Monday, January 22, 2024

Pentesting Lab powered with Docker

 ﷽

Pentesting, short for penetration testing, is a crucial aspect of cybersecurity. To enhance our pentesting skills, having a robust lab environment is essential. Alhamdulillah in this blog post we shared a compiled system (Virtual Box Based) equiped with a collection of Docker images that make it easy to set up a diverse and comprehensive Pentesting Lab. 

Exploitables Server :  

https://drive.google.com/file/d/1WX-p27ZdHGO3HkYE8n3J3v0rcc-6mDYX/view?usp=sharing 

What is in the system image :

1. OWASP Juice Shop :
   - Repository: bkimminich/juice-shop
   - Tag: latest
   - Image ID: 402fefa2b068 

The OWASP Juice Shop is a modern and feature-rich web application designed for security training, awareness demos, and CTFs (Capture The Flag). It's an excellent resource for honing your skills in finding and exploiting security vulnerabilities.

2. WebGoat :
   - Repository: webgoat/webgoat
   - Tag: latest
   - Image ID: bde451613ef3

WebGoat is a deliberately insecure web application maintained by OWASP. It's designed to teach web application security lessons and provides a safe environment to practice and learn various attack techniques.

3. DVWA (Damn Vulnerable Web Application) Docker :
   - Repository: kaakaww/dvwa-docker
   - Tag: latest
   - Image ID: 5e2ed17dc0be 

DVWA is another intentionally vulnerable web application that is great for hands-on learning. It includes various security vulnerabilities, making it an ideal target for practicing different types of attacks.

 4. NOWASP (Mutillidae) Docker :
   - Repository: citizenstig/nowasp
   - Tag: latest
   - Image ID: 82e745ffc9fc

NOWASP (Mutillidae) is a free, open-source web application providing a vulnerable test bed for security enthusiasts. It's specifically designed to be exploitable, allowing users to learn and practice a wide range of web application security skills. 

5. Security Ninjas Docker Image :
   - Repository: opendns/security-ninjas
   - Tag: latest
   - Image ID: d5c4b15385a3

The Security Ninjas Docker image provides a lightweight platform for training on secure coding and application security. It includes a variety of tools and challenges to help you enhance your secure coding practices.

How to Start :

1. Download the .ova file to local storage.

2. Make sure Virtual box is installed on your system (https://www.virtualbox.org/wiki/Downloads)

3. Simply double click or import the .ova file.

4. Once system import success, run the VM.

5. System will startup and acquire IP from DHCP.

6. Check system IP which is displayed in the login screen.


7. Browse to displayed IP.


8. Then, shall we start learning ? for learning tool we use ZAP / Zed Attack Proxy.

 

 

*** Updating SSH Bruteforce server 25th January 2024, possible break in using password list available in the internet.

 


Barakallahu fiikum.


No comments:

40 Hadist Seputar Keluarga Samawa (Bagian 3)

 ﷽ Ustadz Yusuf Abu Ubaidah As-Sidawi hafizahullohuta'ala Masjid Al-Aziz  Jl. Soekarno Hatta No. 662 Bandung Hadist 11 : Doa Orangtua Bu...