We conducted a comprehensive security assessment of BadStore.net in order to determine existing vulnerabilities and establish the current level of security risk associated with the web application and services in use. The vulnerable machine is avilable at https://www.vulnhub.com/entry/badstore-123,41/
The report provided is for educational purpose only and shows an example of a penetration testing black box security review. The vulnerable web application is included.
Requirements: VMware or Virtual Box
Kali Linux/Parrot OS or any other penetration testing suite
Familiarity with Linux, web applications and networking
DISCLAIMER: As mentioned this is for educational purposes only and should not be attempted on real web application without consent. Relevant Offences and Legislation Computer Misuse Act 1990 (‘CMA’) is the main UK legislation relating to offences or attacks against computer systems such as hacking or denial of service. https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance