This repository contains a set of demo challenges for practicing network security vulnerabilities. The challenges cover common web vulnerabilities such as SQL injection (SQLi), cross-site scripting (XSS), and network capturing (MITM). Each challenge is designed to help you understand and exploit these vulnerabilities in a controlled environment.
- SQLi1: Basic Login Bypass
- SQLi2: Data Extraction with Union Injection
- XSS1: Reflected XSS
- XSS2: Stored XSS
- MITM: Capture Session Token
- Docker
- Docker Compose
- Web browser
- Wireshark (optional)
In this challenge, you will perform a SQL injection attack to bypass a login page. The objective is to log in as any user by injecting a payload into the login form.
-
Navigate to the
sqli1_Basic-Login-Bypassdirectory:cd sqli1_Basic-Login-Bypass -
Build and run the Docker containers:
docker-compose up --build
-
Open your browser and navigate to
http://localhost:3000. -
Try to bypass the login form by using SQL Injection.
In this challenge, you will use SQL injection to extract hidden data from the database using UNION injection. The objective is to retrieve sensitive information by manipulating the SQL query.
-
Navigate to the
sqli2_Data-Extractio-with-Union-Injectiondirectory:cd sqli2_Data-Extractio-with-Union-Injection -
Build and run the Docker containers:
docker-compose up --build
-
Open your browser and navigate to
http://localhost:3000. -
Use the search bar to perform UNION injection and extract hidden data.
In this challenge, you will perform a reflected XSS attack by injecting JavaScript into a search query. The objective is to execute a script that steals the user's cookie by exploiting the reflected XSS vulnerability.
hint: The admin will use the link that sent from the Debugging form.
-
Navigate to the
xss1_Reflected-XSSdirectory:cd xss1_Reflected-XSS -
Build and run the Docker containers:
docker-compose up --build
-
Open your browser and navigate to
http://localhost:3000. -
Try to craft a phishing link that exploits the reflected XSS vulnerability.
In this challenge, you will perform a stored XSS attack by injecting JavaScript into a blog post. The objective is to steal the admin's cookie by exploiting the stored XSS vulnerability.
hint: The admin will view the homepage in periodical time.
-
Navigate to the
xss2_Stored-XSSdirectory:cd xss2_Stored-XSS -
Build and run the Docker containers:
docker-compose up --build
-
Open your browser and navigate to
http://localhost:3000. -
Log in using the provided credentials and navigate to the AddBlog page.
-
Inject a script tag into the blog content to test for stored XSS.
In this challenge, you will perform a man-in-the-middle attack to capture a session token from a packet capture file. The objective is to intercept the data between the client and server and extract the session token.
-
Navigate to the
mitm_Capture-Session-Tokendirectory:cd mitm_Capture-Session-Token -
Build and run the Docker containers:
docker-compose up --build
-
Use
tcpdumpto capture the network traffic:docker exec -it <client_container_id> sh -c "apt-get update && apt-get install -y tcpdump" docker exec -it <client_container_id> tcpdump -i eth0 -w /tmp/capture.pcap
-
Copy the capture file to your host machine:
docker cp <client_container_id>:/tmp/capture.pcap .
-
Open the capture file with Wireshark and use the
http.cookiefilter to locate the session token.
These challenges are designed to help you understand and exploit common web and network vulnerabiltities. Follow the setup instructions for each challenge and try to achieve the objectives. Happy hacking! Write-ups for each challenge are available in the writeups directory.