Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

So far i have provided few Web Application Pen Testing tutorials . Now it is time to for practicing your hacking / pentesting skills in legal way. Last time , i explained about the Damn Vulnerable Web Application(DVWA).

Now, i've come with different web application that will help you to improve your knowledge in web app pentesting.


The BodgeIt Store

Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:

Cross Site Scripting (XSS)
SQL injection (SQLi)
Hidden (but unprotected) content
Cross Site Request Forgery
Debug code
Insecure Object References
Application logic vulnerabilities

There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

How to setup the Pen Testing Lab?


Requirements:

BodgeIt app(download)
Tomcat server

Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).

step 1:Install the Tomcat
Install the Tomcat in your system. If you don't know how to do install the tomcat , do google search.

Step 2: Start the server
Start the tomcat server.

In Ubuntu, type the following command in Terminal:

sudo /etc/init.d/tomcat6 start

For windows users, just click the tomcat server in all programs.

Step 3:
Open the browser and type "localhost:8080". It will show a page "It works !". There you can access the manager webapp(http://localhost:8080/manager/html) page. Clicking the link will ask to enter the username and password. enter your computer username and password.

Step 4:
Now you are in "Tomcat Web Application Manager" page. Scroll down and there you can see theWAR file to deploy form.

Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file . Now click the Deploy button.

Yes, Now the Application successfully installed..

Access the BodgeIt in this location: http://localhost:8080/bodgeit/

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

I hope you learned about the Sql injection and XSS from BTS. But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime. So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the "Damn Vulnerable Web App (DVWA)". It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :

Using this application , you can also practice:


* LFI /RFI (File Inclusion methods)
* Command Execution
* Upload Script
* Login Brute Force

Owasp Xenotix XSS Exploit Framewor

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner. It provides a penetration tester the ability to test all the possible XSS payloads available in the payload list against a web application with ease. The tool supports both manual mode and automated time sharing based test modes. It includes a XSS encoder, a victim side keystroke logger, and an Executable Drive-by downloader.


Features:

* Built in XSS Payloads

* XSS Key logger

* XSS Executable Drive-by downloader

* Automatic XSS Testing

* XSS Encoder


Download: https://www.owasp.org

Snuck - Automatic XSS filter bypass tool

snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.


snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.


Download: http://code.google.com/

The Teenage Mutant Ninja Turtles project

The Teenage Mutant Ninja Turtles project is four things:
1-A Web Application payload database.
2-A Web Application error database.
3-A Web Application payload mutator.
4-A Web Application payload manager (e.g. does database clean up).

Nowadays all high profile sites found in financial and telecommunication sector use filters to filter out all types of vulnerabilities such as SQL, XSS, XXE, Http Header Injection e.t.c. In this particular project I am going to provide you with a tool to generate Obfuscated Fuzzing Injection attacks on order to bypass badly implemented Web Application injection filters (e.t.c SQL Injections, XSS Injections e.t.c).


Download: http://code.google.com

More Info: http://code.google.com

Xenotix XSS Exploit Framework v.2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.


Features: 


Built in XSS Payloads

XSS Key logger

XSS Executable Drive-by downloader

Automatic XSS Testing

XSS Encoder

XSS Reverse Shell (new)

Download: from  https://www.owasp.org/

XSSF - Cross-Site Scripting Framework v.3.0 Released

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.


XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.


XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Frameworkallows users to launch MSF browser based exploit easilly from an XSS vulnerability.

XSSF Basics: Install on Kali-1.0 Video Demo : http://youtube.com


Download: https://code.google.com

vBulletin vBShout Module v6.0.5 - Reflected Cross-Site Scripting ( XSS )

vBulletin vBShout Module v6.0.5 - Reflected Cross-Site Scripting ( XSS )

The last version of vBShout (6.0.5) suffers from Reflected Cross-Site Scripting , located in Search Archive

Update: Released version 6.0.6,but still vulnerable.

Poc: ( required to be logged )

http://www.site.com/vbshout.php?message=XSS&username=&hours=&from[month]=0&from[day]=&from[year] =0&end[month]=0&end[day]=&end[year]=0&chatroomid=0&orderby=DESC&perpage=5&s=&do=archive&instanceid=1

http://www.site.com/vbshout.php?message=XSS&s=&do=archive&instanceid=1

Note: HTML Injection and Redirect works too!

Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code

Swimming into Trojan and Rootkit GameThief.Win32.Magania Hostile Code

Trojan-GameThief.Win32.Magania, according to Kaspersky naming convention, monitors the user activities trying to obtain valuable information from the affected user, especially about gaming login accounts. This long tutorial analyze this malware but is also a general document which explains how to analyze a modern nested-dolls malware.

In this paper we will analyse more deeply the structure of this malware, especially the polymorphic part that represents a typical sample of hostile code. Starting from the first load into IDA we can see that Megania's PE structure and Import Table destroyed, this is how looks from WinGraph:

Download PDF 

Direct Link

NET Framework Rootkits

NET Framework Rootkits

The whitepaper .NET Framework rootkits - backdoors inside your framework.pdf covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it's supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.

This paper also introduces .NET-Sploit 1.0 - a new tool for building MSIL rootkits that will enable the user to inject preloaded/custom payload to the Framework core DLL. 

Download and more info 

Link 1 (Media Fire)

XSSF - Cross-Site Scripting Framework v.3.0 Released

XSSF - Cross-Site Scripting Framework v.3.0 Released

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Frameworkallows users to launch MSF browser based exploit easilly from an XSS vulnerability.


XSSF Basics: Install on Kali-1.0 Video Demo : Youtube

Download: From  http://code.google.com