├── Dockerfile ├── README.md ├── app ├── html │ └── index.html └── training │ ├── Autoload.php │ ├── Output.php │ ├── Route.php │ ├── View.php │ ├── controllers │ ├── CSRF.php │ ├── Home.php │ ├── IDOR.php │ ├── LFI.php │ ├── OpenRedirect.php │ ├── RCE.php │ ├── SQLi.php │ ├── SSRF.php │ ├── Upload.php │ ├── XSS.php │ └── XXE.php │ ├── data │ ├── blogcomments │ │ ├── 1605946074.txt │ │ ├── 1606601736.txt │ │ ├── 1606799176.txt │ │ ├── 1606799181.txt │ │ ├── 1606799188.txt │ │ ├── 1606799261.txt │ │ ├── 1606799292.txt │ │ ├── 1606799386.txt │ │ └── 1606799469.txt │ ├── csrf │ │ └── data.txt │ ├── images │ │ ├── cat1.jpg │ │ ├── cat2.jpg │ │ ├── cat3.jpg │ │ ├── cat4.gif │ │ └── cat5.jpg │ └── test.txt │ ├── models │ └── Http.php │ ├── public │ ├── contacts.xml │ ├── css │ │ └── bootstrap.min.css │ ├── evil.xml │ ├── fonts │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ ├── images │ │ └── pic.jpg │ ├── index.php │ ├── js │ │ ├── bootstrap.min.js │ │ └── jquery.min.js │ ├── screenshots │ │ ├── 000d0ede39250e1f69a14f2e82532d65.jpg │ │ ├── 0cdb4db49bfbb9bdbe054385ffb325fc.jpg │ │ ├── 2729e75cb8cbdd0355f7be90f48779df.jpg │ │ ├── 2b94f05776233079db8405f0a67c69ab.jpg │ │ ├── 3c71d453b10394dfb8352c308403bdd0.jpg │ │ ├── 55ae3a70bb5c10170cb25c29c6230d7e.jpg │ │ ├── 741beaefebbefeda751b0092aaed0df6.jpg │ │ ├── 8621cce262cdabf4244bf01fe69a8cfd.jpg │ │ ├── 8ac79bc2e512be56256af1ae359076ac.jpg │ │ ├── 8b49500aa7f0f76d0323d0077f23ab53.jpg │ │ ├── 93f3c268332af6a999c42a4db9faebf1.jpg │ │ ├── a3258584cbb46c31e972a05494b31ced.jpg │ │ ├── b0fd1978534e54285d6c5c09d6d0a8f6.pdf │ │ ├── bb09d5a3a51f177373e579648c4c89aa.pdf │ │ ├── e249c5044203b3c658a7ca8dff7d99eb.jpg │ │ └── e9464cb85c678785474a4d3b744a5a5c.pdf │ ├── sitemap.xml │ └── uploads │ │ ├── filelist.json │ │ └── filelist2.json │ ├── routes │ └── url.php │ └── templates │ ├── 404.php │ ├── csrf │ ├── dash.php │ ├── email.php │ ├── login.php │ ├── notifications.php │ ├── password.php │ └── reset.php │ ├── idor │ └── lesson1.php │ ├── invalid.php │ ├── lfi │ └── lesson1.php │ ├── list.php │ ├── or │ └── lesson1-2.php │ ├── rce │ ├── lesson1.php │ ├── lesson2.php │ └── lesson3.php │ ├── sqli │ ├── article.php │ ├── lesson1.php │ └── lesson2.php │ ├── ssrf │ ├── lesson1.php │ ├── lesson2.php │ ├── lesson3.php │ ├── lesson4-5.php │ ├── lesson4.php │ ├── lesson5.php │ └── lesson7.php │ ├── upload │ ├── lesson1.php │ └── lesson2.php │ ├── xss │ ├── lesson1.php │ ├── lesson2.php │ ├── lesson3.php │ └── lesson4.php │ └── xxe │ ├── lesson1.php │ └── lesson2.php ├── db.sql ├── default └── startup.sh /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | ARG DEBIAN_FRONTEND=noninteractive 4 | 5 | RUN apt-get -qq update -y && \ 6 | apt-get -y -qq install \ 7 | curl \ 8 | wget \ 9 | gnupg \ 10 | host \ 11 | nginx \ 12 | mysql-server \ 13 | php-fpm \ 14 | php-pdo \ 15 | php-mysql \ 16 | php-curl \ 17 | php-xml && \ 18 | echo "Packages Installed" 19 | 20 | 21 | 22 | # install google chrome 23 | RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - 24 | RUN sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' 25 | RUN apt-get --allow-unauthenticated -y update 26 | RUN apt-get --allow-unauthenticated install -y google-chrome-stable 27 | 28 | COPY app /var/www/ 29 | 30 | RUN chown -R www-data:www-data /var/www 31 | 32 | ADD default /etc/nginx/sites-available/default 33 | 34 | COPY startup.sh /startup.sh 35 | COPY db.sql /db.sql 36 | 37 | RUN chmod +x /startup.sh 