Bits and bytes of a hacker.

Docker Images for Penetration Testing Practice

My previous post outlined the necessary steps to install Docker on Kali Linux. Now that Docker is up and running, here’s a few docker images that can be launched to pentest against:

  1. Acme-lock-me-out by Websecurify
    Acme-lock-me-out is a login bruteforce demo webapp written in NodeJS and MongoDB.

  2. Aceme-no-login by Websecurify
    Acme-no-login is a demo login bypass attack webapp written in NodeJS and MongoDB.

  3. Acme-no-login-ng by Websecurify
    Acme-no-login-ng is another demo login bypass attack webapp written in NodeJS and MongoDB.

  4. Security Ninjas AppSec Training by OpenDNS
    Security Ninjas AppSec Training is a vulnerable webapp that teaches the OWASP Top 10 vulnerabilities.

  5. Damn Vulnerable Web Application (DVWA)
    docker pull citizenstig/dvwa
    DVWA is a vulnerable web app written in PHP and MySQL. Vulnerabilities can be exploited with varying degrees of difficulty.

  6. Mutillidae 2 by OWASP
    docker pull citizenstig/nowasp
    Mutillidae 2 is a vulnerable webapp that teaches the OWASP Top 10 vulnerabilities.

  7. Vulnerable Wordpress by WPScanteam
    docker pull wpscanteam/vulnerablewordpress
    Vulnerable Wordpress is a vulnerable webapp designed by the creators of WPScan.

  8. Webgoat by OWASP
    docker pull danmx/docker-owasp-webgoat
    WebGoat is a vulnerable PHP webapp designed to teach security principles. The ASP.NET version is available here as well.

  9. Shellshock: Vulnerability As A Service
    docker pull hmlio/vaas-cve-2014-6271
    This image showcases the Shellshock vulnerability by running a vulnerable Debian distro.

  10. Security Shepherd by OWASP
    docker pull ismisepaul/securityshepherd
    Security Shepherd teaches webapp and mobile app security principles.

  11. Heartbleed: Vulnerability As A Service
    docker pull hmlio/vaas-cve-2014-0160
    This image showcases the Heartbleed vulnerability by running a vulnerable Debian distro.

  12. Bricks by OWASP
    docker pull citizenstig/owaspbricks
    Bricks is a vulnerable webapp written in PHP and MySQL, it’s well documented and has accompanying videos.

How to Install Docker on Kali Linux

I’ve recently upgraded to Kali 2 2016.2 and decided to run some local web apps to exercise exploiting the MEAN stack. To make things as quick and simple as possible, I decided to run these web apps in Docker.

To install Docker in Kali, these were the steps I followed:

  1. Create a backports file and add the entry for Debian Wheezy:

    echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/backports.list && apt-get update

  2. Install ca-certificates and allow APT to operate via https:

    apt-get install apt-transport-https ca-certificates

  3. Add the appropriate GPG key:

    apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

  4. Add the appropriate Docker source entry:

    echo 'deb https://apt.dockerproject.org/repo debian-wheezy main' > /etc/apt/sources.list.d/docker.list && apt-get update

  5. Install Docker and start its service:

    apt-get install docker-engine && service docker start

  6. Verify that Docker is working:

    docker run hello-world

That’s it, Docker should now be up and running on Kali Linux.

Automated Web Hacking With Yasuo

Recently Saurabh Harit and Sephen Hall released their latest iteration of Yasuo, a ruby scanner for known vulnerable third party web applications.

The scanner is extremely fast and has numerous arguments that make it easy to use. I gave the scanner a run by feeding it an Nmap XML file to parse. The scanner found all IPs running third party web services and isolated those with default login credentials.

Finally, the scanner prints out a table with the application name and URL. It also recommends a potential exploit and prints the default credentials if any were found.

This tool is great for networks with large IP ranges and I highly recommend it for others to try. The source is readily available on Github here.