InformationSecurity

PenTesting

Getting started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Prerequisites

For a ready to use Docker environment with all Joomla and its dependencies already installed and prepared, you can check out the Docker environment section.

To run the attacks, the following prerequisites must be met:

Python 3.4+ with pip

A package manager was used to simplify command execution. To use it, the following prerequisites must be met:

NPM 6 / YARN 1.22

Source code

Get a copy of the repository:

git clone git@github.com:GiadaPa/InformationSecurity.git

or alternatively:

git clone https://github.com/GiadaPa/InformationSecurity.git

Change directory:

cd InformationSecurity/

Dependencies

Using the package manager, run the following command:

yarn install-dependencies

or alternatively:

npm run install-dependencies

Docker environment

For the project a Docker environment is already prepared and ready to use with all necessary prerequisites.

These Docker containers are the same as used by the continuous integration servers.

Installation

Install Docker (with Docker Compose) locally on your machine.

Start and stop the containers

Before start working you have to start the Docker containers:

docker-compose up --build --detach

After finished working you can stop the Docker containers:

docker-compose stop

Running commands inside the container

When the containers are running, you can execute any command inside the environment. Just replace the dots ... in the following example with the command you wish to execute:

docker-compose run --rm app /bin/bash -c "..."

Some examples are:

docker-compose run --rm app /bin/bash -c "npm run start"

Joomla

Joomla can be accessed at localhost:8080

Configuration details

You will need your database server address, database name, and database user credentials to install Joomla.

Database Type: MySQL (PDO)
Host Name: joomladb
Username: root
Password: password
Database name: joomladb

Usage

The following section describes how to perform attacks through the package manager.

Remote Code Execution

Run the following command:

yarn attack:rce VICTIM_URL

or alternatively:

npm run attack:rce VICTIM_URL

VICTIM_URL need to be specified with the relative protocol

If you are using the docker environment:

yarn attack:rce http://localhost:8080/

SQL injection

Run the following command:

yarn attack:sqli

or alternatively:

npm run attack:sqli

XSS

Run the following command:

yarn attack:xss

or alternatively:

npm run attack:xss

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
RCE		RCE
SQLi		SQLi
XSS		XSS
.gitignore		.gitignore
Information Security Report - Candela, De Candido, Palma.pdf		Information Security Report - Candela, De Candido, Palma.pdf
README.md		README.md
docker-compose.yml		docker-compose.yml
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

InformationSecurity

Table of contents

Getting started

Prerequisites

Source code

Dependencies

Docker environment

Installation

Start and stop the containers

Running commands inside the container

Joomla

Configuration details

Usage

Remote Code Execution

SQL injection

XSS

Information

Documentation

Contributor

About

Uh oh!

Releases

Packages

Uh oh!

Languages

GiadaPa/CS-InformationSecurity

Folders and files

Latest commit

History

Repository files navigation

InformationSecurity

Table of contents

Getting started

Prerequisites

Source code

Dependencies

Docker environment

Installation

Start and stop the containers

Running commands inside the container

Joomla

Configuration details

Usage

Remote Code Execution

SQL injection

XSS

Information

Documentation

Contributor

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages