If you want to be a hacker, the entire websites conspire you to achieve it. This is the new version of quote for those who wish to become hackers. These websites are vulnerable and anyone can try the hacking techniques. We are introducing such web applications.
- Authentication: WackoPicko provides personalized content to registered users.
- Upload Pictures: When a photo is uploaded to WackoPicko by a registered user, other users can comment on it, as well as purchase the right to a high-quality version.
- Comment On Pictures: Once a picture is uploaded into WackoPicko, all registered users can comment on the photo by ﬁlling out a form.
- Purchase Pictures: A registered user on WackoPicko can purchase the high-quality version of a picture.
- Search: The search feature offers the possibility to filter pictures by looking for strings in the tags of the images
- Guestbook: A guestbook page provides a way to receive feedback from all visitors to the WackoPicko website.
- Admin Area: WackoPicko has a special area for administrators only, which enables the creation of new users.
- Exploit KB Vulnerable Web App – This is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional website with a content management system based on FCKeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab.
- The BodgeIt Store –This is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities.
- Hackxor It is a web application hacking game developed by albino. It is a game where players must locate and exploit vulnerabilities to progress through the story wherein you play as a black hat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting(XSS), Cross Site Request Forgery(CSRF), Structured Query Language Injection (SQLi), Remote Command Injection(RCE), and much more. It’s also a web application running on Fedora 14. Players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism & difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
It has following Features:
- Client attack simulation using HtmlUnit; no alert(‘XSS’) here.
- Smooth difficulty gradient from moderately easy to fiendishly tricky.
- Realistic vulnerabilities modeled from Google, Mozilla, etc
- Open-ended play; progress by any means possible.
- SQLol – This is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at Austin Hackers Association meeting 0x3f by Daniel “unicorn Furnace” Crowley of Trustwave Holdings, Inc. – Spider Labs. SQLol comes with a set of challenges which task you with performing some flavor of SQL injection and have pre-configured settings.
- DVWA (Damn Vulnerable Web Application) This vulnerable PHP/MySQL web application is one of the famous web applications used for or testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst and is part of Random Storm Open Source project.
As the name suggests DVWA has many web application vulnerabilities which affect it. Every vulnerability has three different security levels, low, medium and high. The security levels give a challenge to the ‘attacker’ and also shows how each vulnerability can be counter measured by secure coding.
- WebGoatThis is an OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson.
- OWASP Hackademic Challenges Project – It is another OWASP Project that helps you test your knowledge on web application security. You can use it to attack web applications in a realistic but also controllable and safe environment. Currently, there are 10 web application security scenarios available for you to hack.The Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker’s perspective.
- XSSeducation It is a set of Cross Site Scripting attack challenges for people just learning about XSS to people who just want a good place to practice their already awesome skills. Various realistic challenges have been included for practice and it is still under development by AJ00200 but can already be downloaded.