banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。

Penetration Testing Target Collection

0x01 Target Categories#

The basic environment set up can generally be divided into three categories.

  1. An environment where the source code is provided, and you need to set it up yourself. The environment can also be built using Docker through a Dockerfile, uploaded to Docker Hub for reuse. The builds for Java and PHP are relatively simple, while building with Docker for ASP/X is less common. Besides Docker, PHP can also be set up using integrated environments like PHPStudy.

  2. Docker-based environments, which refer to integrated environments with CVE numbers, such as Vulfocus, Vulhub, etc. These environments have already been set up by others, and we just need to pull them down using Docker.

  3. VMware virtual machine target environments, which often involve post-exploitation phases, such as internal network penetration and domain penetration, like the GOAD target.

0x02 Tools#

To do a good job, one must first sharpen their tools.

If you want to integrate your own built environment or provide practice for colleagues within the company, you can set up a CTF platform, such as CTFd and GZCTF. CTFd combined with the Whale plugin can achieve dynamic flags and add Docker-based environments.

image

To add targets in CTFd, you can find them on Docker Hub, such as the target environment of Vulfocus.

image

0x03 PHP Environment#

Docker setup

docker pull mcc0624/ser:1.8
docker run -p 8002:80 -d mcc0624/ser:1.8

0x04 ASP/X Environment#

The ASP environment requires setting up an IIS environment, and you can also use the Super Small Tornado AspWebServer vulnerability environment. The databases paired with ASP are Access and SQL Server, so if you need to use a database, you also need to install it.

MSSQL-SQLi-Labs

0x05 JSP Environment#

image

0x06 Logic Vulnerability Target#

Logic Vulnerability Target

Logic vulnerability target environment installation:

# Install Django and Faker
python -m pip install Django
pip3 install faker

# Initialize Database
First run python manage.py runserver, then access the interface http://127.0.0.1:8000/init_data to initialize the database, and later access http://127.0.0.1:8000/.

A Docker environment was created:

docker pull liangchenga/ljldsec:latest

0x07 Docker Environment#

Using Docker to quickly set up various vulnerability targets, currently, 17 targets can be set up with one click.

image

The above platform can directly use Docker to set up vulnerability environments with one click.

Vulfocus is a vulnerability integration platform that allows you to use Docker images of vulnerability environments right out of the box. Some vulnerability environments from Vulhub are also available in Vulfocus, so they will not be explained one by one.

docker pull vulfocus/vulfocus:latest
docker run -d -p 80:80 -v /var/run/docker.sock:/var/run/docker.sock -e VUL_IP=x.x.x.x (local IP) vulfocus/vulfocus
# Username and Password: admin/admin
  • iwebsec
    • docker pull iwebsec/iwebsec

0x08 Virtual Machines#

For virtual machine vulnerability environments, let's first introduce several online websites that do not require downloads.

The quality of these websites is quite high, and there are some that you can try yourself, Websites/Platforms to learn to hack.

Virtual machine targets usually require you to download VMware or VirtualBox OVA format virtual images, and then import them into the virtual machine to run.

There are many virtual machine targets in Vulnhub, with the goal of obtaining flags.

Note: After importing the virtual machine, you first need to obtain the target machine's IP address. Usually, the target machine gets its IP via DHCP, so you will need to use Nmap to scan your current subnet. If there are too many IPs in the subnet, it can be difficult to identify, and if using VMware, there may be cases where you cannot obtain an IP. It is recommended to use VirtualBox for practicing Vulnhub targets. If it is Linux, after importing, enter the password modification mode (press 'e' during boot), change the password, and first obtain the IP.

In addition to Vulnhub targets, there are also some team-built target environments, such as:

image

image

0x09 Others#

seed-labs: Experimental code and reports involved in network attack and defense courses.

0x10 CTF Online Targets#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.