iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
[Help]Hosting a Intranet web-server for practicing pen-testing
  • mandi
    Posts: 207
    I Just readed lot of theories on networking and some basic web-application hacking methods and other things,i am much more interested in doing some practice or pen-testing to test out/improve my skills,
    I tought of installing xamp,but considering that i am willing to host and hack various types of web-Application ,i do feel xampp is not enough,So tought of Intranet Web-server for pen-testing


    1)Is it a good idea to create A intra-net web-server for pen-testing web-Applications?Because i am not having much money for buying a VPS server for this

    2)if possible can any 1 refer me to a tutorial on creating a Intranet web-server?

    Hope some one may offer me some Advices...
  • Xin
    Posts: 3,251
    Install virtual box or vmware, install ubuntu server, debian, centos, windows server (whichever you want) most of these already have apache installed, if not just install apache , mysql etc, then go from there.

    I recommend using the de-ice pentest discs although there very basic, or the Damn Vulnerable Linux disc, or the OWASP challenges for web app stuff.
    Xin
  • mandi
    Posts: 207
    Ok bro ,how to Assign a name to the site?
    Because I am looking to set-up a site like target.com inside my intranet,


    I recommend using the de-ice pentest discs although there very basic, or the Damn Vulnerable Linux disc, or the OWASP challenges for web app stuf


    Also TBH i am in the learners stages,is there any video tutorials available on these pen-testing methods?

    if you got any useful link,please share with me...
  • Sh3llc0d3
    Posts: 1,910
    These haev major spoilers in them, they're not tutorials for the de-ice disks more a walkthrough of how pureh@te did it...

    http://pur3h4t3.blogspot.com/

    Look down the right-hand site and you want the De-Ice-100 series first.

    Downloads are available from the forums the links are on their wiki page:

    http://de-ice.net/hackerpedia/index.php ... ks#Level_1

    Might be worthwhile downloading the first disk and see how far you get with footprinting etc. The De-Ice disks are more of a system/network hacking project (depending on how you approach it) But Damn Vulnerable Web App might be worth a look at for your purposes (web app security).

    http://www.dvwa.co.uk/download.php

    You can download XAMPP and sort things out yourself or the easy way and download the live cd which is ready to go. A word of warning DO NOT run this on a live machine with a open internet connection else you will find yourself being an unknowing honeypot. Its called damn vulnerable for a reason.

    The above aren't really accompanied by official tutorials, it's a pick-up the skills and perfect them kinda thing. Best advice I can give is read up a tutorial on (for example XSS) and then pratice on DVWA (damn vuln web app).

    Hope that helps, if all else fails google or youtube may throw up some results for the de-ice disks.
  • chroniccommand
    Posts: 1,389
    Just install apache2, php5, postresql with aptitude(Remember to run as root). It will install a directory:/var/www/
    Just install things there. So for example, if you wanted to install myBB, you'd install it and bring the folder into /var/www/
    To connect, just make sure the server is started and go to 127.0.0.1 or http://localhost/
  • Xin
    Posts: 3,251
    said:


    Ok bro ,how to Assign a name to the site?
    Because I am looking to set-up a site like target.com inside my intranet,


    I recommend using the de-ice pentest discs although there very basic, or the Damn Vulnerable Linux disc, or the OWASP challenges for web app stuf


    Also TBH i am in the learners stages,is there any video tutorials available on these pen-testing methods?

    if you got any useful link,please share with me...


    To be the de-ice disks scan the ports connect to each server and see if you can get in, grab as many users and passes you can then login and steal the files, they are very easy.
    Xin
  • Xin
    Posts: 3,251
    said:


    Ok bro ,how to Assign a name to the site?
    Because I am looking to set-up a site like target.com inside my intranet,


    I recommend using the de-ice pentest discs although there very basic, or the Damn Vulnerable Linux disc, or the OWASP challenges for web app stuf


    Also TBH i am in the learners stages,is there any video tutorials available on these pen-testing methods?

    if you got any useful link,please share with me...


    Also you dont really need a domain name if its local website just remember the ip address and connect to it.
    Xin
  • nasro24
    Posts: 17
    You should use pWnOS .. i even made video how to hack it ;)
    check it out on : http://MRnasro.blogspot.com
Add a Comment