More PenTesting Web Platforms
July 17, 2011
Leave a comment
Great resource found here:
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
Web Pentesting
War Games
Application Name |
Company / Developer |
URL |
Hell Bound Hackers | Hell Bound Hackers | http://hellboundhackers.org/ |
Vulnerability Assessment | Kevin Orrey | http://www.vulnerabilityassessment.co.uk/ |
Smash the Stack | Smash the Stack | http://www.smashthestack.org/ |
Over the Wire | Over the Wire | http://www.overthewire.org/wargames/ |
Hack This Site | Hack This Site | http://www.hackthissite.org/ |
Hacking Lab | Hacking Lab | https://www.hacking-lab.com/ |
We Chall | We Chall | https://www.wechall.net/ |
REMnux | REMnux | http://zeltser.com/remnux/ |
Insecure Distributions
Application Name |
Company / Developer |
URL |
Damm Vulnerable Linux | DVL | http://www.damnvulnerablelinux.org/ |
Metasploitable | Offensive Security | http://blog.metasploit.com/2010/05/introducing-metasploitable.html |
de-ICE | Hacker Junkie | http://www.de-ice.net/ |
Moth | Bonsai Security Software | http://www.bonsai-sec.com/en/research/moth.php |
PwnOS | Niel Dickson | http://www.neildickson.com/os/ |
Holynix | Pynstrom | http://pynstrom.net/holynix.php |
Categories: Uncategorized
PenTesting Web Apps
May 29, 2011
Leave a comment
S.No. | Vulnerable Application | Platform |
1 | SPI Dynamics (live) | ASP |
2 | Cenzic (live) | PHP |
3 | Watchfire (live) | ASPX |
4 | Acunetix 1 (live) | PHP |
5 | Acunetix 2 (live) | ASP |
6 | Acunetix 3 (live) | ASP.Net |
7 | PCTechtips Challenge (live) | |
8 | Damn Vulnerable Web Application | PHP/MySQL |
9 | Mutillidae | PHP |
10 | The Butterfly Security Project | PHP |
11 | Hacme Casino | Ruby on Rails |
12 | Hacme Bank 2.0 | ASP.NET (2.0) |
13 | Updated HackmeBank | ASP.NET (2.0) |
14 | Hacme Books | J2EE |
15 | Hacme Travel | C++ (application client-server) |
16 | Hacme Shipping | ColdFusion MX 7, MySQL |
17 | OWASP WebGoat | JAVA |
18 | OWASP Vicnum | PHP, Perl |
19 | OWASP InsecureWebApp | JAVA |
20 | OWASP SiteGenerator | ASP.NET |
21 | Moth | |
22 | Stanford SecuriBench | JAVA |
23 | SecuriBench Micro | JAVA |
24 | BadStore | Perl(CGI) |
25 | WebMaven/Buggy Bank (very old) | |
26 | EnigmaGroup (live) | |
27 | XSS Encoding Skills – x5s (Casaba Watcher) | |
28 | Google – Gruyere (live) (previously Jarlsberg) | |
29 | Exploit- DB | Multi-platform |
30 | The Bodgeit Store | JSP |
31 | LampSecurity | PHP |
32 | hackxor | Perl(CGI) |
33 | OWASP – Hackademic | PHP |
Categories: Uncategorized
WordPress 3.1 on Server 2008 R2 Core
May 13, 2011
2 comments
Howdy All! I thought it would be pertinent for a first post to cover how the web site is set up! My goal was simple, to create a secure and low resource consuming web server to host this wonderful word press blog you are all now viewing!
The setup itself is not too tricky but calls for just a bit more excitement over the traditional windows server installation considering the command line intensive nature of server core. Lets start by talking about the different technologies we will be using:
- Windows Server 2008 R2 Core
- PHP
- MySQL
- Word press
To start lets discuss setting up Windows Server 2008 R2 Core. Server Core is a minimal server installation option for computers running on the Windows Server 2008 R2 operating system. Server Core provides a low-maintenance server environment with limited functionality. For this blog, server core was a natural choice as I wanted to deploy it in a virtual environment with limited memory resources. Currently the server works wonders with only 512MB of ram and a single 3GHz processor. Quite a feat for the latest Windows OS.
Anywho, lets get to the good stuff. The installation of server core is identical to any other version of Server 2008 R2.
