Pentester Academy labs are entirely browser-based, and private and include access to a Terminal/GUI-based Kali, Ubuntu or other operating systems, with the necessary tools and scripts pre-installed. You will not need any other software to get started.
 |
| Image Source: DVWA |
DVWA
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications, and aid both students & teachers in learning about web application security in a controlled classroom environment.
DVWA aims to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple, straightforward interface. It is licensed under GPLv3.
You can download DVWA locally and install it on a virtual machine. Pentester Academy is providing an online version to save you the time and pain of doing that.
A sample set of vulnerabilities include:
- Cross-Site Scripting (DOM/Reflected/Stored)
- Command Injection
- CSRF
- Brute Force
- Weak Session IDs
- SQL Injection (Blind)
- File Inclusion/Upload
- Insecure CAPTCHA
The following username and password may be used to explore the application:
- User: admin Password: password
 |
| Image Source: bWAPP |
bWAPP
bWAPP, or a buggy web application, is a free and open-source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.
What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.
You can download bWAPP locally and install it on a virtual machine. Pentester Academy is providing an online version to save you the time and pain of doing that.
A sample set of vulnerabilities include:
- Arbitrary File Access
- SQL Injection
- Code Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- Heartbleed
- Shellshock
and many more.
The following username and password may be used to explore the application:
- User: bee Password: bug
Sign in Link: https://attackdefense.pentesteracademy.com/
Thank you guys for Reading this Post !!
If you like this post, don’t forget to follow me
Resources: pentesteracademy.com / attackdefense.pentesteracademy.com
Support me: If you like to support me, buy me a cup of Coffee☕
![Advent of Cyber 2023 - [Day 11] Jingle Bells, Shadow Spells - Tryhackme](https://blogger.googleusercontent.com/img/a/AVvXsEjvhLIwhAgizmoE_mSLJoAQsbnom9VM6M3PU9GeUpPsF6PQHGL3O3q6OIOfOe3bdk8AQQC7HpiG4LOCRp5VtWa4QPQQ9YEGXUd9UbbhGBlt551ZtTcDG_z-fK6iuicipbKBnbJgnxsJjME41AaZS2X737-Ji_-vGHP7o2L3EIPSgMdzClKnHJk3_EBAsmk=w72-h72-p-k-no-nu)
0 Comments