GameOver – Training and educating about the web security

Project GameOverwas started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work . GameOver has been broken down into two sections .

Section 1 consists of special web applications that are designed especially to teach the basics of Web Security .
Section 1 will cover :

  • XSS
  • CSRF
  • RFI & LFI
  • BruteForce Authentication
  • Directory/Path traversal
  • Command execution
  • SQL injection

Section 2 is a collection of dileberately insecure Web applications . This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites .
We would advice newbies to try and exploit these web applications . These applications provide real life environments and will boost their confidence .

System Requirements :
In order to run the VM image, you need to have a VM Player 4.0.2 or higher.(We have not tested it in lower versions of VM Player). You may allocate 256MB or higher RAM to this instance. In case you do not have a VM Player installed or for some reason you prefer another virtualization software, you may download the .iso and run it in a ‘Live’ mode.

Getting Started :
In case you have chosen the Live CD, select ‘Live’ from the grub menu and Enter
Login with the following credentials.
username: root
password: gameover

Once you login, type ‘ifconfig’ in your GameOver machine command prompt and hit Enter.
This will give you the ip address of the GameOver machine (Server).
Now in your client browser enter this IP address and hit Enter.
You should be able to access GameOver now.

Voyage Linu:  GameOver has Voyage Linux as its base OS. Voyage is a minimilistic Linux distribution which is in turn based on Debian. For more information regarding Voyage Linux we encourage you to check out their website:

Web Applications (section 1):

1. Damn Vulneable Web Application:  (
2. OWASP  WebGoat:(
3. Ghost (
4. Mutillidae (
5. Zap-Wave: (

Web Applications (section 2):

1. Owasp Hacademic Challenges : (
2. Owasp Vicnum: (
3. WackoPicko: (
4. Owasp Insecure Web App: (
5. BodgeIT: (
6. PuzzleMall: (
7. WAVSEP: (

Known Bugs 🙁
The .iso cannot be installed on a Virtual machine, but works perfectly in the ‘Live mode’.

Bug Report:
In case you encounter any bug or issue in this Project, you may report it to (Jovin Lobo).

We encourage users to tryout GameOver and learn more about Web security. There are tons of other deliberately insecure applications on the Internet. If you find any such interesting/useful application we would be glad to append it to this existing collection of insecure Apps. You can send your suggestions/improvements to (Jovin Lobo).

Road Map:
We have currently only included Web based applications in this current release of GameOver.
In the future releases we plan to include system level CTF’s along with Web based applications to give the users a complete hands-on experience.

You can also visit this link to play NULLCON challenges. The challenges are broadly categorized into  Web , Cryptography, Trivia, Log, analysis, Reverse engineering, Forensics, System  and Programming.

Download : GameOver.0.1.null.iso (426.8 MB)
Find Other version |
Read more in here :