Setting up a vulnerable public web app
3 posts • Page 1 of 1
Setting up a vulnerable public web app
by arthurema on Wed Oct 17, 2012 6:17 pm
([msg=70197]see Setting up a vulnerable public web app[/msg])
I have a educational project in front of me. I am to setup a few different vulnerable web apps, like DVWA, and have them available on a public network. I'm looking for tips and ideas on how to best pull this off. Things to consider, putting database files into RAMDISK, time based, auto refresh of the complete application environment, application session files, etc.
- arthurema
- New User
- Posts: 1
- Joined: Wed Oct 17, 2012 6:02 pm
- Blog: View Blog (0)
Re: Setting up a vulnerable public web app
by jack08642qa on Wed Oct 17, 2012 8:15 pm
([msg=70198]see Re: Setting up a vulnerable public web app[/msg])
lets see first lets start with a basic security fault I have already seen before
In a public app on facebook someone was using ajax to get it running and they actually had their database name and pass and username as a comment next to an ajax line getting the database info from the php script
another thing is that if this app stores user info just don't sanitize any user input and make sure to allow the script to show mysql errors
In a public app on facebook someone was using ajax to get it running and they actually had their database name and pass and username as a comment next to an ajax line getting the database info from the php script
another thing is that if this app stores user info just don't sanitize any user input and make sure to allow the script to show mysql errors
- jack08642qa
- New User
- Posts: 16
- Joined: Wed Oct 03, 2012 10:14 pm
- Blog: View Blog (0)
Re: Setting up a vulnerable public web app
by weekend hacker on Thu Oct 18, 2012 2:11 pm
([msg=70209]see Re: Setting up a vulnerable public web app[/msg])
I'd say, put it in a vm. Then you can make it read only and restart whenever.
Or when coding stuff yourself sqlite allows you to store things in ram (it will disappear as soon as the connection is closed) and it could build that table from an existing table. (you'll need to filter out some sqlite commands which would allow merging with other files or overwrite certain limits you've put in place and maybe other stuff to keep it secure though). Or you could randomly delete the files and build a new table if it doesn't exist.(still filter some of the input as above).
Getting the usual databases to store things in ram isn't super tricky, but getting them to work when you reset it might be harder. And certain commands could still result in their output being stored in a location of their choosing.
The VM option would be the nicest though since it will be 100% realistic, but having several VMs up on a limited set of IPs or resetting things at an appropriate time might be tricky(trust me, its been on the HTS wishlist for far too long)
But with only 1 instance alive for each different type of vuln it could be done with a simple cron job restarting it every x minutes.
Other folks might have more ideas.
I'd love to hear how this works out, keep us updated ^^
Or when coding stuff yourself sqlite allows you to store things in ram (it will disappear as soon as the connection is closed) and it could build that table from an existing table. (you'll need to filter out some sqlite commands which would allow merging with other files or overwrite certain limits you've put in place and maybe other stuff to keep it secure though). Or you could randomly delete the files and build a new table if it doesn't exist.(still filter some of the input as above).
Getting the usual databases to store things in ram isn't super tricky, but getting them to work when you reset it might be harder. And certain commands could still result in their output being stored in a location of their choosing.
The VM option would be the nicest though since it will be 100% realistic, but having several VMs up on a limited set of IPs or resetting things at an appropriate time might be tricky(trust me, its been on the HTS wishlist for far too long)
But with only 1 instance alive for each different type of vuln it could be done with a simple cron job restarting it every x minutes.
Other folks might have more ideas.
I'd love to hear how this works out, keep us updated ^^
<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...
-
weekend hacker - Administrator
- Posts: 190
- Joined: Sun Apr 13, 2008 2:39 pm
- Location: 127.0.0.1
- Blog: View Blog (0)
3 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests