Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work.  

GameOver has been broken down into two sections

Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover  

XSS

CSRF 

RFI & LFI 

BruteForce Authentication 

Directory/Path traversal 

Command execution 

SQL injection 

Section 2  is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. 

We would advice newbies to try and exploit these web applications. These applications provide real life environments and  will boost their confidence.

In order to run the VM image, you need to have a VM Player 4.0.2 or higher.(We have not tested it in lower versions of VM Player). You may allocate 256MB or higher RAM to this instance. In case you do not have a VM Player installed or for some reason you prefer another virtualization software, you may download the .iso and run it in a 'Live' mode.

In case you have chosen the Live CD, select 'Live' from the grub menu and Enter. Login with the following credentials.

Once you login, type 'ifconfig' in your GameOver machine command prompt and hit Enter.  This will give you the ip address of the GameOver machine (Server). Now in your client browser enter this IP address and hit Enter. You should be able to access GameOver now. 

1. Damn Vulneable Web Application:  (http://www.dvwa.co.uk/)

2. OWASP  WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)

3. Ghost (http://www.gh0s7.net/)

4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)

5. Zap-Wave: (http://code.google.com/p/zaproxy/)

1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)

2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)

3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)

4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)

5. BodgeIT: (http://code.google.com/p/bodgeit/)

6. PuzzleMall: (https://code.google.com/p/puzzlemall/)

7. WAVSEP: (https://code.google.com/p/wavsep/)

Known Bugs : The .iso cannot be installed on a Virtual machine, but works perfectly in the 'Live mode'.

Subscribe Top Hacker Stories via email