Skip to content

Latest commit

 

History

History
121 lines (100 loc) · 3.38 KB

README.rst

File metadata and controls

121 lines (100 loc) · 3.38 KB

https://user-images.githubusercontent.com/6920524/33830320-ad2e46d6-de99-11e7-944f-8ffa4cb365c9.png

Vulnerable OS Collection

Vulnerable OS Collection is a collection of four Ubuntu based OSes which contain real world vulnerable web applications. The motive behind this project was to enable the pentesters to learn by doing practical attacks. The OSes comes in OVF format and can be imported into Oracle VirtualBox or VMware Workstation Player/Pro. This enables the pentesters to get these ready in less time and start practicing.

These Vulnerable OSes are:
  • Command Injection (CI) OS which contains following vulnerable web apps
    • AjaXplorer
    • Basilic
    • LotusCMS
    • Log1CMS
    • PHP -Charts
    • PHP Tax
    • Webmin
    • SugarCRM
    • Zenoss
    • Splunk
  • Arbitray File Upload (AFU) OS which contains following vulnerable web apps
    • AppRain CMF
    • Cuteflow
    • eXtplorer
    • Glossword
    • Joomla Media Upload
    • Kordile EDMS
    • Libretto CMS
    • Mobilecartly
    • ProjectPier
    • QdPM
    • Sflog
    • TestLink
    • VCMS
    • WebPagetest
    • XODA
    • ChillyCMS
    • Free-Blog
  • Cross-Site-Scripting (XSS) OS which contains following vulnerable web apps
    • Achievo
    • ArticleSetup
    • BigTree-CMS
    • Concrete
    • Family Connection
    • GetSimple
    • NewsCoop
    • ORBIS CMS
    • PHP Web Directory
    • Posnic
    • ProQuiz
    • SCMS
    • PHP Ticket System
    • ShoutBox
    • Syndeo CMS
    • Pligg CMS
  • SQL Injection (SQL) OS which contains following vulnerable web apps
    • FoeCMS
    • Joomla CMS
    • Posnic
    • Sandbox
    • Wiki Web Help
    • YVS Image Gallery
    • B2ePMS
    • Hotel Portal
    • NanoDB
    • NewScoop
    • PHP My Recipes
    • Quotations
    • ReciPHP
    • SN News

Downloads

The OSes can be downloaded from the following links:

Credentials

Default credentials for all OSes

  • Username: SecurityTube
  • Password: 123321

Solution Video

We have used these VMs in our Pentester Academy courses. Interested people can check those out on following links.

To learn more about Web Application Pentesting, please have a look at the following courses:

Author

  • Ashish Bhangale, Sr. Security Researcher, Pentester Academy (@Hax0rGuy)

Screenshot

Vulnerable OS Login Screen

https://user-images.githubusercontent.com/6920524/33830266-70adf12a-de99-11e7-8347-ab058187671a.jpg