关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。
想改进这个问题?将问题更新为 on-topic对于堆栈溢出。
8年前关闭。
Improve this question
我从未尝试破解网站。我刚刚遵循了安全准则。现在我想尝试开发更多的安全性。
是否有任何“培训站点”有漏洞和“练习”,有 SQL 注入(inject)、重新定义全局变量、XSS 和其他类型的漏洞。一种黑客沙箱。
最佳答案
跳到 this question on vulnerable Operating Systems在安全堆栈交换或 this one on vulnerable servers for penetration testing (尤其是 this answer 有一个很棒的列表)
我们有一些关于这个主题的问题或 Security Education一般来说,作为 IT 和信息安全的不断增长的资源,它可能非常值得您关注。
那里的内容片段:
http://www.irongeek.com/i.php?page=security/wargames
WebGoat. WebGoat is a set of deliberately insecure Java server pages
http://www.smashthestack.org/wargames.php
from their FAQ
The Smash the Stack Wargaming Network hosts several Wargames. AWargame in our context can be described as an ethical hacking environment that supports the simulation of real world software vulnerability theories or concepts and allows for the legal execution of exploitation techniques. Software can be an Operating System, network protocol, or any userland application. Blockquote
http://www.astalavista.com/page/wargames.html
http://www.governmentsecurity.org/forum/index.php?showtopic=15442
http://www.overthewire.org/wargames/
the list is long... some are up, some not...
Update 26 Feb 2011, i found a nice post from http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html . Some links might be broken. I copy from there:
Holynix Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example. http://pynstrom.net/index.php?page=holynix.php
WackoPicko WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners found: http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf https://github.com/adamdoupe/WackoPicko
De-ICE PenTest LiveCDs The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs. http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
Metasploitable Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Owaspbwa Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications. http://code.google.com/p/owaspbwa/
Web Security Dojo A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo http://www.mavensecurity.com/web_security_dojo/
Lampsecurity LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security. http://sourceforge.net/projects/lampsecurity/files/
Damn Vulnerable Web App (DVWA) Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. www.dvwa.co.uk/
Hacking-Lab This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote. http://www.hacking-lab.com/hl_livecd/
Moth Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: http://www.bonsai-sec.com/en/research/moth.php
Damn Vulnerable Linux (DVL) Damn Vulnerable Linux is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students. http://www.damnvulnerablelinux.org
pWnOS pWnOS is on a “VM Image”, that creates a target on which to practice penetration testing; with the “end goal” is to get root. It was designed to practice using exploits, with multiple entry points http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html http://www.krash.in/bond00/pWnOS%20v1.0.zip
Virtual Hacking Lab A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats. http://sourceforge.net/projects/virtualhacking/files/
Badstore Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. http://www.badstore.net/
Katana Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Able, and many more. www.hackfromacave.com/katana.html
关于security - 黑客训练模拟器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5588067/