Skip to content

A deliberately vulnerable java/python applications

Notifications You must be signed in to change notification settings

ledz1996/hack_my_teeth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Hack My Teeth - A deliberately vulnerable java/python application

DO NOT RUN THIS ON ANY PUBLICLY AVAILABLE SERVER

As the title says, this repository contains source codes for dockerized vulnerable java web and python application. The dockerized system consists of:

  • Java Spring Application
  • Flask API Python Server
  • MariaDB
  • nginx for reversed proxy to map both of the web applications into port 80

Dependencies

Docker CE > 18.06

How to run

To run the whole thing, Please make sure that port 80 is available on your machine and Docker (CE version > 18.06) are installed

Add the following entries to your host file:

app.hackteeth.com 127.0.0.1
api.hackteeth.com 127.0.0.1

Clone the whole repository

git clone https://github.com/ledz1996/hack_my_teeth

Navigiate yourself to the repository directory and run

docker-compose up

After a couple of minutes, both java and python web applications should be up and running

Post-setup

First, Navigate yourself to app.hackteeth.com
Login with the following user:

ardy01
ardy123

Enjoy yourself on the journey of discovering vulnerabilites,
There are a lots of vulnerabilites by default settings, please discover and try to exploit them, have fun ;)

There is also extra API server written in Python, which is implemented as part of the main Java web application:
api.hackteeth.com

Extra: Vulnerabilites settings:

Navigate yourself to app.hackteeth.com/setting
There are a lot of configuration options that allow you to set the different settings on each vulnerabilites, the setting will reset the database and re-new the session so you will have to login again.

Releases

No releases published

Packages

No packages published

Languages

  • Java 68.2%
  • JavaScript 25.4%
  • TSQL 2.5%
  • Python 1.7%
  • CSS 0.9%
  • HTML 0.8%
  • Other 0.5%