IMCAFS

Home

bwapp: a very useful vulnerability demonstration platform

Posted by punzalan at 2020-04-02
all

Write at the beginning

Because of the need of work, I want to find a better vulnerability demonstration platform. I found that before freebuf, a friend mentioned bwapp platform, and I think it's very good after studying it. Most of the online vulnerability demonstration platforms are about webload and DVWA, but bwapp is rarely introduced. So I decided to send it out in the hope of helping the interested friends.

BWAPP

Buggy web application this is an open-source Web application integrating various common and latest vulnerabilities. It aims to help network security enthusiasts, developers and students to discover and prevent network vulnerabilities. It contains more than 100 vulnerabilities, covering all major known web vulnerabilities, including OWASP TOP10 security risks, and most importantly, OpenSSL and shellstock vulnerabilities.

Download & install

Bwapp can be downloaded separately and deployed to the Apache + PHP + MySQL environment. It can also download the virtual machine version of bee box. However, there are many vulnerabilities in bee box, but bwapp does not have when it is installed separately, such as shell breaking vulnerability, heart blood dripping vulnerability, etc. I mainly use bee box here.

Download address:

After downloading, unzip it, open it with VMware, access port 80, bwapp default account password

More than 100 vulnerabilities have been built in, as follows:

Small test knife

The following is the test method for some vulnerabilities:

1、HTML Injection – Reflected (GET)

Input: < a href = http://www.baidu.com > Click here</a>

2、iFrame Injection

Modify paramurl parameter as follows:

3、OS Command Injection

Enter the following string:

www.nsa.gov;id

www.nsa.gov&&id

www.nsa.gov|id

4、PHP Code Injection

Modify the parameter message to PHP code:

5、SQL Injection (GET/Search)

Direct sqlmap to:

6、XML/XPath Injection (Login Form)

Account password input: A & ා039; or & ා039; &? Need modification? )

7、Broken Auth. – Password Attacks

Other password tests (SSH, FTP, SNMP)

8、XSS – Reflected (GET)

Input:

9、XSS – Stored (Blog)

Input:

192.168.245.136 is my Kali, which has started beef.

Beef goes online to obtain cookies, execute JS, etc

10、Insecure WebDAV Configuration

Direct put upload:

Upload succeeded:

11、HTML5 Web Storage (Secret)

Use chrome, F12 to view the account password:

12、Heartbleed Vulnerability

Login https://192.168.245.142:8443/bwapp/login.php bee/bug

Through the vulnerability, grab the memory and directly obtain the account password just logged in:

13、Remote & Local File Inclusion (RFI/LFI)

Modify parameter: language = / etc / passwd

Test local include, modify the parameter: language = phpinfo.txt

Test remote include, modify the parameter: language is the address of the remote shell:

14、XML External Entity Attacks (XXE)

Click "any bugs" to grab the package and modify the post data as follows:

15、PHP CGI Remote Code Execution

Check the source code http://192.168.245.142/bwapp/admin/? - S

Read file: http://192.168.245.142/bwapp/admin/? - Dauto ﹣ prepend ﹣ file% 3D / etc / passwd + - n

Using MSF getshell: configuration parameters

GETSHELL:

16、Shellshock Vulnerability (CGI)

Grab the package and modify the request header of the request http://192.168.245.142/bwapp/shellstock.sh:

17、Unvalidated Redirects & Forwards

Click beam to grab the package and modify the parameter url = http://www.baidu.com:

18、Unrestricted File Upload

Browse, upload shell:

19、WSDL FILE

Visit: http://192.168.245.142/bwapp/ws_soap.php? WSDL

Use WVS to scan the web service:

Test with sqlmap:

There are other loopholes that will not be tested one by one. If you are interested, you can test them.

*Author: shentoucushi, reprint please indicate from freebuf hacker and geek (freebuf. Com)