Loading...
Friday, December 7, 2012

hackmecredit - Vulnerable Web Application for testing


This project is very good for training web penetration testing (OWASP TOP 10 Vulnerabilities).

The best way to install my vulnerable application is:
  • check the download area if you don't want to work hard.
  1. Install it on virtual machine using VMWARE or Virtual box. (I will upload my pack).
  2. Install java + tomcat + MySQL java connector.
  3. Install the database - for that you need to change the password in the Mysql.java(in WEB-INF/classes/com/hackme) file and then compile the files.
  4. Put all the files in the ROOT folder in the tomcat folder (/var/lib/tomcatVER).
  5. Download your favorite penetration testing tools.
  6. Compile the .java(in WEB-INF/classes/com/hackme) files with: javac -cp *.java .
You can also install this web application on Backtrack and all the others. For Backtrack you need to change the password in Mysql.java (in WEB-INF/classes/com/hackme) to toor.

Demonstration

Download -
HackMeCredit-Xampp_Portable.rar
You need to have JDK(Java Development Kit).
Don't forget to execute setup_xampp.bat and setup_hackmecredit.bat from the xampp folder.
On setup_hackmecredit.bat file choose 1 and click enter.

To use and train HackMe Credit:
 * Open xampp-control.exe from xampp folder.
 * Start mysql and tomcat.
 * Go to URL - http://localhost:8080 .
 * Have fun.

If you have problems (i found out WinXP users have)
Replace this(in file: setup_hackmecredit.bat, line: 71):
"%JAVA_HOME%\bin\javac.exe" -cp "%SERVLET_CLASSES%" "%HACKME_CREDIT%\*.java" -Xlint
With This:
"%JAVA_HOME%\bin\javac.exe" -cp %SERVLET_CLASSES% %HACKME_CREDIT%\*.java -Xlint

Thanks To Xampp For This

HackMeCredit - Lubuntu Virtual Box Image (Part 1)
HackMeCredit-VirtualBox_Image.rar
This is Lubuntu 10.10 Virtual Box Image.
The image includes:
 * Upgraded Lubuntu 10.10.
 * JDK 1.6, Tomcat6, HackMe Credit.
 * Firefox with some web penetration testing plugins.
 * Burpsuite - good penetration testing proxy.
 * SQLMap - try to avoid using it.
  HackMeCredit - Lubuntu Virtual Box Image (Part 2)
HackMeCredit-VirtualBox_Image.r00
HackMeCredit - Lubuntu Virtual Box Image (Part 3)
HackMeCredit-VirtualBox_Image.r01  - 

Source-
http://code.google.com/p/hackmecredit/

Screenshot -


0 comments:

Post a Comment

 
TOP