Pentesterlab.com – Learn Web Penetration Testing The Right Way
Learn web penetration testing
PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities.
Pentesterlab.com provides multiple kinds of vulnerable system images ( linux based ) that can be used to practise penetration testing. Each system is based on a different set of vulnerability and is a separate exercise. Check out the available exercises.
Each exercise comes with an iso image of the system in both 32 and 64 bits, along with a pdf manual which provides help and hints on how to go about doing penetration testing on the systems.
Exercise - Web for Pentester
For example one of the exercise is called "Web for Pentester" and it teaches the following things
What you will learn? Basics of Web Basics of HTTP Detection of common web vulnerabilities: Cross-Site Scripting SQL injections Directory traversal Command injection Code injection XML attacks LDAP attacks File upload Basics of fingerprinting
All you need is a virtualisation software like virtualbox. Install the system image on virtual box and start practising right away.
I tried this exercise called "Web for Pentester". The iso download size is 175mb. The system is based on debian linux and boots to a terminal. There is no gui or desktop. The system will have services like apache and mysql running up. You can boot this in virtualbox and there is actually no need to install it. Booting inside virtualbox starts it as a live cd.
Configure virtualbox to give the system its own ip address. Once the system boots access it from your host system from the browser. For example
The page shall list the links to individual pages that are vulnerable and on which you should practise your hacking skills (or penetration testing).
There are many other exercises available on pentesterlab.com
Introduction to Linux Host Review From SQL injection to shell: PostgreSQL edition PHP Include And Post Exploitation Rack Cookies and Commands Injection From SQL injection to shell Axis2 Web service and Tomcat Manager
Each exercise teaches a lot related to its topic. These exercises are a cool addition to an existing penetration testing lab or ethical hacking lab. So its a good learning material for budding hackers.