38 | 39 | EXPOSE 80 40 | 41 | CMD ["/startup.sh"] 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nahamsec's Intro To Bug Bounty Labs 2 | 3 | #### Intro 4 | 5 | These are the labs that are used in Nahamsec's udemy course ["Intro To Bug Bounty"](https://www.udemy.com/course/intro-to-bug-bounty-by-nahamsec/) 6 | 7 | #### Requirements 8 | You must have docker installed, this can simply be installed using `apt install docker.io` for debian based operating systems or see https://docs.docker.com/get-docker/ for other distros and operating systems 9 | 10 | ##### Installation Instructions 11 | ` 12 | docker build -t nahamsec . 13 | ` 14 | 15 | `docker run -d -p 80:80 nahamsec` 16 | 17 | #### Add the following entries to your /etc/hosts file 18 | 19 | 127.0.0.1 naham.sec 20 | 127.0.0.1 www.naham.sec 21 | 127.0.0.1 xss.naham.sec 22 | 127.0.0.1 xss1.naham.sec 23 | 127.0.0.1 xss2.naham.sec 24 | 127.0.0.1 xss3.naham.sec 25 | 127.0.0.1 xss4.naham.sec 26 | 127.0.0.1 or1.naham.sec 27 | 127.0.0.1 or2.naham.sec 28 | 127.0.0.1 csrf.naham.sec 29 | 127.0.0.1 idor.naham.sec 30 | 127.0.0.1 lfi.naham.sec 31 | 127.0.0.1 sqli.naham.sec 32 | 127.0.0.1 sqli2.naham.sec 33 | 127.0.0.1 ssrf.naham.sec 34 | 127.0.0.1 ssrf2.naham.sec 35 | 127.0.0.1 ssrf3.naham.sec 36 | 127.0.0.1 ssrf4.naham.sec 37 | 127.0.0.1 ssrf5.naham.sec 38 | 127.0.0.1 ssrf6.naham.sec 39 | 127.0.0.1 ssrf7.naham.sec 40 | 127.0.0.1 xxe.naham.sec 41 | 127.0.0.1 xxe2.naham.sec 42 | 127.0.0.1 upload.naham.sec 43 | 127.0.0.1 upload2.naham.sec 44 | 127.0.0.1 rce.naham.sec 45 | 127.0.0.1 rce2.naham.sec 46 | 127.0.0.1 rce3.naham.sec 47 | 48 | Now you can visit http://www.naham.sec in your browser to view the list of challenges 49 | 50 | ##### Credits 51 | 52 | Udemy course created by [Ben Sadeghipour](https://twitter.com/nahamsec) and labs created by [Adam Langley](https://twitter.com/adamtlangley) 53 | -------------------------------------------------------------------------------- /app/html/index.html: -------------------------------------------------------------------------------- 1 | {status: ok} 2 | -------------------------------------------------------------------------------- /app/training/Autoload.php: -------------------------------------------------------------------------------- 1 | $p) { 24 | $page[$i] = self::makeRegex($p); 25 | } 26 | } else { 27 | $page = self::makeRegex($page); 28 | } 29 | 30 | 31 | $http_verb = ( gettype($http_verb) == 'array' ) ? $http_verb : array($http_verb); 32 | foreach( $http_verb AS $verb ) { 33 | if (!isset(self::$routes[$verb])) { 34 | self::$routes[$verb] = array(); 35 | } 36 | if ( gettype($page) == 'array' ) { 37 | foreach ( $page as $p ) { 38 | self::$routes[$verb][] = array( 39 | 'regex' => $p, 40 | 'function' => $func 41 | ); 42 | } 43 | } else { 44 | self::$routes[$verb][] = array( 45 | 'regex' => $page, 46 | 'function' => $func 47 | ); 48 | } 49 | } 50 | } 51 | 52 | /** 53 | * @param $str String - The URL segment to make a regex for 54 | * @return String 55 | */ 56 | private static function makeRegex($str) { 57 | $str = str_replace('[string]', '([0-9a-zA-Z\-]{1,})', $str); 58 | $str = str_replace('[int]', '([0-9]{1,})', $str); 59 | $str = str_replace('[hash]', '([0-9a-fA-F]{32})', $str); 60 | $str = str_replace('[account-hash]', '([0-9a-zA-Z]{8})', $str); 61 | $str = '/^'.str_replace('/', '\/', $str).'[\/]?$/'; 62 | return $str; 63 | } 64 | 65 | private static function url() 66 | { 67 | $uri_sp = explode("?",$_SERVER["REQUEST_URI"]); 68 | return strval($uri_sp[0]); 69 | } 70 | 71 | public static function run() 72 | { 73 | $match = false; 74 | if( isset(self::$routes[$_SERVER["REQUEST_METHOD"]]) ) 75 | { 76 | foreach( self::$routes[$_SERVER["REQUEST_METHOD"]] as $page ) 77 | { 78 | $a = @preg_match($page["regex"], self::url(), $matches); 79 | if ($a) { 80 | $action = $page["function"]; 81 | $act = explode('@', $action); 82 | if( count($act) == 2 ) { 83 | $controllerName = $act[0]; 84 | $methodName = $act[1]; 85 | if( file_exists('../controllers/'.$controllerName.'.php') ){ 86 | include_once('../controllers/'.$controllerName.'.php'); 87 | if (method_exists('Controller\\' . $controllerName, $methodName)) { 88 | if (is_callable('Controller\\' . $controllerName, $methodName)) { 89 | call_user_func(array('Controller\\' . $controllerName, $methodName), $matches); 90 | $match = true; 91 | } 92 | } 93 | } 94 | } 95 | } 96 | } 97 | } 98 | if( !$match ){ 99 | View::page(self::$page404); 100 | } 101 | } 102 | 103 | 104 | public static function load(){ 105 | foreach (scandir('../routes') as $f) { 106 | if( $f != '.' && $f != '..' ) { 107 | if (is_dir('../routes/' . $f)) { 108 | foreach (scandir('../routes/'.$f) as $f2) { 109 | if (substr($f2, -3, 3) == 'php') { 110 | include_once('../routes/' . $f.'/'.$f2); 111 | } 112 | } 113 | } else { 114 | if (substr($f, -3, 3) == 'php') { 115 | include_once('../routes/'. $f); 116 | } 117 | } 118 | } 119 | } 120 | 121 | } 122 | 123 | 124 | } 125 | 126 | 127 | 128 | -------------------------------------------------------------------------------- /app/training/View.php: -------------------------------------------------------------------------------- 1 | false, 32 | 'error' => false 33 | ); 34 | if( isset($_POST["username"]) ){ 35 | $users = self::getData(); 36 | if( isset($users[$_POST["username"]]) ){ 37 | $data["success"] = $users[$_POST["username"]]["email"]; 38 | }else{ 39 | $data["error"] = true; 40 | } 41 | } 42 | \View::page('csrf/reset',$data); 43 | } 44 | 45 | 46 | private static function checkLogin(){ 47 | $users = self::getData(); 48 | $user = false; 49 | if( isset($_COOKIE["token"]) && $_COOKIE["token"] == '9738EFC3561120092F7AB66514547475' ) { 50 | $user = $users["admin"]; 51 | } 52 | if( isset($_COOKIE["token"]) && $_COOKIE["token"] == '649EFEE221D752E4E943D7811B95408E' ) { 53 | $user = $users["ben"]; 54 | } 55 | return $user; 56 | } 57 | 58 | 59 | public static function notifications(){ 60 | $users = self::getData(); 61 | if( $user = self::checkLogin() ){ 62 | if( isset($_GET["enabled"]) && $_GET["enabled"] == 'true' ){ 63 | $users[ $user["username"] ]["notifications"] = true; 64 | self::setData( $users ); 65 | \View::redirect('/notifications'); 66 | } 67 | if( isset($_GET["enabled"]) && $_GET["enabled"] == 'false' ){ 68 | $users[ $user["username"] ]["notifications"] = false; 69 | self::setData( $users ); 70 | \View::redirect('/notifications'); 71 | } 72 | $success = false; 73 | if( isset($_POST["email"]) ){ 74 | $users[ $user["username"] ]["email"] = $_POST["email"]; 75 | self::setData( $users ); 76 | $success = true; 77 | } 78 | $data = array( 79 | 'notifications' => $user["notifications"], 80 | 'success' => $success 81 | ); 82 | \View::page('csrf/notifications',$data); 83 | }else{ 84 | \View::redirect('/login'); 85 | } 86 | } 87 | 88 | public static function email(){ 89 | $users = self::getData(); 90 | if( $user = self::checkLogin() ){ 91 | $success = false; 92 | if( isset($_POST["email"]) ){ 93 | $users[ $user["username"] ]["email"] = $_POST["email"]; 94 | self::setData( $users ); 95 | $success = true; 96 | } 97 | $data = array( 98 | 'email' => $user["email"], 99 | 'success' => $success 100 | ); 101 | \View::page('csrf/email',$data); 102 | }else{ 103 | \View::redirect('/login'); 104 | } 105 | } 106 | 107 | public static function password(){ 108 | $users = self::getData(); 109 | if( $user = self::checkLogin() ){ 110 | $error = false; 111 | $success = false; 112 | if( isset($_POST["password"]) ){ 113 | $csrf_pass = true; 114 | if( isset($_POST["csrf"]) ){ 115 | $csrf_pass = false; 116 | $csrf = json_decode(base64_decode($_POST["csrf"]),true); 117 | if( gettype($csrf) == 'array' ){ 118 | if( isset($csrf["data"],$csrf["signature"]) ){ 119 | if( md5('the s3cr3t s4lt'.md5(json_encode($csrf["data"])) ) === $csrf["signature"] ){ 120 | $csrf_pass = true; 121 | } 122 | } 123 | } 124 | } 125 | if( $csrf_pass ){ 126 | $users[ $user["username"] ]["password"] = $_POST["password"]; 127 | self::setData($users); 128 | $success = true; 129 | }else{ 130 | $error = true; 131 | } 132 | } 133 | $datastr = array( 134 | 'user' => $user["username"], 135 | 'random' => md5( date("U").print_r($_SERVER,true).rand() ) 136 | ); 137 | $data = array( 138 | 'success' => $success, 139 | 'error' => $error, 140 | 'csrf' => base64_encode(json_encode(array( 141 | 'data' => $datastr, 142 | 'signature' => md5('the s3cr3t s4lt'.md5(json_encode($datastr)) ) 143 | ))) 144 | ); 145 | \View::page('csrf/password',$data); 146 | }else{ 147 | \View::redirect('/login'); 148 | } 149 | } 150 | 151 | /** 152 | * @return mixed 153 | */ 154 | private static function getData(){ 155 | return json_decode(file_get_contents('../data/csrf/data.txt'),true); 156 | } 157 | 158 | private static function setData($arr){ 159 | file_put_contents('../data/csrf/data.txt',json_encode($arr)); 160 | } 161 | 162 | public static function login(){ 163 | $users = self::getData(); 164 | $error = false; 165 | if( isset($_POST["username"],$_POST["password"]) ){ 166 | $error = true; 167 | if( $_POST["username"] === 'admin' && $users["admin"]["password"] == $_POST["password"] ){ 168 | setcookie('token','9738EFC3561120092F7AB66514547475',time()+3600,'/; Secure; SameSite=None'); 169 | \View::redirect('/'); 170 | } 171 | if( $_POST["username"] === 'ben' && $users["ben"]["password"] == $_POST["password"] ){ 172 | setcookie('token','649EFEE221D752E4E943D7811B95408E',time()+3600,'/; Secure; SameSite=None'); 173 | \View::redirect('/'); 174 | } 175 | } 176 | $data = array( 177 | 'error' => $error 178 | ); 179 | \View::page('csrf/login',$data); 180 | } 181 | 182 | } 183 | -------------------------------------------------------------------------------- /app/training/controllers/Home.php: -------------------------------------------------------------------------------- 1 | 43 42 | )); 43 | }else{ 44 | \Output::error(array( 45 | 'Could not find product ID: '.$_GET["id"] 46 | ),404); 47 | } 48 | } 49 | 50 | 51 | } 52 | 53 | 54 | -------------------------------------------------------------------------------- /app/training/controllers/SQLi.php: -------------------------------------------------------------------------------- 1 | prepare("select * from article where created_at like '%".$_GET["date"]."' "); 20 | $d->execute( array() ); 21 | \Output::success(array( 22 | 'count' => $d->rowCount() 23 | )); 24 | } 25 | 26 | public static function lesson2(){ 27 | $pdo = new \PDO('mysql:host=127.0.0.1;port=3306;dbname='.self::$db,self::$sql_username,self::$sql_password); 28 | $d = $pdo->prepare('select * from article order by id DESC '); 29 | $d->execute( array() ); 30 | $data = array(); 31 | while( $a = $d->fetch() ){ 32 | $data[] = $a; 33 | } 34 | \View::page('sqli/lesson2',$data); 35 | } 36 | 37 | public static function article2(){ 38 | $id = ( isset($_GET["id"]) ) ? intval($_GET["id"]) : 0; 39 | $pdo = new \PDO('mysql:host=127.0.0.1;port=3306;dbname='.self::$db,self::$sql_username,self::$sql_password); 40 | $d = $pdo->prepare('select * from article where id = ? '); 41 | $d->execute( array($id) ); 42 | if( $article = $d->fetch() ){ 43 | \View::page('sqli/article',$article); 44 | }else{ 45 | die("Sorry we could not locate that article"); 46 | } 47 | } 48 | 49 | public static function article(){ 50 | $pdo = new \PDO('mysql:host=127.0.0.1;port=3306;dbname='.self::$db,self::$sql_username,self::$sql_password); 51 | $d = $pdo->prepare('select * from article where id = '.$_GET["id"].' '); 52 | $d->execute( array() ); 53 | $errors = $d->errorInfo(); 54 | if( intval($errors[0]) > 0 ){ 55 | print_r( $errors[2] ); 56 | exit(); 57 | } 58 | if( $article = $d->fetch() ){ 59 | \View::page('sqli/article',$article); 60 | }else{ 61 | die("Sorry we could not locate that article"); 62 | } 63 | } 64 | 65 | 66 | public static function lesson1(){ 67 | $pdo = new \PDO('mysql:host=127.0.0.1;port=3306;dbname='.self::$db,self::$sql_username,self::$sql_password); 68 | $d = $pdo->prepare('select * from article order by id DESC '); 69 | $d->execute( array() ); 70 | $data = array(); 71 | while( $a = $d->fetch() ){ 72 | $data[] = $a; 73 | } 74 | \View::page('sqli/lesson1',$data); 75 | } 76 | 77 | } 78 | -------------------------------------------------------------------------------- /app/training/controllers/SSRF.php: -------------------------------------------------------------------------------- 1 | false, 20 | 'source' => false, 21 | ); 22 | if( isset($_POST["url"]) ){ 23 | ini_set('default_socket_timeout', 2); 24 | $url_sp = explode("/",$_POST["url"]); 25 | $continue = true; 26 | if( substr($_POST["url"],0,7) == 'http://' || substr($_POST["url"],0,8) == 'https://' ){ 27 | if( $url_sp[2] == 'localhost' || $url_sp[2] == 'naham.sec' || $url_sp[2] == '169.254.169.254' || $url_sp[2] == '142.93.35.49' || substr($url_sp[2],0,4) == '127.' ){ 28 | $continue = false; 29 | $data["error"] = 'Only remote URLs are allowed'; 30 | } 31 | }else{ 32 | $continue = false; 33 | $data["error"] = 'URL must start with http:// or https://'; 34 | } 35 | if( $continue ) { 36 | set_error_handler(function ($e, $f) { 37 | SSRF::storeError($f); 38 | }); 39 | if ($getdata = file_get_contents($_POST["url"])) { 40 | $data["source"] = $getdata; 41 | } else { 42 | $data["source"] = self::$errorMsg; 43 | } 44 | } 45 | } 46 | \View::page('ssrf/lesson4',$data); 47 | } 48 | 49 | public static function lesson5(){ 50 | $data = array( 51 | 'error' => false 52 | ); 53 | if( isset($_POST["url"]) ){ 54 | ini_set('default_socket_timeout', 1); 55 | $url_sp = explode("/",$_POST["url"]); 56 | $continue = true; 57 | if( substr($_POST["url"],0,7) == 'http://' || substr($_POST["url"],0,8) == 'https://' ){ 58 | if( $url_sp[2] == 'localhost' || $url_sp[2] == 'naham.sec' || $url_sp[2] == '142.93.35.49' || substr($url_sp[2],0,4) == '127.' ){ 59 | $continue = false; 60 | $data["error"] = 'Only remote URLs are allowed'; 61 | } 62 | }else{ 63 | $continue = false; 64 | $data["error"] = 'URL must start with http:// or https://'; 65 | } 66 | if( $continue ) { 67 | set_error_handler(function ($e, $f) { 68 | SSRF::storeError($f); 69 | }); 70 | if ($getdata = file_get_contents($_POST["url"])) { 71 | $data["source"] = 'Website Is Up'; 72 | } else { 73 | $error = self::$errorMsg; 74 | if( strstr($error,'php_network_getaddresses') ){ 75 | $data["source"] = 'Invalid remote host'; 76 | }elseif( strstr($error,'HTTP request failed!')){ 77 | $data["source"] = 'Invalid HTTP response'; 78 | }else{ 79 | $data["source"] = 'Request Failed'; 80 | } 81 | } 82 | } 83 | } 84 | \View::page('ssrf/lesson5',$data); 85 | } 86 | 87 | public static function lesson4(){ 88 | $data = array( 89 | 'error' => false, 90 | 'source' => '' 91 | ); 92 | if( isset($_POST["url"]) ){ 93 | $continue = true; 94 | if( substr($_POST["url"],0,7) == 'http://' || substr($_POST["url"],0,8) == 'https://' ){ 95 | $url_sp = explode("/",$_POST["url"]); 96 | if( $url_sp[2] == 'naham.sec' || substr($url_sp[2],-18,18) == '.naham.sec' ){ 97 | }else{ 98 | $continue = false; 99 | $data["error"] = 'Only URLs from the naham.sec domain are allowed!'; 100 | } 101 | }else{ 102 | $continue = false; 103 | $data["error"] = 'URL must start with http:// or https://'; 104 | } 105 | if( $continue ) { 106 | $ch = curl_init($_POST["url"]); 107 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 108 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 109 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 110 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 111 | $data["source"] = curl_exec($ch); 112 | } 113 | } 114 | \View::page('ssrf/lesson4',$data); 115 | } 116 | 117 | public static function lesson3(){ 118 | $data = array( 119 | 'source' => '' 120 | ); 121 | if( isset($_POST["url"]) ){ 122 | $url_sp = explode("/",$_POST["url"]); 123 | if( substr($url_sp[2],-6,6) == ':10000' ) { 124 | sleep(4); 125 | $data["source"] = 'Timeout Error'; 126 | }else { 127 | set_error_handler(function ($e, $f) { 128 | SSRF::storeError($f); 129 | }); 130 | if ($getdata = file_get_contents($_POST["url"])) { 131 | $data["source"] = $getdata; 132 | } else { 133 | $data["source"] = self::$errorMsg; 134 | } 135 | } 136 | } 137 | \View::page('ssrf/lesson3',$data); 138 | } 139 | 140 | 141 | public static function lesson2(){ 142 | $data = array( 143 | 'file' => false 144 | ); 145 | if( isset($_POST["url"]) ){ 146 | $file = md5( date("U").rand().print_r($_POST,true).print_r($_SERVER,true) ).'.jpg'; 147 | $file_dst = getcwd().'/screenshots/'.$file; 148 | system('google-chrome-stable --headless --disable-gpu --no-sandbox --screenshot='.$file_dst.' '.$_POST["url"] ); 149 | $data["file"] = $file; 150 | } 151 | \View::page('ssrf/lesson2',$data); 152 | } 153 | 154 | public static function lesson7(){ 155 | $data = array( 156 | 'error' => false 157 | ); 158 | if( isset($_POST["url"]) ){ 159 | if (filter_var($_POST["url"], FILTER_VALIDATE_URL)) { 160 | $url = escapeshellarg($_POST["url"]); 161 | $pdf = md5(microtime().rand().print_r($_SERVER,true)); 162 | system("google-chrome-stable --headless --disable-gpu --print-to-pdf=screenshots/".$pdf.".pdf ".$url); 163 | \View::redirect('/screenshots/'.$pdf.'