downloading vulnurable sites

[dark159123]

i was just wondering if there is a site/ETC where you can download website packs, containing very bad security? eg. vulnerable to sql injection/ETC.. like you download a tar/rar/zip/etc file with a whole website in it which you simply have to set up and you have a fake running website with built in vulnerabilities to crack in peace, without doing anything illegal (unless you're gonna sue yourself).

i know this is what the realistic missions are there for, but you dont get anything near full access, you can't see any of the logs/etc and you never get to play around on it after you get access.

if this doenst exist, or it does but it sucks, then feel free to move this to the suggestion part of the forum (what is a part of a forum called?)

[orwell84]

Why not make your own?
Plus, you're not supposed to have full access in the missions. That's kind of the point...First of all, you wouldn't in a real life scenario, so how would it be realistic if you were given all the source? Plus, where's the fun if you can read the php files?

[sanddbox]

Check on the OWASP website - I believe they had something like what you are looking for.

[dark159123]

@orvell84 i dont want too much of a setup process because i havent got any interest in learning php/html/etc right now as i'm trying to learn c++
thats what i'm gonna find out by having a sandbox website
first of all i dont have to read them second of all i'm too much of a noob to find out what i can/can't do by reading the scripts, or atleast im too much of a noob for it to be a spoiler for me.

@sanddbox thanks im checking it out now

[Goatboy]

Check on the OWASP website - I believe they had something like what you are looking for.

Interestingly enough, it's called WebGoat. I haven't gotten it running yet, but I hear it's pretty good.

[dark159123]

@goatboy i tried to make it work too, but failed... you need to download alot of java programs (which may be the reason) to make it work, and some of the programs you need isn't listed some places, it's just really strange... i would love to get it working though

[sanddbox]

Oh, and can we get the title corrected?

[dark159123]

whats wrong with the title?

[sanddbox]

whats wrong with the title?

Vulnerable.

[linkero]

Recently, I had downloaded WebGoat, for windows. I was able to get it working with simple ease. Just extracted the files, then ran webgoat.bat and navigated to http://localhost/webgoat/attack and used webgoat as the username and password. Unfortunately for me, its not exactly what i had interest in, but nonetheless, a wonderful program, and i will continue to play around with it As far as putting it on a *nix box or mac, haven't tried. mainly because i don't own a mac lol. I can boot up my *nix quick and try getting it to work on there and post back on how i did it if anyone needs