This project is very good for training web penetration testing (OWASP TOP 10 Vulnerabilities).
The best way to install my vulnerable application is:
The best way to install my vulnerable application is:
- check the download area if you don't want to work hard.
- Install it on virtual machine using VMWARE or Virtual box. (I will upload my pack).
- Install java + tomcat + MySQL java connector.
- Install the database - for that you need to change the password in the Mysql.java(in WEB-INF/classes/com/hackme) file and then compile the files.
- Put all the files in the ROOT folder in the tomcat folder (/var/lib/tomcatVER).
- Download your favorite penetration testing tools.
- Compile the .java(in WEB-INF/classes/com/hackme) files with: javac -cp *.java .
Download -
HackMeCredit-Xampp_Portable.rar
You need to have JDK(Java Development Kit).
Don't forget to execute setup_xampp.bat and setup_hackmecredit.bat from the xampp folder.
On setup_hackmecredit.bat file choose 1 and click enter.
To use and train HackMe Credit:
* Open xampp-control.exe from xampp folder.
* Start mysql and tomcat.
* Go to URL - http://localhost:8080 .
* Have fun.
If you have problems (i found out WinXP users have)
Replace this(in file: setup_hackmecredit.bat, line: 71):
"%JAVA_HOME%\bin\javac.exe" -cp "%SERVLET_CLASSES%" "%HACKME_CREDIT%\*.java" -Xlint
With This:
"%JAVA_HOME%\bin\javac.exe" -cp %SERVLET_CLASSES% %HACKME_CREDIT%\*.java -Xlint
Thanks To Xampp For This
HackMeCredit - Lubuntu Virtual Box Image (Part 1)
HackMeCredit-VirtualBox_Image.rar
This is Lubuntu 10.10 Virtual Box Image.
The image includes:
* Upgraded Lubuntu 10.10.
* JDK 1.6, Tomcat6, HackMe Credit.
* Firefox with some web penetration testing plugins.
* Burpsuite - good penetration testing proxy.
* SQLMap - try to avoid using it.
HackMeCredit - Lubuntu Virtual Box Image (Part 2)HackMeCredit-VirtualBox_Image.r00
HackMeCredit - Lubuntu Virtual Box Image (Part 3)
HackMeCredit-VirtualBox_Image.r01 -
Source-
http://code.google.com/p/hackmecredit/
Screenshot -
0 comments:
Post a Comment