GameOver - Browse Files at SourceForge.net (original) (raw)

Training and educating about the web security

Status: Beta

Brought to you by:nulloxo

Home

Name Modified Size InfoDownloads / Week
GameOver_v0.1_Null_VM.7z 2012-06-13 2.1 GB 1 1 weekly downloads
readme.txt 2012-06-12 4.1 kB 0
GameOver_Read_ME.pdf 2012-06-12 174.8 kB 0
GameOver_Read_ME.odt 2012-06-12 176.8 kB 0
GameOver.0.1.null.iso.md5 2012-06-12 56 Bytes 0
GameOver.0.1.null.iso 2012-06-11 426.8 MB 4 4 weekly downloads
Totals: 6 Items 2.5 GB 5

About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover
XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

System Requirements : In order to run the VM image, you need to have a VM Player 4.0.2 or higher.(We have not tested it in lower versions of VM Player). You may allocate 256MB or higher RAM to this instance. In case you do not have a VM Player installed or for some reason you prefer another virtualization software, you may download the .iso and run it in a 'Live' mode.

Getting Started : In case you have chosen the Live CD, select 'Live' from the grub menu and Enter Login with the following credentials. username: root password: gameover

Once you login, type 'ifconfig' in your GameOver machine command prompt and hit Enter.
This will give you the ip address of the GameOver machine (Server). Now in your client browser enter this IP address and hit Enter. You should be able to access GameOver now.

Credits: Voyage Linu: GameOver has Voyage Linux as its base OS. Voyage is a minimilistic Linux distribution which is in turn based on Debian. For more information regarding Voyage Linux we encourage you to check out their website: http://linux.voyage.hk/.

Web Applications (section 1):

  1. Damn Vulneable Web Application: (http://www.dvwa.co.uk/)
  2. OWASP WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
  3. Ghost (http://www.gh0s7.net/)
  4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)
  5. Zap-Wave: (http://code.google.com/p/zaproxy/)

Web Applications (section 2):

  1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)
  2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)
  3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)
  4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)
  5. BodgeIT: (http://code.google.com/p/bodgeit/)
  6. PuzzleMall: (https://code.google.com/p/puzzlemall/)
  7. WAVSEP: (https://code.google.com/p/wavsep/)

Known Bugs :( The .iso cannot be installed on a Virtual machine, but works perfectly in the 'Live mode'.

Bug Report: In case you encounter any bug or issue in this Project, you may report it to j0k3r@null.co.in (Jovin Lobo).

Conclusion: We encourage users to tryout GameOver and learn more about Web security. There are tons of other deliberately insecure applications on the Internet. If you find any such interesting/useful application we would be glad to append it to this existing collection of insecure Apps. You can send your suggestions/improvements to j0k3r@null.co.in (Jovin Lobo).

Road Map: We have currently only included Web based applications in this current release of GameOver. In the future releases we plan to include system level CTF's along with Web based applications to give the users a complete hands-on experience.

NULLCON CHALLENGES: You can also visit this link http://www.nullcon.net/challenge/archives.asp to play NULLCON challenges. The challenges are broadly categorized into Web , Cryptography, Trivia, Log, analysis, Reverse engineering, Forensics, System and Programming.

Source: readme.txt, updated 2012-06-12

Our Free Plans just got better! | Auth0 Icon

Our Free Plans just got better! | Auth0

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.

AI-powered service management for IT and enterprise teams Icon

AI-powered service management for IT and enterprise teams

Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.