OSCP Overflow Practise

SLMail: https://www.exploit-db.com/exploits/638/ – The application covered in the OSCP guides. Additional practice can be had with the C code in https://www.exploit-db.com/exploits/646/, this will challenge your understanding of the process, and by making it work – you’ll learn some C!

FreeFloatFTP Server 1.0: https://www.exploit-db.com/exploits/17546/ – I didn’t realise this at the time, but this application actually appears to have many many vulnerabilities in different commands; there could be a lot of practice mileage from this one if you follow the buffer overflow process for each vulnerability that the program has. Exploit-DB knows about quite a few from what I can see.

Minishare 1.4.1: https://www.exploit-db.com/exploits/636/ – Nothing too much to write home about, fairly standard BoF.

Savant 3.1: https://www.exploit-db.com/exploits/10434/ – Straight up BoF once again, but there is a couple of gotchas on this one where you might need to think outside the box.

WarFTPD 1.6.5: https://www.exploit-db.com/exploits/3570/ – This one is olllllllddddd! I tried running it on Windows 7 with Admin privs, enabling compatibility mode, and a few other tricks but every time it would exit with a WinSock error. I ended up having to run it on Windows XP 32 bit to get it to work.

Another way of getting more practice is to run these on Windows 7 AND Windows XP and then build exploits to target these, or possibly even later versions of Windows. Depending on the vulnerability and the program, this could cause changes in memory addresses used internally, meaning you might need to go through the whole exploit development process for each once again, giving you some more practice!

Content retrieved from: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/.

Vulnerable Mobile
Damn Vulnerable Android App (DVAA)https://code.google.com/p/dvaa/
Damn Vulnerable FirefoxOS Application (DVFA)https://github.com/pwnetrationguru/dvfa/
Damn Vulnerable iOS App (DVIA)https://damnvulnerableiosapp.com/
ExploitMe Mobile Android Labshttps://securitycompass.github.io/AndroidLabs/
ExploitMe Mobile iPhone Labshttps://securitycompass.github.io/iPhoneLabs/
Hacme Bank Androidhttps://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
InsecureBankhttps://www.paladion.net/downloadapp.html
NcN Wargamehttps://noconname.org/evento/wargame/
OWASP iGoathttps://code.google.com/p/owasp-igoat/
OWASP Goatdroidhttps://github.com/jackMannino/OWASP-GoatDroid-Project
Challenge Download Sites
VulnVPNhttps://www.rebootuser.com/?page_id=1041
VulnVoIPhttps://www.rebootuser.com/?page_id=1041
Vulnserverhttps://www.thegreycorner.com/2010/12/introducing-vulnserver.html
NETinVMhttps://informatica.uv.es/~carlos/docencia/netinvm/
DVRFhttps://github.com/praetorian-inc/DVRF
HackSys Extreme Vulnerable Driverhttps://www.payatu.com/hacksys-extreme-vulnerable-driver/
VirtuaPlanthttps://github.com/jseidl/virtuaplant
Fosscommhttps://github.com/nikosdano/fosscomm
Morning Catchhttps://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
AWBOhttps://labs.snort.org/awbo/awbo.html
CAPTF Repohttps://captf.com/
shell-storm Repohttps://shell-storm.org/repo/CTF/
VulnHubhttps://www.vulnhub.com
Online Practise Labs
Embedded Security CTFhttps://microcorruption.com
EnigmaGrouphttps://www.enigmagroup.org/
Escapehttps://escape.alf.nu/
Google Gruyerehttps://google-gruyere.appspot.com/
Gh0st Labhttps://www.gh0st.net/
Hack This Sitehttps://www.hackthissite.org/
HackThishttps://www.hackthis.co.uk/
HackQuesthttps://www.hackquest.com/
Hack.mehttps://hack.me
Hacking-Labhttps://www.hacking-lab.com
Hacker Challengehttps://www.dareyourmind.net/
Hacker Testhttps://www.hackertest.net/
hACME Gamehttps://www.hacmegame.org/
Halls Of Valhallahttps://halls-of-valhalla.org/beta/challenges
Hax.Torhttps://hax.tor.hu/
OverTheWirehttps://www.overthewire.org/wargames/
PentestIThttps://www.pentestit.ru/en/
CSC Play on Demandhttps://pod.cybersecuritychallenge.org.uk/
pwn0https://pwn0.com/home.php
RootContesthttps://rootcontest.com/
Root Mehttps://www.root-me.org/?lang=en
Security Treasure Hunthttps://www.securitytreasurehunt.com/
Smash The Stackhttps://www.smashthestack.org/
SQLZoohttps://sqlzoo.net/hack/
TheBlackSheep and Erikhttps://www.bright-shadows.net/
ThisIsLegalhttps://thisislegal.com/
Try2Hackhttps://www.try2hack.nl/
WabLabhttps://www.wablab.com/hackme
XSS: Can You XSS This?https://canyouxssthis.com/HTMLSanitizer/
XSS Gamehttps://xss-game.appspot.com/
XSS: ProgPHPhttps://xss.progphp.com/
Vulnerable Operating Systems
21LTRhttps://21ltr.com/scenes/
Damn Vulnerable Linuxhttps://sourceforge.net/projects/virtualhacking/files/os/dvl/
exploit-exercises – nebula, protostar, fusionhttps://exploit-exercises.com/download
heorot: DE-ICE, hackerdemiahttps://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
https://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
https://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
https://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
hackerdemia – https://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
Holynixhttps://sourceforge.net/projects/holynix/files/
Kioptrixhttps://www.kioptrix.com/blog/
LAMPSecurityhttps://sourceforge.net/projects/lampsecurity/
Metasploitablehttps://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
neutronstarhttps://neutronstar.org/goatselinux.html
PenTest Laboratoryhttps://pentestlab.org/lab-in-a-box/
Pentester Labhttps://www.pentesterlab.com/exercises
pWnOShttps://www.pwnos.com/
RebootUser Vulnixhttps://www.rebootuser.com/?page_id=1041
SecGame # 1: Sauronhttps://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
scriptjunkie.ushttps://www.scriptjunkie.us/2012/04/the-hacker-games/
UltimateLAMPhttps://www.amanhardikar.com/mindmaps/practice-links.html
TurnKey Linuxhttps://www.turnkeylinux.org/
Bitnamihttps://bitnami.com/stacks
Elastic Serverhttps://elasticserver.com
OS Boxeshttps://www.osboxes.org
VirtualBoxeshttps://virtualboxes.org/images/
VirtualBox Virtual Applianceshttps://virtualboximages.com/
CentOShttps://www.centos.org/
Default Windows Clientshttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise 
https://dev.windows.com/en-us/microsoft-edge/tools/vms/
Default Windows Serverhttps://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview
Default VMWare vSpherehttps://www.vmware.com/products/vsphere/
BodgeIt

