Skip to content

Latest commit

 

History

History
43 lines (33 loc) · 1.17 KB

README.md

File metadata and controls

43 lines (33 loc) · 1.17 KB

Not DCH - a dynamic and containerized software/web security learning platform!

Visit https://jake-cloud.github.io/GitPagesTesting/index.html for more information about our project.

Run from Docker!!

After installing Docker, run the following commands to get set up.

git clone https://github.com/zmweske/cs495-s22.git
cd cs495-s22/ 
docker-compose up -d

Visit http://localhost:8000 in your browser and start testing the application!

There are several vulnerabilities throughout the website, and you need to find them! Each will have a flag associated with it that you can look up in the local database to tell you what vulnerability it is associated with.

To remove/uninstall:

# cd cs495-s22/
docker-compose down
cd ..
rm -r ./cs495-s22/

Vulnerabilities Baked In!

Basic vulnerabilities

  • SQLi for first user access
  • SQLi for admin access
  • leaked creds

Password vulnerabilities

  • SQLi password extraction
  • plaintext pwds
  • simple hashed pwds
  • complex hashed pwds
  • salted+hash pwds

Framework vulnerabilities

  • brute force login (rate limiting)
  • Error information gathering
  • Reset password info recon