XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit

This entry is part 5 of 5 in the series [ Sites Where You Can Hack ]

Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …

Gruyere :: A Cheesy Web App For Your Hacking Delectation

This entry is part 4 of 5 in the series [ Sites Where You Can Hack ]

I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

This entry is part 3 of 5 in the series [ Sites Where You Can Hack ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Hacker Night School ] :: Commando VM: a Windows Hacking “Distro”

This entry is part 21 of 32 in the series [ Hacker Night School ]

When you hack or pen test or play CTF, you use Kali or Parrot or some other Linux, right? Windows hasn’t been a preferred security testing platform, but that doesn’t mean people haven’t been thinking about it. Enter FireEye, and the “Commando VM: The First of Its Kind Windows Offensive Distribution”. Hmmm. So … going …

[ Hacker Night School ] :: Metasploitable 3: A Hackable Windows VM

This entry is part 23 of 32 in the series [ Hacker Night School ]

Rapid7 is the organization behind Metasploit, and also maintains a series of vulnerable-by-design virtual machines – Metasploitable 1, 2 and now 3.The first two were nice Linux machines with lots of services and misconfigurations to exploit, but the third is a Windows machine. This requires using Vagrant to provision (build and configure) a VM from …

[ Hacker Night School ] :: VulnHub Walk-Throughs: This is how you learn to pwn

This entry is part 22 of 32 in the series [ Hacker Night School ]

Of course all us 1337 haxors know about VulnHub (https://www.vulnhub.com/), where you can download virtual machines to hack to your heart’s content. This place will devour your free time, your weekends, your relationships. Some of the challenges will truly reduce your brain to pudding. IgniteTechnologies maintains a Github repo of of hackingwalk-throughs against a bunch …