downloading vulnurable sites

Discuss the many weaknesses of browser security and ways to mitigate the threat

downloading vulnurable sites

Post by dark159123 on Wed Mar 24, 2010 2:23 pm
([msg=37265]see downloading vulnurable sites[/msg])

i was just wondering if there is a site/ETC where you can download website packs, containing very bad security? eg. vulnerable to sql injection/ETC.. like you download a tar/rar/zip/etc file with a whole website in it which you simply have to set up and you have a fake running website with built in vulnerabilities to crack in peace, without doing anything illegal (unless you're gonna sue yourself).

i know this is what the realistic missions are there for, but you dont get anything near full access, you can't see any of the logs/etc and you never get to play around on it after you get access.

if this doenst exist, or it does but it sucks, then feel free to move this to the suggestion part of the forum (what is a part of a forum called?)
Scientia Est Sanctum

Security is not to be archieved by eliminating danger, but by learning to defend yourself against it
User avatar
dark159123
Experienced User
Experienced User
 
Posts: 71
Joined: Sun Feb 28, 2010 4:37 pm
Location: The Cyberweb
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by orwell84 on Wed Mar 24, 2010 2:55 pm
([msg=37268]see Re: downloading vulnurable sites[/msg])

Why not make your own?
Plus, you're not supposed to have full access in the missions. That's kind of the point...First of all, you wouldn't in a real life scenario, so how would it be realistic if you were given all the source? Plus, where's the fun if you can read the php files?
Mens et manus.
User avatar
orwell84
Poster
Poster
 
Posts: 112
Joined: Fri Feb 20, 2009 8:20 pm
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by sanddbox on Wed Mar 24, 2010 5:42 pm
([msg=37273]see Re: downloading vulnurable sites[/msg])

Check on the OWASP website - I believe they had something like what you are looking for.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by dark159123 on Thu Mar 25, 2010 9:03 am
([msg=37294]see Re: downloading vulnurable sites[/msg])

@orvell84 i dont want too much of a setup process because i havent got any interest in learning php/html/etc right now as i'm trying to learn c++
thats what i'm gonna find out by having a sandbox website
first of all i dont have to read them :P second of all i'm too much of a noob to find out what i can/can't do by reading the scripts, or atleast im too much of a noob for it to be a spoiler for me.

@sanddbox thanks im checking it out now
Scientia Est Sanctum

Security is not to be archieved by eliminating danger, but by learning to defend yourself against it
User avatar
dark159123
Experienced User
Experienced User
 
Posts: 71
Joined: Sun Feb 28, 2010 4:37 pm
Location: The Cyberweb
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by Goatboy on Thu Mar 25, 2010 9:08 am
([msg=37295]see Re: downloading vulnurable sites[/msg])

sanddbox wrote:Check on the OWASP website - I believe they had something like what you are looking for.

Interestingly enough, it's called WebGoat. I haven't gotten it running yet, but I hear it's pretty good.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2822
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by dark159123 on Thu Mar 25, 2010 3:55 pm
([msg=37301]see Re: downloading vulnurable sites[/msg])

@goatboy i tried to make it work too, but failed... you need to download alot of java programs (which may be the reason) to make it work, and some of the programs you need isn't listed some places, it's just really strange... i would love to get it working though
Scientia Est Sanctum

Security is not to be archieved by eliminating danger, but by learning to defend yourself against it
User avatar
dark159123
Experienced User
Experienced User
 
Posts: 71
Joined: Sun Feb 28, 2010 4:37 pm
Location: The Cyberweb
Blog: View Blog (0)


Re: downloading vulnerable sites

Post by sanddbox on Thu Mar 25, 2010 6:36 pm
([msg=37306]see Re: downloading vulnerable sites[/msg])

Oh, and can we get the title corrected?
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by dark159123 on Tue Mar 30, 2010 2:12 pm
([msg=37485]see Re: downloading vulnurable sites[/msg])

whats wrong with the title?
Scientia Est Sanctum

Security is not to be archieved by eliminating danger, but by learning to defend yourself against it
User avatar
dark159123
Experienced User
Experienced User
 
Posts: 71
Joined: Sun Feb 28, 2010 4:37 pm
Location: The Cyberweb
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by sanddbox on Tue Mar 30, 2010 7:29 pm
([msg=37503]see Re: downloading vulnurable sites[/msg])

dark159123 wrote:whats wrong with the title?

Vulnerable.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by linkero on Thu Apr 01, 2010 8:55 am
([msg=37561]see Re: downloading vulnurable sites[/msg])

Recently, I had downloaded WebGoat, for windows. I was able to get it working with simple ease. Just extracted the files, then ran webgoat.bat and navigated to http://localhost/webgoat/attack and used webgoat as the username and password. Unfortunately for me, its not exactly what i had interest in, but nonetheless, a wonderful program, and i will continue to play around with it ;) As far as putting it on a *nix box or mac, haven't tried. mainly because i don't own a mac lol. I can boot up my *nix quick and try getting it to work on there and post back on how i did it if anyone needs
linkero
New User
New User
 
Posts: 6
Joined: Thu May 22, 2008 9:18 am
Blog: View Blog (0)


Next

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests