Skip to content

Commit c1b4bf2

Browse files
committed
docs: update lab READMEs with container info and references
- Add lab names and container info to Command_Injection, GraphQL, Multi-Vulnerability-Gauntlet, Path_Traversal, deserial-gate, and render-reign READMEs - Add references sections with O'Reilly resources and training links - Update main README with git clone install instructions - Add .cursor/ to .gitignore This standardizes documentation across all labs with consistent container names, IPs, ports, and reference materials.
1 parent 5fdcca6 commit c1b4bf2

8 files changed

Lines changed: 282 additions & 125 deletions

File tree

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,6 @@ __pycache__
1212
websploit.db
1313
uploads
1414
backups
15+
16+
# Cursor
17+
.cursor/

README.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,10 +27,12 @@ Download and install **Kali Linux** or **Parrot OS** (whichever you prefer) in a
2727
---
2828

2929
### Step 2: Install WebSploit Labs
30-
Once your Kali or Parrot VM is ready, open a terminal and run the following command to set up WebSploit Labs:
30+
Once your Kali or Parrot VM is ready, open a terminal and run the following commands to clone the repository and set up WebSploit Labs:
3131

3232
```bash
33-
curl -sSL https://websploit.org/install.sh | sudo bash
33+
git clone https://github.com/The-Art-of-Hacking/websploit.git
34+
cd websploit
35+
sudo bash install.sh
3436
```
3537

3638
This script will:
Lines changed: 42 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
# Command Injection Lab
22

3+
**Lab Name:** `shell-inject`
4+
**Vulnerability:** OS Command Injection
5+
36
This lab demonstrates an OS Command Injection vulnerability in a web application.
47

58
## Scenario
@@ -11,20 +14,7 @@ Exploit the command injection vulnerability to execute arbitrary commands on the
1114
## Instructions
1215

1316
1. **Access the Lab**:
14-
- URL: `http://localhost:5002`
15-
16-
2. **Analyze functionality**:
17-
- Enter an IP address (e.g., `127.0.0.1`) and click "Ping".
18-
- Observe the output.
19-
20-
3. **Identify Vulnerability**:
21-
- Try appending shell operators to your input. Common operators include `;`, `&&`, `|`.
22-
- Example: `127.0.0.1; whoami`
23-
24-
4. **Challenge**:
25-
- List the files in the current directory (`ls -la`).
26-
- Find the current user ID (`id`).
27-
- Read the `/etc/passwd` file.
17+
- This is running on the `shell-inject` container on the `10.6.6.34` IP address. Access the lab at `http://10.6.6.34:5002`
2818

2919
## Explanation
3020
The application constructs a shell command like this:
@@ -34,3 +24,41 @@ subprocess.run(command, shell=True, ...)
3424
```
3525
Because `shell=True` is used and `target` is not sanitized, an attacker can terminate the `ping` command and start a new one.
3626

27+
## References
28+
For more information on command injection vulnerabilities and secure coding practices, check out these resources:
29+
30+
## Live Training
31+
**Upcoming Live Cybersecurity and AI Training in O'Reilly:** [Register before it is too late](https://learning.oreilly.com/search/?q=omar%20santos&type=live-course&rows=100&language_with_transcripts=en) (free with O'Reilly Subscription)
32+
33+
## Reading List
34+
35+
- **Redefining Hacking**
36+
A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World [Available on O'Reilly](https://learning.oreilly.com/library/view/redefining-hacking-a/9780138363635/)
37+
38+
- **Developing Cybersecurity Programs and Policies in an AI-Driven World**
39+
Explore strategies for creating robust cybersecurity frameworks in an AI-centric environment. [Available on O'Reilly](https://learning.oreilly.com/library/view/developing-cybersecurity-programs/9780138073992)
40+
41+
- **Beyond the Algorithm: AI, Security, Privacy, and Ethics**
42+
Gain insights into the ethical and security challenges posed by AI technologies. [Available on O'Reilly](https://learning.oreilly.com/library/view/beyond-the-algorithm/9780138268442)
43+
44+
## Video Courses
45+
46+
- **Building the Ultimate Cybersecurity Lab and Cyber Range (video)** [Available on O'Reilly](https://learning.oreilly.com/course/building-the-ultimate/9780138319090/)
47+
48+
- **Defending and Deploying AI (video)** This course provides a comprehensive, hands-on journey into modern AI applications for technology and security professionals, covering AI-enabled programming, networking, and cybersecurity to help learners master AI tools for dynamic information retrieval, automation, and operational efficiency. [Available on O'Reilly](https://www.oreilly.com/videos/defending-and-deploying/9780135463727/)
49+
50+
- **AI-Enabled Programming, Networking, and Cybersecurity**
51+
Learn to use AI for cybersecurity, networking, and programming tasks. [Available on O'Reilly](https://learning.oreilly.com/course/ai-enabled-programming-networking/9780135402696/)
52+
53+
- **Securing Generative AI**
54+
Explore security for deploying and developing AI applications, RAG, agents, and other AI implementations. [Available on O'Reilly](https://learning.oreilly.com/course/securing-generative-ai/9780135401804/)
55+
56+
- **Certified Ethical Hacker (CEH), Latest Edition** [Available on O'Reilly](https://learning.oreilly.com/course/certified-ethical-hacker/9780135395646/)
57+
58+
## Additional Resources
59+
60+
- **Hacking Scenarios (Labs) in O'Reilly**: [https://hackingscenarios.com](https://hackingscenarios.com)
61+
- **GitHub Repository**: [Visit GitHub Repo](https://hackerrepo.org)
62+
- **WebSploit Labs**: [Visit WebSploit Labs](https://websploit.org)
63+
64+

additional-labs/GraphQL/README.md

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ This lab simulates a futuristic communications hub that exposes a GraphQL API. T
1313
- Learn how to use GraphiQL to interact with the API.
1414

1515
## Installation
16-
This lab is part of the WebSploit Labs framework.
16+
This lab is part of the WebSploit Labs framework and it is running on the `graphql-galaxy` container on the `10.6.6.44` IP address.
17+
1718
To run it individually:
1819
```bash
1920
docker build -t graphql-galaxy .
@@ -26,3 +27,23 @@ docker run -p 5023:5023 graphql-galaxy
2627
3. **Exploitation:** Query the `user` field with the ID of the administrator (`1`) and request the `api_token`.
2728
4. **Flag:** The flag is the value of the administrator's `api_token`.
2829

30+
## References
31+
For more information on GraphQL security vulnerabilities and secure coding practices, check out these resources:
32+
33+
- **Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-driven World** - [Available on O'Reilly](https://learning.oreilly.com/library/view/redefining-hacking-a/9780138363635/)
34+
- **Developing Cybersecurity Programs and Policies in an AI-Driven World** - [Available on O'Reilly](https://learning.oreilly.com/library/view/developing-cybersecurity-programs/9780138073992)
35+
- **Beyond the Algorithm: AI, Security, Privacy, and Ethics** - [Available on O'Reilly](https://learning.oreilly.com/library/view/beyond-the-algorithm/9780138268442)
36+
- **The AI Revolution in Networking, Cybersecurity, and Emerging Technologies** - [Available on O'Reilly](https://learning.oreilly.com/library/view/the-ai-revolution/9780138293703)
37+
38+
## Additional References
39+
40+
- **Building the Ultimate Cybersecurity Lab and Cyber Range (video)** - [Available on O'Reilly](https://learning.oreilly.com/course/building-the-ultimate/9780138319090/)
41+
- **Build Your Own AI Lab (video)** - [Available on O'Reilly](https://learning.oreilly.com/course/build-your-own/9780135439616)
42+
- **Defending and Deploying AI (video)** - [Available on O'Reilly](https://www.oreilly.com/videos/defending-and-deploying/9780135463727/)
43+
- **AI-Enabled Programming, Networking, and Cybersecurity** - [Available on O'Reilly](https://learning.oreilly.com/course/ai-enabled-programming-networking/9780135402696/)
44+
- **Securing Generative AI** - [Available on O'Reilly](https://learning.oreilly.com/course/securing-generative-ai/9780135401804/)
45+
- **The Art of Hacking** - [Visit The Art of Hacking](https://theartofhacking.org)
46+
- **Hacking Scenarios (Labs) in O'Reilly** - [https://hackingscenarios.com](https://hackingscenarios.com)
47+
- **GitHub Repository** - [Visit GitHub Repo](https://hackerrepo.org)
48+
- **WebSploit Labs** - [Visit WebSploit Labs](https://websploit.org)
49+
- **NetAcad Ethical Hacker Free Course** - [Available (free) on NetAcad Skills for All](https://www.netacad.com/courses/ethical-hacker?courseLang=en-US)

0 commit comments

Comments
 (0)