- Insert your media of choice, if you do not happen to have a copy of Server 2008 R2 you can grab a ISO from Microsofts Trial Software Website.
- Power up the computer and wait for setup to load, select your language of choice and click Next.
- Click Install Now
- Enter your Product ID now if you have one, otherwise you can activate it later, click Next.
- Select the edition of Windows you would like to install depending on your licensing scenario, in our case it will be Windows Server 2008 R2 Web Server and click Next.
- Accept the license terms, and click Next.
- Select Custom Installation as we are going to format the drive and create a new installation, configure your disk as you see fit and click Next.
- Wait for the installation to complete, when done you will be presented with a Ctrl + Alt + Del screen, go ahead and log in, you will be prompted to change credentials.
- Finally we are presented with all that is server core, no interface just a lone command prompt
- The next thing we need to do is configure the server for our environment, fortunately there is a handy little tool to help up. Type sconfig to start the System Configuration Utility
Use this utility so set the Computer Name (Option 2), Windows Update Settings (Option 5), Download and Install Windows Updates (Option 6), Configure Network Settings (Option 8), and set the Date and Time (Option 9). You can also configure remote management options via either Remote Desktop (Option 7) or MMC / Server Manager (Option 4). - Finally we need to enable IIS to host the word press blog. This is done by using the pkgmgr tool and the following command:
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel;IIS-CGI
Once all of the applicable windows updates have been applied and the server configured, it is time to move onto the next step, Installing PHP.
- Visit http://windows.php.net/download/ to download the latest Installer version of PHP, this version contains a packaged .msi which makes installation incredibly easy.
- Run the following command to start the installation of PHP:
msiexec.exe /i C:PATH_TO_FILE.msi
- Accept all defaults in the installation, and voila! PHP is installed, it does not get much more simple than that!
- Now we need to make a few tweeks to make sure PHP is configured correctly. Using the command line, navigate to the installation directory of PHP, and perform the following:
– Copy c:INSTALLATION_DIRphp.ini-recommended c:INSTALLATION_DIRphp.ini
– Notepad php.ini
– Change: extension_dir=”c:phpext”
– Uncomment: extension=php_mysql.dll
– Add: Extension=php_gd.dll
– Save the file php.ini and exit notepad All done with PHP!
Now we get to install and configure MySQL
- Download the latest version of MySQL from http://www.mysql.com/downloads/mysql/, once again make sure to download the MSI installer.
- Using similar syntax execute the .msi file: msiexec.exe /i PATH_TO_FILE.msi
– At Welcome, Click next
– Select Typical, Click next
– Click Install, Next all the way and Finish.
– Instance Configuration will now begin:
– At Welcome, Click next
– Select Standard Configuration, Click next
– Select Install as Windows Service, Click next
– Specify the root password and Click next
– Click Execute and Finish - Now we need to configure the MySQL database. We do so with the following commands:
– Execute c:Program Files (x86)MySQLMySQL Server 5.0binmysql.exe –u root –p
– Key in your root password specified earlier.
– mysql> create database wordpress;
– mysql> grant all privileges on wordpress.* to ‘wordpress’@’%’ identified by ‘password’;
Now all that is left to do is set up WordPress and we are good to go!
- Download the latest version of WordPress from http://wordpress.org/download/
- Extract the contents of the File to c:inetpubwwwrootwordpress
- Make a copy of the sample configuration file:
cd c:inetpubwwwrootwordpress
copy wp-config-sample.php wp-config.php - Now using notepad edit the configuration file to speak with our database: notepad.exe wp-config.php change the following lines:
– define(‘DB_NAME’, ‘wordpress’); // The name of the database
– define(‘DB_USER’, ‘wordpress’); // Your MySQL username
– define(‘DB_PASSWORD’, ‘password’); // …and password
– define(‘DB_HOST’, ‘localhost’); // Change this to IP address of your database
Make sure to save the changes when done - Now we fire up our browser of choice and visit the following link, http://<Server>/wordpress/wp-admin/install.php and start configuring WordPress
So in conclusion we have managed to sucessfully set up WordPress on Server Core 2008 R2! We have a light weight, secure, very fast OS to serve our every need! I want to extend some credit to Dennis Chung and his blog for giving me guidance in my initial explorations in setting up WordPress on Server Core.
Categories: Windows
Recent Comments