.

IIS based hackme labs

<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Sun Oct 28, 2012 9:55 pm

IIS based hackme labs

Has anyone found any good IIS/ASP/MSSQL hackme labs, I tried the Foundstone "hacme" series but am wondering if anyone knows any others.
where did all the fun go?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 29, 2012 12:32 am

Re: IIS based hackme labs

I can't think of anything else besides the Simple ASP.NET Forms piece of the OWASP Broken Web Applications Project: http://g0tmi1k.blogspot.com/2011/03/vul ... esign.html

Creating your own vulnerable app would always be a good project 8)
The day you stop learning is the day you start becoming obsolete.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Oct 29, 2012 6:30 am

Re: IIS based hackme labs

Making your own would be a great way to learn. I don't think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 29, 2012 10:58 am

Re: IIS based hackme labs

Jamie.R wrote:Making your own would be a great way to learn. I don't think you will find any that use Microsoft products unless you pay for it. I know elearn have a few sites but you need to pay for their labs.


This hasn't been the case for awhile. You can get the express versions of their development tools and SQL Server for free. Licensing obviously prevents a convenient all-in-one VM from being distributed, but it's a minimal amount of work to install IIS, SQL Server Express, and copy the application files over.
The day you stop learning is the day you start becoming obsolete.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Mon Oct 29, 2012 1:12 pm

Re: IIS based hackme labs

I haven't tried this yet so I don't know if it's any good or not.

VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon Oct 29, 2012 2:42 pm

Re: IIS based hackme labs

I haven't tried it yet, either, but I think Acunetix has a vulnerable ASP example site.

I couldn't find the link in the 2 minutes I spent on Google either.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Mon Oct 29, 2012 4:03 pm

Re: IIS based hackme labs

I came across this blog post by Raul Siles (a SANS instructor for the SEC542 "Web App Penetration Testing and Ethical Hacking" course) whilst looking for the Acunetix link:

http://blog.taddong.com/2011/10/hacking ... tions.html

It has a really good list of vulnerable web apps.
Last edited by m0wgli on Mon Oct 29, 2012 4:44 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software