Skip to content

filipkarc/sqli-postgres-rce-privesc-hacking-playground

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

custom

custom

 
 

img

img

 
 

CONTACT.txt

CONTACT.txt

 
 

GREETINGS.txt

GREETINGS.txt

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

screen

Vulnerable Web App: sqli-postgres-rce-privesc-hacking-playground

This is free vulnerable app for novice pentesters & developers to experiment with SQL Injection vulnerability and privilege escalation.

Recommended path:

  1. exploit the SQLi vulnerability
  2. get shell via vulnerable version of PostgreSQL
  3. perform privilage escalation and become root 🥂

Applications can be exploited in many different ways:

screen

How to use it - DOCKER

1 minute installation on a virtual machine or VPS with Linux.

Linux@amd64 (Intel processors):
docker run -p 8091:80 -d filipkarc/sqli-postgres-rce-privesc-hacking-playground


Linux@AppleSilicon (tested on Apple M1):
docker run -p 8091:80 -d filipkarc/sqli-postgres-rce-privesc-hacking-playground:arm64apple

After 2 minutes, it should be visible in the browser: http://127.0.0.1:8091

Follow me

Follow me on Twitter @FilipKarc and on LinkedIn: LinkedIn.

About

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

linktr.ee/filipkarc

Topics

development hacking owasp penetration-testing infosec pentesting security-vulnerability bugbounty appsec sqlmap offensive-security offsec sqlinjection oscp security-testing privesc ethicalhacking appsec-tutorials bugbountytips privelage-escalation

Resources

Readme

License

Apache-2.0 license
Activity

Stars

71 stars

Watchers

2 watching

Forks

18 forks
Report repository

Contributors 2

Languages