The Ethical Hacker Network - IIS based hackme labs

EH-Net > Ethical Hacking Discussions and Related Certifications > Web Applications (Moderator: don) > IIS based hackme labs

Pages: [1] Go Down

« previous next »

	Author	Topic: IIS based hackme labs (Read 3567 times)
0 Members and 1 Guest are viewing this topic.

jinwald12

Jr. Member

Offline

Posts: 77

IIS based hackme labs

« on: October 28, 2012, 09:55:47 PM »

Has anyone found any good IIS/ASP/MSSQL hackme labs, I tried the Foundstone "hacme" series but am wondering if anyone knows any others.


	Logged

where did all the fun go?

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: IIS based hackme labs

« Reply #1 on: October 29, 2012, 12:32:25 AM »

I can't think of anything else besides the Simple ASP.NET Forms piece of the OWASP Broken Web Applications Project: http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html

Creating your own vulnerable app would always be a good project Cool


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

Jamie.R

Sr. Member

Offline

Posts: 429

Re: IIS based hackme labs

« Reply #2 on: October 29, 2012, 06:30:17 AM »

Making your own would be a great way to learn. I don't think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.


	Logged

OSWP | Hackingdojo Nidan | eCPPT

ajohnson

Recruiters
Hero Member

Offline

Posts: 1060

aka dynamik

Re: IIS based hackme labs

« Reply #3 on: October 29, 2012, 10:58:21 AM »

Quote from: Jamie.R on October 29, 2012, 06:30:17 AM

Making your own would be a great way to learn. I don't think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.

This hasn't been the case for awhile. You can get the express versions of their development tools and SQL Server for free. Licensing obviously prevents a convenient all-in-one VM from being distributed, but it's a minimal amount of work to install IIS, SQL Server Express, and copy the application files over.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

m0wgli

Full Member

Offline

Posts: 248

Re: IIS based hackme labs

« Reply #4 on: October 29, 2012, 01:12:02 PM »

I haven't tried this yet so I don't know if it's any good or not.

VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88


	Logged

Security + | OSWP | eCPPT | CSTA

ziggy_567

Sr. Member

Offline

Posts: 361

Re: IIS based hackme labs

« Reply #5 on: October 29, 2012, 02:42:54 PM »

I haven't tried it yet, either, but I think Acunetix has a vulnerable ASP example site.

I couldn't find the link in the 2 minutes I spent on Google either.


	Logged

--
Ziggy

eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+

m0wgli

Full Member

Offline

Posts: 248

Re: IIS based hackme labs

« Reply #6 on: October 29, 2012, 04:03:29 PM »

I came across this blog post by Raul Siles (a SANS instructor for the SEC542 "Web App Penetration Testing and Ethical Hacking" course) whilst looking for the Acunetix link:

http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html

It has a really good list of vulnerable web apps.


« Last Edit: October 29, 2012, 04:44:56 PM by m0wgli »	Logged

Security + | OSWP | eCPPT | CSTA

Pages: [1] Go Up

« previous next »

Jump to: