Vicnum – Lightweight Vulnerable Web Application


Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises.

Being a small web application with no complex framework involved, Vicnum can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application to see what the scanner can find and what the firewall can protect.

Ultimately the major goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it’s OK to have a little fun.

The guessing part of the game itself is quite fun too, there’s an online version of Vicnum hosted here:

http://vicnum.ciphertechs.com/

I can guess the number correctly with 1 try every time (that’s an easy one), also got an SQL injection to dump out all the scores recorded. Seeing what else can be done now.

It’s actually quite a fun one to play around with.

You can download Vicnum v1.4 here:

VMvicnum14.zip

Or read more here.

Posted in: Exploits/Vulnerabilities, Web Hacking

, , , , , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.