YouReadMyBlog

Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.

‘

Damn Vulnerable Web App v.1 has just been released in the past hour. The BETA version has had over 500 downloads in the past couple of months so I thought I would further develop it and make it open source.

‘

Changelog:

Made command execution more realistic.

Added help buttons.

Added .htaccess file to turn magic quotes off.

Improved database creation with setup.php.

Amended installation instructions in README file.

Added GNU GPL license.

Added a robots.txt file with disallow all.

Removed link to www.ethicalhacker.co.uk in footer.

Added better error output on magic quotes.

‘

There are alternatives out there such as irongeek’s Multillidae and Andrew Kramer’s Peruggia. However DVWA is not meant to be as realistic as a real web app, it is meant to be as easy to use as possible for beginners to learn or for teachers to teach.

‘

To download and/or contribute to DVWA:

http://sourceforge.net/projects/dvwa/

‘

Thanks Craig for the guest post!

ethicalhack3r

Hey all, just a quick post regarding a little application that myself, 1337speak and ethicalhack3r have developed to aid us in information gathering exercises: ScreenStamp! I cannot think of a better way to explain it than what is written on the official website, so here it goes:

What is ScreenStamp! going to do?

When ScreenStamp! has been fully developed for the release of the BETA version, it will once run ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as a pose to saving screen shots.ScreenStamp! will also time and date stamp the screen shot at the top right hand corner.

Where did the ScreenStamp! idea come from?

When myself and my work group at University, where we are studying Ethical Hacking for Computer Security were carrying out an Information Gathering exercise the task of taking and saving screen shots with the clock opened and date showing was becoming really boring, so myself and a couple of other group members decided that and application that would do this for us would be well worth the time spent on creating one, after we had looked at failed to fins an application that did exactly what we had in mind.

I urge you all to go try it out and let us know what you think and of any bugs you find, it is available for both windows and linux with the possibility of Mac version coming soon (although the linux version may work on Mac??)

You can find out more and download @ http://www.screenstamp.co.uk

A few weeks ago when I was bored I wrote an NMAP frontend with php that you can use to portscan machines, it was written because of limitations of not being able to install nmap on machines on which you do not have admin rights – but still need to use it to do some basic info gathering.

It’s plonked over on my other server, its not finished and I will be adding more web based tools when I can be bothered (It gives me an excuse to code something.)

There are a few things you should know if you do decide to give it a try:

• You must read the disclaimer first; boring I know, but it’s there for a reason
• Loading the results may take some time, be patient.
• It’s not perfect and is liable to change.

That’s all for today – I guess you need the URL -

http://nmap.sevren.net

Craig