PwnedHub is a vulnerable application designed exclusively for the PWAPT training course. PwnedHub contains intentional vulnerability and should never be exposed to the open Internet. This software is NOT Open Source. See the LICENSE.txt file for more information.
-
Install pip.
-
Clone the PwnedHub repository.
$ git clone https://github.com/lanmaster53/pwnedhub.git -
Install the dependencies. I recommend using
virtualenvto keep things tidy. The below commands do not implementvirtualenv.$ cd pwnedhub $ pip install -r REQUIREMENTS.txtNote: In Ubuntu, the
lxmldependency may require installing thepython-dev,libxml2-dev,libxslt-dev, andlib32z1-devpackages. Look for errors during the above process and install the needed packages. Systems other than Ubuntu will likely also require some sort of finagling to get to work. MacOS worked without issue. -
Install and configure MySQL.
- Set the MySQL
rootuser password toadminpass
- Set the MySQL
-
Initialize the database.
$ mysql -u root -p -e "CREATE DATABASE pwnedhub" $ mysql -u root -p pwnedhub < pwnedhub.sql -
Add the application's database user.
$ mysql -h localhost -u root -padminpass > CREATE USER 'pwnedhub'@'localhost' IDENTIFIED BY 'dbconnectpass'; > GRANT ALL PRIVILEGES ON pwnedhub.* TO 'pwnedhub'@'localhost'; > FLUSH PRIVILEGES; > SHOW GRANTS FOR 'pwnedhub'@'localhost'; > exit; -
Start the application.
$ sudo gunicorn --bind 0.0.0.0:80 pwnedhub.wsgi:app -
Visit the application.