Vulnerable Web Applications

BadStore	http://www.badstore.net/
BodgeIt Store	http://code.google.com/p/bodgeit/
Butterfly Security Project	http://thebutterflytmp.sourceforge.net/
bWAPP	http://www.mmeit.be/bwapp/ http://sourceforge.net/projects/bwapp/files/bee-box/
Commix	https://github.com/stasinopoulos/commix-testbed
CryptOMG	https://github.com/SpiderLabs/CryptOMG
Damn Vulnerable Node Application (DVNA)	https://github.com/quantumfoam/DVNA/
Damn Vulnerable Web App (DVWA)	http://www.dvwa.co.uk/
Damn Vulnerable Web Services (DVWS)	http://dvws.professionallyevil.com/
Drunk Admin Web Hacking Challenge	https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
Exploit KB Vulnerable Web App	http://exploit.co.il/projects/vuln-web-app/
Foundstone Hackme Bank	http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
Foundstone Hackme Books	http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
Foundstone Hackme Casino	http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
Foundstone Hackme Shipping	http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
Foundstone Hackme Travel	http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
GameOver	http://sourceforge.net/projects/null-gameover/
hackxor	http://hackxor.sourceforge.net/cgi-bin/index.pl
Hackazon	https://github.com/rapid7/hackazon
LAMPSecurity	http://sourceforge.net/projects/lampsecurity/
Moth	http://www.bonsai-sec.com/en/research/moth.php
NOWASP / Mutillidae 2	http://sourceforge.net/projects/mutillidae/
OWASP BWA	http://code.google.com/p/owaspbwa/
OWASP Hackademic	http://hackademic1.teilar.gr/
OWASP SiteGenerator	https://www.owasp.org/index.php/Owasp_SiteGenerator
OWASP Bricks	http://sourceforge.net/projects/owaspbricks/
OWASP Security Shepherd	https://www.owasp.org/index.php/OWASP_Security_Shepherd
PentesterLab	https://pentesterlab.com/
PHDays iBank CTF	http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
SecuriBench	http://suif.stanford.edu/~livshits/securibench/
SentinelTestbed	https://github.com/dobin/SentinelTestbed
SocketToMe	http://digi.ninja/projects/sockettome.php
sqli-labs	https://github.com/Audi-1/sqli-labs
MCIR (Magical Code Injection Rainbow)	https://github.com/SpiderLabs/MCIR
sqlilabs	https://github.com/himadriganguly/sqlilabs
VulnApp	http://www.nth-dimension.org.uk/blog.php?id=88
PuzzleMall	http://code.google.com/p/puzzlemall/
WackoPicko	https://github.com/adamdoupe/WackoPicko
WAED	http://www.waed.info
WebGoat.NET	https://github.com/jerryhoff/WebGoat.NET/
WebSecurity Dojo	http://www.mavensecurity.com/web_security_dojo/
XVWA	https://github.com/s4n7h0/xvwa
Zap WAVE	http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip

Recover Passcode (attackdefense.com)

Using static analysis, figure out the passcode to run challenge successfully i.e. ./challenge CORRECT_PASSCODE . If you get the right passcode, a […]

Windows API Calls for Process Injection / Manipulation / Migration

Essential Win API Functions OpenProcess() for opening the remote process VirtualAllocEx() for allocating memory in remote process WriteProcessMemory() for writing shellcode in […]

Vulnerable Web Applications

Leave a Reply Cancel reply

ROP Emporium ret2win (64bit)

Write an SMPP Fuzzer

ROP Emporium split (64bit)

Recover Passcode (attackdefense.com)

ROP Emporium callme (64bit)

Getting Passed SSL Warnings on ExploitDB Scripts for OSCP

Windows Pentesting Tools / Exploit Repositories

Windows Run-As Reverse Shell

Top 3 Hacking Tips

Windows API Calls for Process Injection / Manipulation / Migration