https://code.google.com/archive/p/bodgeit/

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.

Some of its features and characteristics: * Easy to install – just requires java and a servlet engine, e.g. Tomcat * Self contained (no additional dependencies other than to 2 in the above line) * Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required * Cross platform * Open source * No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up

All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.

Then point your browser at (for example) https://localhost:8080/bodgeit

You may find it easier to find vulnerabilities using a pen test tool.

If you dont have a favourite one, I’d recommend the Zed Attack Proxy (for which I’m the project lead).

The Bodge It Store include the following significant vulnerabilities: * Cross Site Scripting * SQL injection * Hidden (but unprotected) content * Cross Site Request Forgery * Debug code * Insecure Object References * Application logic vulnerabilities If you spot any others then let me know 😉

There is also a ‘scoring’ page (linked from the ‘About Us’ page) where you can see various hacking challenges and whether you have completed them or not.

Vulnerable Web Applications
BadStorehttps://www.badstore.net/
BodgeIt Storehttps://code.google.com/p/bodgeit/
Butterfly Security Projecthttps://thebutterflytmp.sourceforge.net/
bWAPPhttps://www.mmeit.be/bwapp/ 
https://sourceforge.net/projects/bwapp/files/bee-box/
Commixhttps://github.com/stasinopoulos/commix-testbed
CryptOMGhttps://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA)https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA)https://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS)https://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challengehttps://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web Apphttps://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bankhttps://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Bookshttps://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casinohttps://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shippinghttps://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travelhttps://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOverhttps://sourceforge.net/projects/null-gameover/
hackxorhttps://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazonhttps://github.com/rapid7/hackazon
LAMPSecurityhttps://sourceforge.net/projects/lampsecurity/
Mothhttps://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2https://sourceforge.net/projects/mutillidae/
OWASP BWAhttps://code.google.com/p/owaspbwa/
OWASP Hackademichttps://hackademic1.teilar.gr/
OWASP SiteGeneratorhttps://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Brickshttps://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherdhttps://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLabhttps://pentesterlab.com/
PHDays iBank CTFhttps://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBenchhttps://suif.stanford.edu/~livshits/securibench/
SentinelTestbedhttps://github.com/dobin/SentinelTestbed
SocketToMehttps://digi.ninja/projects/sockettome.php
sqli-labshttps://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow)https://github.com/SpiderLabs/MCIR
sqlilabshttps://github.com/himadriganguly/sqlilabs
VulnApphttps://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMallhttps://code.google.com/p/puzzlemall/
WackoPickohttps://github.com/adamdoupe/WackoPicko
WAEDhttps://www.waed.info
WebGoat.NEThttps://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojohttps://www.mavensecurity.com/web_security_dojo/
XVWAhttps://github.com/s4n7h0/xvwa
Zap WAVEhttps://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip