Skip to content

Commit a24bd33

Browse files
committed
Enhance docker-compose.yml and README with new labs
- Added multiple new vulnerable application labs including `token-tower`, `render-reign`, and `deserial-gate` with corresponding Dockerfiles and application code. - Updated `docker-compose.yml` to include configurations for the new labs, ensuring proper network settings and port mappings. - Revised `README.md` to document the new labs, detailing their objectives and access instructions. - Updated existing Dockerfiles for various labs to use a consistent Python base image (3.14-slim) and improved dependency management.
1 parent 707febd commit a24bd33

21 files changed

Lines changed: 373 additions & 61 deletions

File tree

README.md

Lines changed: 40 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -61,8 +61,6 @@ WebSploit Labs includes a variety of vulnerable applications organized into two
6161
|-----------|------------|-------------|
6262
| **galactic-archives** | 10.6.6.20 | Sci-Fi themed CTF challenge |
6363
| **gravemind** | 10.6.6.23 | Halo-themed CTF challenge |
64-
| **dc30_01** | 10.6.6.24 | DEF CON 30 Challenge |
65-
| **dc30_02** | 10.6.6.25 | DEF CON 30 Challenge |
6664
| **y-wing** | 10.6.6.26 | Star Wars themed CTF challenge |
6765

6866
#### Additional Vulnerability Labs
@@ -78,6 +76,9 @@ Custom-built labs focusing on specific vulnerability categories (built from `./a
7876
| **shell-inject** | 10.6.6.34 | 5002 | OS Command Injection |
7977
| **maze-walker** | 10.6.6.35 | 5003 | Path/Directory Traversal |
8078
| **entity-smuggler** | 10.6.6.36 | 5013 | XML External Entity (XXE) Injection |
79+
| **token-tower** | 10.6.6.40 | 5020 | JWT Vulnerability |
80+
| **render-reign** | 10.6.6.41 | 5021 | Server-Side Template Injection |
81+
| **deserial-gate** | 10.6.6.42 | 5022 | Insecure Deserialization |
8182

8283
### WebSploit2 Network (10.7.7.0/24)
8384

@@ -114,35 +115,44 @@ docker compose build --no-cache [container_name]
114115

115116
## Network Topology
116117

118+
119+
```
120+
┌─────────────────────────────────────────────────────────────┐
121+
│ WebSploit Network (10.6.6.0/24) │
122+
├─────────────────────────────────────────────────────────────┤
123+
│ OWASP & Classic Vulnerable Applications: │
124+
│ ├── webgoat 10.6.6.11 │
125+
│ ├── juice-shop 10.6.6.12 │
126+
│ ├── dvwa 10.6.6.13 │
127+
└─────────────────────────────────────────────────────────────┘
128+
```
129+
117130
```
118-
┌────────────────────────────────────────────────────────────────────────────┐
119-
│ WEBSPLOIT LAB ENVIRONMENT │
120-
├────────────────────────────────────────────────────────────────────────────┤
121-
│ │
122-
│ ┌─────────────────────────────────────────────────────────────────────┐ │
123-
│ │ WebSploit Network (10.6.6.0/24) │ │
124-
│ │ │ │
125-
│ │ OWASP Apps CTF Challenges Additional Labs │ │
126-
│ │ ─────────── ────────────── ──────────────── │ │
127-
│ │ webgoat .11 galactic-archives hydra-nexus .30 │ │
128-
│ │ juice-shop .12 gravemind .23 phantom-script .31 │ │
129-
│ │ dvwa .13 dc30_01 .24 trojan-relay .32 │ │
130-
│ │ dc30_02 .25 sqli-breach .33 │ │
131-
│ │ y-wing .26 shell-inject .34 │ │
132-
│ │ maze-walker .35 │ │
133-
│ │ entity-smuggler.36 │ │
134-
│ └─────────────────────────────────────────────────────────────────────┘ │
135-
│ │
136-
│ ┌─────────────────────────────────────────────────────────────────────┐ │
137-
│ │ WebSploit2 Network (10.7.7.0/24) │ │
138-
│ │ │ │
139-
│ │ DEF CON 31 Challenges │ │
140-
│ │ ───────────────────── │ │
141-
│ │ dc31_01 .21 │ │
142-
│ │ dc31_03 .23 │ │
143-
│ └─────────────────────────────────────────────────────────────────────┘ │
144-
│ │
145-
└────────────────────────────────────────────────────────────────────────────┘
131+
┌─────────────────────────────────────────────────────────────┐
132+
│ Labs created by Omar Santos │
133+
├─────────────────────────────────────────────────────────────┤
134+
│ ├── galactic-archives 10.6.6.20 │
135+
│ ├── gravemind 10.6.6.23 │
136+
│ ├── y-wing 10.6.6.26 │
137+
│ ├── hydra-nexus 10.6.6.30 │
138+
│ ├── phantom-script 10.6.6.31 │
139+
│ ├── trojan-relay 10.6.6.32 │
140+
│ ├── sqli-breach 10.6.6.33 │
141+
│ ├── shell-inject 10.6.6.34 │
142+
│ ├── maze-walker 10.6.6.35 │
143+
│ ├── entity-smuggler 10.6.6.36 │
144+
│ ├── token-tower 10.6.6.40 │
145+
│ ├── render-reign 10.6.6.41 │
146+
│ └── deserial-gate 10.6.6.42 │
147+
└─────────────────────────────────────────────────────────────┘
148+
149+
┌─────────────────────────────────────────────────────────────┐
150+
│ WebSploit2 Network (10.7.7.0/24) │
151+
├─────────────────────────────────────────────────────────────┤
152+
│ DEF CON 31 Challenges: │
153+
│ ├── dc31_01 10.7.7.21 │
154+
│ ├── dc31_03 10.7.7.23 │
155+
└─────────────────────────────────────────────────────────────┘
146156
```
147157

