive Income vs Non-Passive IncomePassive Income vs Non-Passive Income
ARTICLES Updates 2019Free Fb Hacks
How to buy and sell blogs and websites for passive profitsHow to buy and sell blogs and websites for passive profits
Email:CYBERFILES.HACKER@GMAIL.COM
REACH US THROUGH THE EMAIL ABOVE, FOR SPYING AND HACKING PHONES, COMPUTER, EMAIL, FACEBOOK, WHATSAPP AND OTHER SOCIAL NETWORK ACCOUNTS, CANCEL PHONE TAPPING, CHANGE YOUR GRADES OR BOOST YOUR CREDIT SCORE.
OUR SERVICES ARE THE BEST ON THE MARKET AND 100% SECURE AND GUARANTEED.
Post a Comment