Learning Environments.

dlofnep

Hey guys,

Has anyone toyed around with webgoat yet? It's a learning environment, catered to help you learn about attacking web-applications in a safe & legal environment. It covers areas such as SQL injection, XSS and so forth. It's really solid and you can learn alot from it.

Another oen I came across but haven't had a chance to really play with yet is Damn Vulnerable Linux. It is a custom-designed linux distro, that's purposefully configured to be insecure. It seems like a great (and legal!) way to learning about poor Linux configurations, and how to attack them.

Does anybody know of any further learning environments?

Redshift

There's one run by google that I've toyed around with.
http://google-gruyere.appspot.com/

LoLth

you could try the Hacme Bank / Books / Travel utilities from Foundstone (under their free tools).

I seem to remember hacme books being pretty easy but the bank one was fun.

dlofnep

Heard of both, but haven't had the chance to tinkle with yet. I will take a look. Thanks

FruitLover

dlofnep wrote: »

Another oen I came across but haven't had a chance to really play with yet is Damn Vulnerable Linux.

Downloaded this ages ago and still haven't had time to play with it. Sound very interesting.

Not sure if it counts as a 'learning environment', but I've always found Backtrack interesting and useful.

Procasinator

There is a load of web sites, like http://hackthissite.org, that offer various different challenges.

dlofnep

I've complete most of the challenges on hackthissite.org and securityoverride.com - They are indeed very useful And fun!

dlofnep

Downloaded Damn Vulnerable Web App yesterday. It's very good. You can set varying levels of security for individual challenges. For example - low level SQL injection would require straight forward injection, while higher (while still based on the same challenge) would implement filtering.

Worth a look!

Also - I bought a copy of The Web Application Hackers Handbook. I have a PDF copy also if anybody needs it. It's a great read, but is 3 years old - so while it's current, it's not immediately current. They recently released a new edition of Hacking Web Applications Exposed, which I'm going to order for christmas and expect to be extremely current. The previous versions were published in 2002 and 2006 respectfully.

Pygmalion

Just got DVL there recently, gonna load it up to a VM now, sounds pretty interesting.

I used to really like the sites like Hackthissite, I'd say they're the main reason I got into programming when I did, but re-joined a few recently and found them fairly boring for the most part .

dlofnep

I also found this website to be really good at finding old versions of applications to attack. phpbb and wordpress in particular: http://www.oldapps.com/

Just installing phpbb 2.0 now for a start.

syklops

dlofnep wrote: »

Downloaded Damn Vulnerable Web App yesterday. It's very good. You can set varying levels of security for individual challenges. For example - low level SQL injection would require straight forward injection, while higher (while still based on the same challenge) would implement filtering.

Worth a look!

Also - I bought a copy of The Web Application Hackers Handbook. I have a PDF copy also if anybody needs it. It's a great read, but is 3 years old - so while it's current, it's not immediately current. They recently released a new edition of Hacking Web Applications Exposed, which I'm going to order for christmas and expect to be extremely current. The previous versions were published in 2002 and 2006 respectfully.

Dlofnep, did you get the New Web App hackers book? How is it? Work gave me the old version, but I would be interested in reading the new one too. Care to give us a little review of it? Worth the money?

dlofnep

Send me your e-mail address on in a message and I'll send you on a PDF.

wolfric

metasploitable. based on ubuntu 8.04.

I'd just download any old os with a known vulnerability and try work through the exploit. I find though some interesting results leaving a honey pot open on 22 on my firewall and watch what comes through.

I like to probe real world examples as much as possible. I draw the line at exploiting a vulnerability, bruteforcing, injecting, hijacking, poisoning etc. On the other hand if you work for a company that condone in house pen testing, all the better.