banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

Penetration Testing Target Collection

#渗透测试#靶场164
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document discusses various types of environments for penetration testing and vulnerability assessment, categorized into three main types: 1. **Source Code Environments**: These require users to set up their own environments using provided source code, often with Docker for easier deployment. Examples include Java and PHP setups. 2. **Docker-based Environments**: These are pre-built environments with known vulnerabilities (CVE) that can be easily pulled from repositories like Vulfocus and Vulhub. 3. **VMware Virtual Machine Environments**: These are typically used for post-exploitation scenarios, such as internal network penetration. The document also lists tools and platforms for setting up Capture The Flag (CTF) environments, including CTFd and gzctf, and mentions various PHP, ASP, JSP, and logical vulnerability testing environments. It highlights the use of Docker for rapid deployment of multiple vulnerability labs and provides links to various resources and repositories for specific vulnerabilities. Additionally, it mentions online platforms for virtual machine environments and emphasizes the importance of obtaining the target machine's IP address for effective testing.

0x01 Target Categories#

The basic environment set up can generally be divided into three categories.

  1. Environments where source code is provided, requiring manual setup. The environment can also be built using Docker through a Dockerfile, uploaded to Docker Hub for reuse. Building with Java and PHP is relatively simple, while using Docker for ASP/X is less common. Besides Docker, PHP can also be set up using integrated environments like PHPStudy.

  2. Docker-based environments, referring to integrated environments with CVE numbers, such as Vulfocus and Vulhub, which have already been set up by others, and we only need to pull them down using Docker.

  3. VMware virtual machine target environments, which often involve post-exploitation stages such as internal network penetration and domain penetration, like the GOAD target.

0x02 Tools#

To excel in your craft, you must first sharpen your tools.

If you want to integrate your own built environment or provide practice for colleagues within the company, you can set up a CTF platform, such as CTFd and GZCTF. CTFd combined with the Whale plugin can achieve dynamic flags and add Docker-based environments.

image

To add targets in CTFd, you can find them on Docker Hub, such as the target environment of Vulfocus.

image

0x03 PHP Environment#

Docker setup

docker pull mcc0624/ser:1.8
docker run -p 8002:80 -d mcc0624/ser:1.8

0x04 ASP/X Environment#

The ASP environment requires setting up an IIS environment, and you can also use the Super Little Tornado AspWebServer vulnerability environment. The databases paired with ASP are Access and SQL Server, which also need to be installed if required.

MSSQL-SQLi-Labs

0x05 JSP Environment#

image

0x06 Logic Vulnerability Target#

Logic Vulnerability Target

Logic vulnerability target environment installation:

# Install Django and Faker
python -m pip install Django
pip3 install faker

# Initialize Database
First run python manage.py runserver, then access http://127.0.0.1:8000/init_data to initialize the database, and later access http://127.0.0.1:8000/.

A Docker environment was created:

docker pull liangchenga/ljldsec:latest

0x07 Docker Environment#

Using Docker to quickly set up various vulnerability targets, currently capable of one-click setup for 17 targets.

image

The above platform can directly use Docker for one-click setup of vulnerability environments.

Vulfocus is a vulnerability integration platform that allows you to use Docker images of vulnerability environments right out of the box. Some vulnerability environments from vulhub are also available in Vulfocus, so they will not be explained one by one.

docker pull vulfocus/vulfocus:latest
docker run -d -p 80:80 -v /var/run/docker.sock:/var/run/docker.sock -e VUL_IP=x.x.x.x (local IP) vulfocus/vulfocus
# Username and password: admin/admin
  • iwebsec
    • docker pull iwebsec/iwebsec

0x08 Virtual Machines#

For virtual machine vulnerability environments, here are a few online websites that do not require downloads.

The above websites have high quality, and there are some you can try yourself, Websites/Platforms to learn to hack.

Virtual machine targets usually require you to download VMware or VirtualBox OVA format virtual images, and then import them into the virtual machine to run.

There are many virtual machine targets in Vulnhub, with the goal of obtaining flags.

Note: After importing the virtual machine, you first need to obtain the target machine's IP address. Usually, the target machine obtains an IP via DHCP, so you will need to use Nmap to scan your current subnet. If there are too many IPs in the subnet, it will be difficult to identify, and if using VMware, there may be cases where the IP cannot be obtained. It is recommended to use VirtualBox for practicing Vulnhub targets. If it is Linux, after importing, enter the password modification mode (press 'e' during boot), change the password, and then obtain the IP.

In addition to Vulnhub targets, there are also some team-built target environments, such as:

image

image

0x09 Others#

seed-labs: Experimental code and reports involved in network attack and defense courses.

0x10 Online CTF Targets#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.