Loading...
Friday, December 7, 2012
Home » testbed » Testing Framework » Vulnerable Web Application » hackmecredit - Vulnerable Web Application for testing

hackmecredit - Vulnerable Web Application for testing


This project is very good for training web penetration testing (OWASP TOP 10 Vulnerabilities).

The best way to install my vulnerable application is:
  • check the download area if you don't want to work hard.
  1. Install it on virtual machine using VMWARE or Virtual box. (I will upload my pack).
  2. Install java + tomcat + MySQL java connector.
  3. Install the database - for that you need to change the password in the Mysql.java(in WEB-INF/classes/com/hackme) file and then compile the files.
  4. Put all the files in the ROOT folder in the tomcat folder (/var/lib/tomcatVER).
  5. Download your favorite penetration testing tools.
  6. Compile the .java(in WEB-INF/classes/com/hackme) files with: javac -cp *.java .
You can also install this web application on Backtrack and all the others. For Backtrack you need to change the password in Mysql.java (in WEB-INF/classes/com/hackme) to toor.
Demonstration

 Download -
HackMeCredit-Xampp_Portable.rar 
You need to have JDK(Java Development Kit).
Don't forget to execute setup_xampp.bat and setup_hackmecredit.bat from the xampp folder.
On setup_hackmecredit.bat file choose 1 and click enter.

To use and train HackMe Credit:
 * Open xampp-control.exe from xampp folder.
 * Start mysql and tomcat.
 * Go to URL - http://localhost:8080 .
 * Have fun.

If you have problems (i found out WinXP users have)
Replace this(in file: setup_hackmecredit.bat, line: 71):
"%JAVA_HOME%\bin\javac.exe" -cp "%SERVLET_CLASSES%" "%HACKME_CREDIT%\*.java" -Xlint
With This:
"%JAVA_HOME%\bin\javac.exe" -cp %SERVLET_CLASSES% %HACKME_CREDIT%\*.java -Xlint

Thanks To Xampp For This

HackMeCredit - Lubuntu Virtual Box Image (Part 1)
HackMeCredit-VirtualBox_Image.rar 
This is Lubuntu 10.10 Virtual Box Image.
The image includes:
 * Upgraded Lubuntu 10.10.
 * JDK 1.6, Tomcat6, HackMe Credit.
 * Firefox with some web penetration testing plugins.
 * Burpsuite - good penetration testing proxy.
 * SQLMap - try to avoid using it.
  HackMeCredit - Lubuntu Virtual Box Image (Part 2)
HackMeCredit-VirtualBox_Image.r00
HackMeCredit - Lubuntu Virtual Box Image (Part 3)
HackMeCredit-VirtualBox_Image.r01  - 


Source-
http://code.google.com/p/hackmecredit/


Screenshot -
Posted by at 5:49 AM
Information Security , ,
Share:

0 comments:

Post a Comment

:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

Subscribe to: Post Comments (Atom)
Welcome Back Visitor! Your Last Visit Was on Fri, Apr 11, 2025 07:43:27 AM
 
TOP