– Learn Web Penetration Testing The Right Way

By | July 5, 2013

Learn web penetration testing

PentesterLab is an easy and great way to learn penetration testing.
PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. provides multiple kinds of vulnerable system images ( linux based ) that can be used to practise penetration testing. Each system is based on a different set of vulnerability and is a separate exercise. Check out the available exercises.

Each exercise comes with an iso image of the system in both 32 and 64 bits, along with a pdf manual which provides help and hints on how to go about doing penetration testing on the systems.

Exercise - Web for Pentester

For example one of the exercise is called "Web for Pentester" and it teaches the following things

What you will learn?
Basics of Web
Basics of HTTP
Detection of common web vulnerabilities:
    Cross-Site Scripting
    SQL injections
    Directory traversal
    Command injection
    Code injection
    XML attacks
    LDAP attacks
    File upload
Basics of fingerprinting

All you need is a virtualisation software like virtualbox. Install the system image on virtual box and start practising right away.

I tried this exercise called "Web for Pentester". The iso download size is 175mb. The system is based on debian linux and boots to a terminal. There is no gui or desktop. The system will have services like apache and mysql running up. You can boot this in virtualbox and there is actually no need to install it. Booting inside virtualbox starts it as a live cd.

Configure virtualbox to give the system its own ip address. Once the system boots access it from your host system from the browser. For example

The page shall list the links to individual pages that are vulnerable and on which you should practise your hacking skills (or penetration testing).

Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated. We provide you real systems with real vulnerabilities.

Other exercises

There are many other exercises available on

Introduction to Linux Host Review
From SQL injection to shell: PostgreSQL edition
PHP Include And Post Exploitation
Rack Cookies and Commands Injection
From SQL injection to shell
Axis2 Web service and Tomcat Manager

Each exercise teaches a lot related to its topic. These exercises are a cool addition to an existing penetration testing lab or ethical hacking lab. So its a good learning material for budding hackers.

Our exercises are not just a bunch of vulnerabilities put together, they are built to teach you how to think like an attacker.

Last Updated On : 5th July 2013

Leave a Reply

Your email address will not be published. Required fields are marked *