Home Unlabelled hackmecredit - Vulnerable Web Application for testing

hackmecredit - Vulnerable Web Application for testing

By
Friday, December 07, 2012
Read
Add Comment

This project is very good for training web penetration testing (OWASP TOP 10 Vulnerabilities).

The best way to install my vulnerable application is:
  • check the download area if you don't want to work hard.
  1. Install it on virtual machine using VMWARE or Virtual box. (I will upload my pack).
  2. Install java + tomcat + MySQL java connector.
  3. Install the database - for that you need to change the password in the Mysql.java(in WEB-INF/classes/com/hackme) file and then compile the files.
  4. Put all the files in the ROOT folder in the tomcat folder (/var/lib/tomcatVER).
  5. Download your favorite penetration testing tools.
  6. Compile the .java(in WEB-INF/classes/com/hackme) files with: javac -cp *.java .
You can also install this web application on Backtrack and all the others. For Backtrack you need to change the password in Mysql.java (in WEB-INF/classes/com/hackme) to toor.

Demonstration

Download -
HackMeCredit-Xampp_Portable.rar 
You need to have JDK(Java Development Kit).
Don't forget to execute setup_xampp.bat and setup_hackmecredit.bat from the xampp folder.
On setup_hackmecredit.bat file choose 1 and click enter.

To use and train HackMe Credit:
 * Open xampp-control.exe from xampp folder.
 * Start mysql and tomcat.
 * Go to URL - http://localhost:8080 .
 * Have fun.

If you have problems (i found out WinXP users have)
Replace this(in file: setup_hackmecredit.bat, line: 71):
"%JAVA_HOME%\bin\javac.exe" -cp "%SERVLET_CLASSES%" "%HACKME_CREDIT%\*.java" -Xlint
With This:
"%JAVA_HOME%\bin\javac.exe" -cp %SERVLET_CLASSES% %HACKME_CREDIT%\*.java -Xlint

Thanks To Xampp For This

HackMeCredit - Lubuntu Virtual Box Image (Part 1)
HackMeCredit-VirtualBox_Image.rar 
This is Lubuntu 10.10 Virtual Box Image.
The image includes:
 * Upgraded Lubuntu 10.10.
 * JDK 1.6, Tomcat6, HackMe Credit.
 * Firefox with some web penetration testing plugins.
 * Burpsuite - good penetration testing proxy.
 * SQLMap - try to avoid using it.
  HackMeCredit - Lubuntu Virtual Box Image (Part 2)
HackMeCredit-VirtualBox_Image.r00
HackMeCredit - Lubuntu Virtual Box Image (Part 3)
HackMeCredit-VirtualBox_Image.r01  - 

Source-
http://code.google.com/p/hackmecredit/

Screenshot -


Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us