Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 24
Members Online: 3

Registered Members: 82905
Newest Member: BLckLIght
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Looking for extremely vulnerable source code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-09-10 00:45
Hi,

Over the past year I have been learning web application hacking. I have tried little things here and there, but mainly I have only practised on scripts that I have written. However, this has become to bore me. I would like to know if anyone knows of any CMS or web application that is extremely vulnerable to penetration so I could download it, and practise on it. I do know that HBH offers challenges, but I would like to try it on my local network and I would also like to able to view source code etc.

Your input would be greatly appreciated.

Thanks.
Author

RE: Looking for extremely vulnerable source code

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-09-10 00:55
Read wordpress and joomla changelogs and download legacy versions to practice on.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Looking for extremely vulnerable source code

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-09-10 01:10
Vector-fusion wrote:
I would say download PHP-Fusion and try that, as word-press and Joomla people know how to break in (and it is easy) were as with PHP-Fusion its harder and more of a test for you.


You're an idiot.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Looking for extremely vulnerable source code

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-09-10 01:13
Vector-fusion wrote:
Why ?


Because daddy didn't love mommy enough and that strained relationship left its scars on you.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Looking for extremely vulnerable source code

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-09-10 01:19
Vector-fusion wrote:
I don't understand why that makes me and idiot.


This is pretty much -why- I called you an idiot in the first place. Thanks for the confirmation.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Looking for extremely vulnerable source code

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 22-09-10 02:05
A legacy version of Joomla would be a great choice for a damn vulnerable CMS, as long as you find the exploits yourself, rather than give up and peek at the past work of others. If you feel frustrated that Joomla's history has been full of bugs, yet you've only been able to find one, don't simply resort to other's people's work, at least you know they're there. Instead, remind yourself that it took years for all of the many bugs found in Joomla to be discovered, so give yourself some time before quitting. This method will help you truly enhance your ability to find vulnerabilities, whereas looking at the work of others will simply provide for a reference to historical exploits found in some other CMS.

Also, Perhaps you should try OWASP's WebGoat Project. Its useful for learning simple web based exploitation, and also offers the option of assistance. I recommend this over any popularly vulnerable CMS if you plan on simply googling known exploits found in said CMS.

OWASP wrote:
WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

http://www.owasp.. . .at_Project



Despite what decision you make, Good Luck! ^_^




Edited by KvK on 22-09-10 02:06
Author

RE: Looking for extremely vulnerable source code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-09-10 07:05
http://www.ironge. . .p-security




Author

RE: Looking for extremely vulnerable source code

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 22-09-10 09:52
I did make a post about a web app that fits your criteria a while back.

here it is: http://www.hellboundhackers.org/forum/viewthread.php?forum_id=15&thread_id=14172#126492

I did say a "while back", but it seems that they have the latest version was probably in '09, so i'm afraid it's not the latest when it comes to finding bugs, but I think it'll help you sharpen your skills.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: Looking for extremely vulnerable source code

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 22-09-10 12:00
fuser wrote:
I did make a post about a web app that fits your criteria a while back.

here it is: http://www.hellboundhackers.org/forum/viewthread.php?forum_id=15&thread_id=14172#126492

I did say a "while back", but it seems that they have the latest version was probably in '09, so i'm afraid it's not the latest when it comes to finding bugs, but I think it'll help you sharpen your skills.


Damn vulnerable Web App is good for the basic stuff, but it's nothing too great for an actual training of pen-testing because you are pretty much served the vulnerabilities under your nose. I still use it though, to test my scanners etc.


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Looking for extremely vulnerable source code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-09-10 07:00
Thank you for your replies. I have downloaded Web goat and I am currently giving that a shot. I will be sure though to check out the other links you guys have provided.

Thanks again to everyone, really appreciate it!
Author

RE: Looking for extremely vulnerable source code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-12-10 13:34
Download outdated versions via http://www.oldapps.com/

I have an old copy of wordpress and phpbb from there.
Author

RE: Looking for extremely vulnerable source code

cyber-guard
Member



Posts: 26
Location:
Joined: 03.11.10
Rank:
Newbie
Posted on 28-12-10 14:44
Before posting, please check the date of the last post, this thread has been dead for over 2 months...


Check our new md5 cracker:http://www.cyber-. . .d5-cracker
http://www.cyber-. . .
http://twitter.co. . .
[mail]contact@cyber-guard.co.uk[/mail]
http://www.cyber-guard.co.uk/
Author

RE: Looking for extremely vulnerable source code

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-12-10 15:26
cyber-guard wrote:
Before posting, please check the date of the last post, this thread has been dead for over 2 months...


The post wasn't that bad if you ask me. Actually, I think the link (=new content) deserved the bump.

In general though, try to refrain from posting in old threads.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Looking for extremely vulnerable source code


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-12-10 17:07
I assumed that because it was on the first page, it was recent. I didn't realise how low activity was in the forum until you mentioned the date. Apologies Smile