├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── Dockerfile ├── LICENSE ├── README.md ├── client ├── Dockerfile ├── css │ └── main.css ├── images │ ├── doggo.jpg │ ├── signout-hover.png │ ├── signout.png │ └── trash.png ├── index.html ├── js │ ├── index.js │ └── login.js └── login.html ├── docker-compose.yml ├── exercises ├── 01-sql-injection.md ├── 02-xss.md ├── 03-ssrf.md ├── 04-rce-reverse-shell.md └── assets │ ├── arch.png │ ├── arch.xml │ ├── reverse_shell.png │ └── reverse_shell.xml ├── internal_site ├── Dockerfile └── index.html ├── mvnw ├── mvnw.cmd ├── pom.xml ├── reverse_shell ├── README.md ├── main.tf ├── tf └── variables.tf └── src ├── main ├── java │ └── com │ │ └── scalesec │ │ └── vulnado │ │ ├── Comment.java │ │ ├── CommentsController.java │ │ ├── CowController.java │ │ ├── Cowsay.java │ │ ├── LinkLister.java │ │ ├── LinksController.java │ │ ├── LoginController.java │ │ ├── Postgres.java │ │ ├── User.java │ │ └── VulnadoApplication.java └── resources │ └── application.properties └── test └── java └── com └── scalesec └── vulnado └── VulnadoApplicationTests.java /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/.gitignore -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/.mvn/wrapper/maven-wrapper.properties -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/README.md -------------------------------------------------------------------------------- /client/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/Dockerfile -------------------------------------------------------------------------------- /client/css/main.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/css/main.css -------------------------------------------------------------------------------- /client/images/doggo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/images/doggo.jpg -------------------------------------------------------------------------------- /client/images/signout-hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/images/signout-hover.png -------------------------------------------------------------------------------- /client/images/signout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/images/signout.png -------------------------------------------------------------------------------- /client/images/trash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/images/trash.png -------------------------------------------------------------------------------- /client/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/index.html -------------------------------------------------------------------------------- /client/js/index.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/js/index.js -------------------------------------------------------------------------------- /client/js/login.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/js/login.js -------------------------------------------------------------------------------- /client/login.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/client/login.html -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/docker-compose.yml -------------------------------------------------------------------------------- /exercises/01-sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/01-sql-injection.md -------------------------------------------------------------------------------- /exercises/02-xss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/02-xss.md -------------------------------------------------------------------------------- /exercises/03-ssrf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/03-ssrf.md -------------------------------------------------------------------------------- /exercises/04-rce-reverse-shell.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/04-rce-reverse-shell.md -------------------------------------------------------------------------------- /exercises/assets/arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/assets/arch.png -------------------------------------------------------------------------------- /exercises/assets/arch.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/assets/arch.xml -------------------------------------------------------------------------------- /exercises/assets/reverse_shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/assets/reverse_shell.png -------------------------------------------------------------------------------- /exercises/assets/reverse_shell.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/exercises/assets/reverse_shell.xml -------------------------------------------------------------------------------- /internal_site/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/internal_site/Dockerfile -------------------------------------------------------------------------------- /internal_site/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/internal_site/index.html -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/mvnw -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/mvnw.cmd -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/pom.xml -------------------------------------------------------------------------------- /reverse_shell/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/reverse_shell/README.md -------------------------------------------------------------------------------- /reverse_shell/main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/reverse_shell/main.tf -------------------------------------------------------------------------------- /reverse_shell/tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/reverse_shell/tf -------------------------------------------------------------------------------- /reverse_shell/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/reverse_shell/variables.tf -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/Comment.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/Comment.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/CommentsController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/CommentsController.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/CowController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/CowController.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/Cowsay.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/Cowsay.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/LinkLister.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/LinkLister.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/LinksController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/LinksController.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/LoginController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/LoginController.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/Postgres.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/Postgres.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/User.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/User.java -------------------------------------------------------------------------------- /src/main/java/com/scalesec/vulnado/VulnadoApplication.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/main/java/com/scalesec/vulnado/VulnadoApplication.java -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | app.secret=edf10572-880c-4dd9-aaf0-6ec402f678db 2 | -------------------------------------------------------------------------------- /src/test/java/com/scalesec/vulnado/VulnadoApplicationTests.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ScaleSec/vulnado/HEAD/src/test/java/com/scalesec/vulnado/VulnadoApplicationTests.java --------------------------------------------------------------------------------