Monday, July 2, 2012

GameOver


It always helps to have a test bed that helps you hone your attacking skills. GameOver is a new offering from the NULL community that helps you do that even if you are a newbie!
GameOver 0.1
Simply put, Project GameOver was started with the objective of training and educating newbies about the basics of web application security and educate them about the common web attacks and help them understand how they work. It is a collection of various vulnerable web applications, designed with the purpose of learning web application penetration testing.GameOver is a Virtual Machine image, built upon Voyage Linux as its base OS. Voyage is a minimilistic Linux distribution which is in turn based on Debian. For ease of use, GameOver has been broken down into two sections:
  • Section 1consists of special web applications that are designed to teach the basics of webapplication security. This section covers vulnerabilities such as:
  • Section 2 is a collection of deliberately insecure web applications. It provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. These applications provide real life environments and will boost their confidence.

Applications contained in GameOver:

  • Section 1:
    1. Damn Vulneable Web Application: (http://www.dvwa.co.uk/)
    2. OWASP WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
    3. Ghost (http://www.gh0s7.net/)
    4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)
    5. Zap-Wave: (http://code.google.com/p/zaproxy/)
  • Section 2:
    1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)
    2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)
    3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)
    4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)
    5. BodgeIT: (http://code.google.com/p/bodgeit/)
    6. PuzzleMall: (https://code.google.com/p/puzzlemall/)
    7. WAVSEP: (https://code.google.com/p/wavsep/)
We have covered almost all of these in our previous posts. You may look them by searching through the blog. Unfortunately, though there is an .ISO provided, in it’s current version GameOver can not be installed in in an virtual environment. It needs to be run as a Live image and you can login with the following credentials:
Username: root
Password: gameover

Download GameOver:

GameOver v1.1GameOver_v0.1_Null_VM.7z/GameOver.0.1.null.isohttp://sourceforge.net/projects/null-gameover/files/