GameOver – Training and educating about the web security
Section 1 consists of special web applications that are designed especially to teach the basics of Web Security .
Section 1 will cover :
- RFI & LFI
- BruteForce Authentication
- Directory/Path traversal
- Command execution
- SQL injection
Section 2 is a collection of dileberately insecure Web applications . This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites .
We would advice newbies to try and exploit these web applications . These applications provide real life environments and will boost their confidence .
System Requirements :
In order to run the VM image, you need to have a VM Player 4.0.2 or higher.(We have not tested it in lower versions of VM Player). You may allocate 256MB or higher RAM to this instance. In case you do not have a VM Player installed or for some reason you prefer another virtualization software, you may download the .iso and run it in a ‘Live’ mode.
Getting Started :
In case you have chosen the Live CD, select ‘Live’ from the grub menu and Enter
Login with the following credentials.
Once you login, type ‘ifconfig’ in your GameOver machine command prompt and hit Enter.
This will give you the ip address of the GameOver machine (Server).
Now in your client browser enter this IP address and hit Enter.
You should be able to access GameOver now.
Voyage Linu: GameOver has Voyage Linux as its base OS. Voyage is a minimilistic Linux distribution which is in turn based on Debian. For more information regarding Voyage Linux we encourage you to check out their website: http://linux.voyage.hk/.
Web Applications (section 1):
1. Damn Vulneable Web Application: (http://www.dvwa.co.uk/)
2. OWASP WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
3. Ghost (http://www.gh0s7.net/)
4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)
5. Zap-Wave: (http://code.google.com/p/zaproxy/)
Web Applications (section 2):
1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)
2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)
3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)
4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)
5. BodgeIT: (http://code.google.com/p/bodgeit/)
6. PuzzleMall: (https://code.google.com/p/puzzlemall/)
7. WAVSEP: (https://code.google.com/p/wavsep/)
The .iso cannot be installed on a Virtual machine, but works perfectly in the ‘Live mode’.
In case you encounter any bug or issue in this Project, you may report it to firstname.lastname@example.org (Jovin Lobo).
We encourage users to tryout GameOver and learn more about Web security. There are tons of other deliberately insecure applications on the Internet. If you find any such interesting/useful application we would be glad to append it to this existing collection of insecure Apps. You can send your suggestions/improvements to email@example.com (Jovin Lobo).
We have currently only included Web based applications in this current release of GameOver.
In the future releases we plan to include system level CTF’s along with Web based applications to give the users a complete hands-on experience.
You can also visit this link http://www.nullcon.net/challenge/archives.asp to play NULLCON challenges. The challenges are broadly categorized into Web , Cryptography, Trivia, Log, analysis, Reverse engineering, Forensics, System and Programming.