Skip to content

Vulnerable OS Collection is a collection of four Ubuntu based OSes containing real world vulnerable web applications.

Notifications You must be signed in to change notification settings

pentesteracademy/vulnoscollection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

https://user-images.githubusercontent.com/6920524/33830320-ad2e46d6-de99-11e7-944f-8ffa4cb365c9.png

Vulnerable OS Collection

Vulnerable OS Collection is a collection of four Ubuntu based OSes which contain real world vulnerable web applications. The motive behind this project was to enable the pentesters to learn by doing practical attacks. The OSes comes in OVF format and can be imported into Oracle VirtualBox or VMware Workstation Player/Pro. This enables the pentesters to get these ready in less time and start practicing.

These Vulnerable OSes are:
  • Command Injection (CI) OS which contains following vulnerable web apps
    • AjaXplorer
    • Basilic
    • LotusCMS
    • Log1CMS
    • PHP -Charts
    • PHP Tax
    • Webmin
    • SugarCRM
    • Zenoss
    • Splunk
  • Arbitray File Upload (AFU) OS which contains following vulnerable web apps
    • AppRain CMF
    • Cuteflow
    • eXtplorer
    • Glossword
    • Joomla Media Upload
    • Kordile EDMS
    • Libretto CMS
    • Mobilecartly
    • ProjectPier
    • QdPM
    • Sflog
    • TestLink
    • VCMS
    • WebPagetest
    • XODA
    • ChillyCMS
    • Free-Blog
  • Cross-Site-Scripting (XSS) OS which contains following vulnerable web apps
    • Achievo
    • ArticleSetup
    • BigTree-CMS
    • Concrete
    • Family Connection
    • GetSimple
    • NewsCoop
    • ORBIS CMS
    • PHP Web Directory
    • Posnic
    • ProQuiz
    • SCMS
    • PHP Ticket System
    • ShoutBox
    • Syndeo CMS
    • Pligg CMS
  • SQL Injection (SQL) OS which contains following vulnerable web apps
    • FoeCMS
    • Joomla CMS
    • Posnic
    • Sandbox
    • Wiki Web Help
    • YVS Image Gallery
    • B2ePMS
    • Hotel Portal
    • NanoDB
    • NewScoop
    • PHP My Recipes
    • Quotations
    • ReciPHP
    • SN News

Downloads

The OSes can be downloaded from the following links:

Credentials

Default credentials for all OSes

  • Username: SecurityTube
  • Password: 123321

Solution Video

We have used these VMs in our Pentester Academy courses. Interested people can check those out on following links.

To learn more about Web Application Pentesting, please have a look at the following courses:

Author

  • Ashish Bhangale, Sr. Security Researcher, Pentester Academy (@Hax0rGuy)

Screenshot

Vulnerable OS Login Screen

https://user-images.githubusercontent.com/6920524/33830266-70adf12a-de99-11e7-8347-ab058187671a.jpg

About

Vulnerable OS Collection is a collection of four Ubuntu based OSes containing real world vulnerable web applications.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published