10 vulnerable web applications to Hack - Learn Ethical Hacking

10 vulnerable web applications  to Hack



DVWA (Dam Vulnerable Web Application) - this vulnerable PHP/MySQL web application is one of the famous web applications used for or testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project.

Mutillidae - is a free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties


SQLol - is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs.

Hackxor - a web application hacking game developed by albino. It is a game where players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting(XSS), Cross Site Request Forgery(CSRF), Structured Query Language Injection (SQLi), Remote Command Injection(RCE), and many more. It’s also a web application running on Fedora 14.

The BodgeIt Store - is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities.


Exploit KB / exploit.co.il Vulnerable Web App - is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab.


WackoPicko - is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners.

WebGoat -is an OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson.

OWASP Hackademic Challenges Project - is another OWASP Project that helps you test your knowledge on web application security. You can use it to attack web applications in a realistic but also controlable and safe environment. Currently, there are 10 web application security scenarios available for you to hack.


XSSeducation – is a set of Cross Site Scripting attack challenges for people just learning about XSS to people who just want a good place to practice their already awesome skills. Various realistic challenges have been included for practice and it is still under development by AJ00200 but can already be dowloaded.



Online Hacking Challenges - try out


Links:

Description:
-
A Really nice hacking challenges system which gives you a lot of challenges
in many diffrent subjects, such as: "Realistic Missions", Encryption, "Basic
Web", "Application Challenges" and much more.
-
A Very nice site, with really nice challenges! if you are stuck in any of them
you can always get some hints in their irc server/channel :). - check it out.
-
The biggest Root-this-box and greatest (team based) wargames system on the net!
-
A very old and cool hacking challenges site.
-
The new version of the "LearnToHack" lovely site.
-
A very good website which is about hacking. It has a lot of challenges that cover many
subjects , such as: Logic, Oktranon, Cryptography, Scripting, Brain and Misc.
-
A website that presents A list of challenges in many subjects , such as: JavaScript,
Stegano, Logic, Special Science, Realistic, Analysis and Programming.
-
An interesting site, with interesting challenges! - very recommended.
-
A Great challenges system, with a nice story.
-
The old (and the really good) Ma's Reversing Site. good luck!
-
This site, is the Independent Starfleet Academy Training Center for Internet Security
(ISATCIS), very cool site and really invested site.
-
Just the right amount of challenge with a filling of humor. Powerful (instant activated)
shell account for all players. Web, networking, logic, rare and original challenges.
Hints and IRC contact.


IP Net Infov1.5

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more. This utility can be very useful for finding the origin of unsolicited mail.

Optionally, add CurrPorts to the same directory to resolve information of the remote IP address via the right-click

Source :- http://www.portablefreeware.com/?id=1634&ts=1381334917

Daphnev1

Daphne is a task manager replacement with a variety of extra features. It displays a list of currently running process with detailed information about: CPU usage, Process ID, Process name, Full path (and arguments), Priority, Class (Process / Service), Current memory usage, Peek memory usage, Current swap usage, Peek swap usage and Number of threads.

Additionally, the program has a crosshair that can be dragged onto existing windows to Find, Kill, put on top, change transparrency, and even enable/disable. A "trap" feature lets you modify or prioritize processes whenever they appear.

Alternatively, Daphne Portable is also available

Source :- http://www.portablefreeware.com/?id=2316&ts=1381425411