Labels

Badstore Vulnerabilities

Badstore: 1.2.3

Welcome to Badstore.net
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.

 
Download  Link:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Requirements:

  1. VMware
  2. Badstore ISO
  3. Kali Linux 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Setting up BadStore on VM:

  1. Download VMware Workstation and install it.
  2. Now open the VMware Workstation, Click on Create a New Virtual Machine.
  3. Select -> Typical
  4. Select -> Installer Disk Image File -> Browse Badstore.Iso location on your Hard disk.
  5. Next -> Operating System : Linux :: Version : Debian 8.x 64bit, Next.
  6. Choose the VM location (optional) use default.
  7. Maximum Disk Space: 2GB, Select Store Virtual Disk as a Single File,Next.
  8. Finish. Power on the Virtual Machine.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Step's for changing NAT to Bridge Network

  1. In VMware go the Tool Bar and select VM -> Settings (Shortcut Key: Ctrl+D)
  2. Check the Network Adapter [NAT]
  3. And change it as [Bridged] check Replicate physical network connection status

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

+---------------------------+
  Vulnerabilities Found
+---------------------------+

  1. Robots.txt
  2. Blind SQL Injection on login form
  3. Cross-Site Scripting (XSS) in Guestbook
  4. Cross-Site Scripting (XSS) in Search Enginee
  5. Gain Admin access
  6. Session Cookies
  7. Admin account password reset without security questions
  8. “Secret” Admin access
  9. Password Hash (MD5 Decoding)
  10. Cart id cookie
  11. Credit Card information are not encrepted
  12. Login Bruteforce
  13. SQL Injection on Supplier Portal
  14. Supplier accounts on base64 password
  15. Clickjacking
  16. Online web scanners vuln Report
  17. login by MySQL Default Credentials Name,Pass
  18. Heap base Buffer over flow can be done

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Let's start Testing:

First we need to Find your local IP address of the badstore vm go to badstore vm and
press Enter to activate the console now use the command "ifconfig" (Without Quotes).
Now open the Terminal and type "Nmap" (Without Quotes)
Let's Start with Nmap Scanning tool

Command line:
nmap -A -O -Pn <Your Local IP> (Refer the below image to understand well)
Scanning starts, it takes some minisBasic Inforobots-txt file

unregistered user
logged in without login credentials

my account

New test user created

Burp Intercept
Cookie id of test2 in cookies manager addonsSecret Admin Menu

no admin access

Got Admin Access

Admin portal details

xss in Gust book

XSS img

XSS Cookie

XSS on Search Engine

Some Default and my test acc password can cracked by MD5 decoded or John the Ripper password cracker

By Hash Cracking became a Master Admin

CC is not encrypted easily shows the given credentials

Supplier accounts on base64 password

Nessus scanner report

login by MySQL Default Credentials Name,Pass

Acunetix Web Vuln Scan

All Vuln by automated Scan

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<




Labels:

Comments

  1. Anonymous16 July 2020 at 00:39

    email: visacreditcardsolution@gmail.comGET YOUR BLANK ATM CREDIT CARD AT AFFORDABLE PRICE*
    **We sell these cards to all our customers and interested buyers
    worldwide,the card has a daily withdrawal limit of $5000 and up to $50,000
    spending limit in stores and unlimited on POS.**

    **WHAT WE OFFER**

    *1)WESTERN UNION TRANSFERS/MONEY GRAM TRANSFER*
    *2)BANKS LOGINS*
    *3)BANKS TRANSFERS*
    *4)CRYPTO CURRENCY MINNING*
    *5)BUYING OF GIFT CARDS*
    *6)LOADING OF ACCOUNTS*
    *7)WALMART TRANSFERS*
    *8)BITCOIN INVESTMENTS*
    *9)REMOVING OF NAME FROM DEBIT RECORD AND CRIMINAL RECORD*
    *10)BANK HACKING*

    ReplyDelete
  2. Anonymous30 July 2020 at 23:29

    email: visacreditcardsolution@gmail.comGET YOUR BLANK ATM CREDIT CARD AT AFFORDABLE PRICE*
    **We sell these cards to all our customers and interested buyers
    worldwide,the card has a daily withdrawal limit of $5000 and up to $50,000
    spending limit in stores and unlimited on POS.**

    **WHAT WE OFFER**

    *1)WESTERN UNION TRANSFERS/MONEY GRAM TRANSFER*
    *2)BANKS LOGINS*
    *3)BANKS TRANSFERS*
    *4)CRYPTO CURRENCY MINNING*
    *5)BUYING OF GIFT CARDS*
    *6)LOADING OF ACCOUNTS*
    *7)WALMART TRANSFERS*
    *8)BITCOIN INVESTMENTS*
    *9)REMOVING OF NAME FROM DEBIT RECORD AND CRIMINAL RECORD*
    *10)BANK HACKING*

    ReplyDelete
  3. BENITO FAUSTO3 August 2020 at 09:19

    INSTEAD OF GETTING A LOAN, CHECK OUT THE BLANK ATM CARD IN LESS THAN 24hours {oscarwhitehackersworld@gmail.com}


    I want to testify about OSCAR WHITE blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no hope then I saw so many testimony about how OSCAR WHITE send them the blank ATM card and i use it to collect money in any ATM machine and become rich. I also email him and he sent me the blank card. I have use it to get $100,000 dollars. withdraw the maximum of $5,000 daily.OSCAR WHITE is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email Him on how to get it now via: oscarwhitehackersworld@gmail.com or whats-app +1(323)-362-2310

    ReplyDelete

Post a Comment

Popular Posts