148158
---

additional-labs/Command_Injection/Dockerfile

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM python:3.12-slim
1+
FROM python:3.14-slim
22

33
WORKDIR /app
44

@@ -12,4 +12,3 @@ RUN pip install flask
1212
EXPOSE 5000
1313

1414
CMD ["python", "cmd-injection-example-app.py"]
15-
Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,16 @@
1-
FROM python:3.9-slim
1+
FROM python:3.14-slim
22

3+
# Set the working directory
34
WORKDIR /app
5+
6+
# Copy the multi_vuln_app.py file
47
COPY multi_vuln_app.py .
5-
RUN pip install flask pyjwt pyyaml
68

9+
# Install the dependencies
10+
RUN pip install --no-cache-dir -r requirements.txt
11+
12+
# Expose the port
713
EXPOSE 5010
14+
15+
# Run the application
816
CMD ["python", "multi_vuln_app.py"]
Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,18 @@
1-
FROM python:3.12-slim
1+
FROM python:3.14-slim
22

3+
# Set the working directory
34
WORKDIR /app
45

6+
# Copy the path-traversal-example-app.py file
57
COPY path-traversal-example-app.py .
68

7-
RUN pip install flask
9+
# Install the dependencies
10+
RUN pip install --no-cache-dir -r requirements.txt
811

12+
# Expose the port
913
EXPOSE 81
1014

15+
# Run the application
1116
CMD ["python", "path-traversal-example-app.py"]
1217

18+

additional-labs/SQLi/Dockerfile

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,16 @@
1-
FROM python:3.12-slim
1+
FROM python:3.14-slim
22

33
WORKDIR /app
44

5+
# Copy the sqli-example-app.py file
56
COPY sqli-example-app.py .
67

8+
# Install the dependencies
79
RUN pip install flask
810

11+
# Expose the port
912
EXPOSE 5000
1013

14+
# Run the application
1115
CMD ["python", "sqli-example-app.py"]
1216

additional-labs/SSRF/Dockerfile

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,15 @@
1-
FROM python:3.9-slim
1+
FROM python:3.14-slim
22

33
WORKDIR /app
4+
5+
# Copy the ssrf_app.py file
46
COPY ssrf_app.py .
7+
8+
# Install the dependencies
59
RUN pip install flask requests urllib3
610

11+
# Expose the port
712
EXPOSE 5012
13+
14+
# Run the application
815
CMD ["python", "ssrf_app.py"]

additional-labs/XSS/Dockerfile

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,18 @@
1-
FROM python:3.9-slim
1+
FROM python:3.14-slim
22

33
WORKDIR /app
4+
5+
# Copy the xss_app.py file
46
COPY xss_app.py .
5-
RUN pip install flask
67

8+
# Copy the requirements.txt file
9+
COPY requirements.txt .
10+
11+
# Install the dependencies
12+
RUN pip install --no-cache-dir -r requirements.txt
13+
14+
# Expose the port
715
EXPOSE 5011
16+
17+
# Run the application
818
CMD ["python", "xss_app.py"]

additional-labs/XXE/Dockerfile

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,19 @@
1-
FROM python:3.9-slim
1+
FROM python:3.14-slim
22

33
WORKDIR /app
4+
5+
# Copy the xxe_app.py file
46
COPY xxe_app.py .
7+
8+
# Copy the requirements.txt file
59
COPY requirements.txt .
610

11+
# Install the dependencies
712
RUN pip install --no-cache-dir -r requirements.txt
813

14+
# Expose the port
915
EXPOSE 5013
16+
17+
# Run the application
1018
CMD ["python", "xxe_app.py"]
1119

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
FROM python:3.14-slim
2+
3+
WORKDIR /app
4+
5+
# Copy the requirements.txt file
6+
COPY requirements.txt .
7+
8+
# Install the dependencies
9+
RUN pip install --no-cache-dir -r requirements.txt
10+
11+
# Copy the rest of the application
12+
COPY app.py .
13+
14+
# Run the application
15+
CMD ["python", "app.py"]
16+
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# Deserial Gate (Insecure Deserialization)
2+
3+
## Objective
4+
The application uses Python's `pickle` module to serialize and deserialize user preferences in a cookie. Your goal is to exploit insecure deserialization to gain Remote Code Execution (RCE).
5+
6+
## Vulnerabilities
7+
1. **Insecure Deserialization**: The application uses `pickle.loads` on untrusted user input from the `user_prefs` cookie.
8+
9+
## How to Run
10+
Access the lab at `http://<IP>:5022` or `http://localhost:5022`.
11+

0 commit comments

Comments
 (0)