[WEB SECURITY] hackxor webapp hacking game

albino albinowax at eml.cc
Mon Apr 4 15:45:01 EDT 2011

Hey all

I'd like to introduce hackxor, a webgoat-like hacking game with a plot
and an emphasis on realism, difficulty and actually exploiting
vulnerabilities. It uses the amazingly nifty HtmlUnit to simulate other
users, so you can write your own XSS/CSRF payloads. While the complete
version is a VM image that has to be downloaded&installed aka DVWA, the
first two levels can be played online, as SourceForge is bravely hosting
them at http://hackxor.sourceforge.net/

It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection and plenty of
other vulnerabilities that don't have succinct acronyms. Sadly, due to
time constraints there aren't any timing or entropy attacks (although
you'll have a self-inflicted time-limit if you mess up the ReDoS).
Still, I think the later levels will be difficult enough for nearly
everyone to have a challenge. 

Sorry that this is pretty much my first post; I only found the list a
few months ago. At least I didn't put ads on the site :)

Anyways, enjoy! Feedback and mild abuse is welcome as ever.


More information about the websecurity mailing list