.pdf'); 164 | } else { 165 | $data["error"] = 'The URL entered is invalid'; 166 | } 167 | } 168 | \View::page('ssrf/lesson7'); 169 | } 170 | 171 | public static function lesson1(){ 172 | $data = array( 173 | 'source' => '' 174 | ); 175 | if( isset($_POST["url"]) ){ 176 | $ch = curl_init($_POST["url"]); 177 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 178 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 179 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 180 | $data["source"] = curl_exec($ch); 181 | } 182 | \View::page('ssrf/lesson1',$data); 183 | } 184 | } 185 | -------------------------------------------------------------------------------- /app/training/controllers/Upload.php: -------------------------------------------------------------------------------- 1 | $_FILES["file"]["name"], 21 | ); 22 | move_uploaded_file($_FILES["file"]["tmp_name"],getcwd().'/uploads/'.$_FILES["file"]["name"] ); 23 | file_put_contents('uploads/filelist.json', json_encode($upload_file) ); 24 | }else{ 25 | $error = true; 26 | } 27 | } 28 | $data = array( 29 | 'error' => $error, 30 | 'files' => json_decode(file_get_contents('uploads/filelist.json'),true) 31 | ); 32 | \View::page('upload/lesson1',$data); 33 | } 34 | 35 | public static function lesson2(){ 36 | $error = false; 37 | if( isset($_GET["clear"] ) ){ 38 | file_put_contents('uploads/filelist2.json', '[]' ); 39 | \View::redirect('/'); 40 | } 41 | if( isset($_FILES["file"]) ){ 42 | if( strtolower($_FILES["file"]["type"]) === 'image/jpeg' || strtolower($_FILES["file"]["type"]) === 'image/jpg' ){ 43 | $upload_file = json_decode(file_get_contents('uploads/filelist2.json'),true); 44 | $upload_file[] = array( 45 | 'name' => $_FILES["file"]["name"], 46 | ); 47 | move_uploaded_file($_FILES["file"]["tmp_name"],getcwd().'/uploads/'.$_FILES["file"]["name"] ); 48 | file_put_contents('uploads/filelist2.json', json_encode($upload_file) ); 49 | }else{ 50 | $error = true; 51 | } 52 | } 53 | $data = array( 54 | 'error' => $error, 55 | 'files' => json_decode(file_get_contents('uploads/filelist2.json'),true) 56 | ); 57 | \View::page('upload/lesson2',$data); 58 | } 59 | 60 | } -------------------------------------------------------------------------------- /app/training/controllers/XSS.php: -------------------------------------------------------------------------------- 1 | ( ( isset($_POST["name"]) ) ? $_POST["name"] : false ) 14 | ); 15 | \View::page('xss/lesson1',$data); 16 | } 17 | 18 | public static function lesson2(){ 19 | $data = array( 20 | 'name' => ( ( isset($_POST["name"]) ) ? $_POST["name"] : false ) 21 | ); 22 | \View::page('xss/lesson2',$data); 23 | } 24 | 25 | public static function lesson3(){ 26 | $data = array( 27 | 'name' => ( ( isset($_POST["name"]) ) ? $_POST["name"] : false ) 28 | ); 29 | \View::page('xss/lesson3',$data); 30 | } 31 | 32 | public static function lesson4(){ 33 | if( isset($_GET["name"]) ){ 34 | $_GET["name"] = str_replace("<","<",$_GET["name"]); 35 | $_GET["name"] = str_replace(">",">",$_GET["name"]); 36 | } 37 | $data = array( 38 | 'name' => ( ( isset($_GET["name"]) ) ? $_GET["name"] : false ) 39 | ); 40 | \View::page('xss/lesson4',$data); 41 | } 42 | 43 | 44 | } 45 | -------------------------------------------------------------------------------- /app/training/controllers/XXE.php: -------------------------------------------------------------------------------- 1 | loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD); 17 | $creds = simplexml_import_dom($dom); 18 | foreach( $creds->url as $url ){ 19 | $data["urls"][] = $url->loc; 20 | } 21 | } 22 | \View::page('xxe/lesson1',$data); 23 | } 24 | 25 | public static function lesson2(){ 26 | $data = array( 27 | 'done' => false 28 | ); 29 | if( isset($_FILES["file"]) ){ 30 | $data["urls"] = array(); 31 | libxml_disable_entity_loader (false); 32 | $xmlfile = file_get_contents($_FILES["file"]["tmp_name"]); 33 | $dom = new \DOMDocument(); 34 | $dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD); 35 | simplexml_import_dom($dom); 36 | $data["done"] = true; 37 | } 38 | \View::page('xxe/lesson2',$data); 39 | } 40 | 41 | } -------------------------------------------------------------------------------- /app/training/data/blogcomments/1605946074.txt: -------------------------------------------------------------------------------- 1 | Wow, that's really interesting! -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606601736.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799176.txt: -------------------------------------------------------------------------------- 1 | adas -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799181.txt: -------------------------------------------------------------------------------- 1 | asdsada -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799188.txt: -------------------------------------------------------------------------------- 1 | asdada -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799261.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799292.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799386.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /app/training/data/blogcomments/1606799469.txt: -------------------------------------------------------------------------------- 1 | $output"; 4 | ?> -------------------------------------------------------------------------------- /app/training/data/csrf/data.txt: -------------------------------------------------------------------------------- 1 | {"admin":{"username":"admin","password":"admin","email":"admin@admin.test","notifications":false},"ben":{"username":"ben","password":"ben","email":"ben@nahamsec.test","notifications":false}} -------------------------------------------------------------------------------- /app/training/data/images/cat1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/data/images/cat1.jpg -------------------------------------------------------------------------------- /app/training/data/images/cat2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/data/images/cat2.jpg -------------------------------------------------------------------------------- /app/training/data/images/cat3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/data/images/cat3.jpg -------------------------------------------------------------------------------- /app/training/data/images/cat4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/data/images/cat4.gif -------------------------------------------------------------------------------- /app/training/data/images/cat5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/data/images/cat5.jpg -------------------------------------------------------------------------------- /app/training/data/test.txt: -------------------------------------------------------------------------------- 1 | dsfsfdf 2 | -------------------------------------------------------------------------------- /app/training/models/Http.php: -------------------------------------------------------------------------------- 1 | data = $data; 10 | $this->status = $status; 11 | } 12 | 13 | 14 | public function getData(){ 15 | return $this->data; 16 | } 17 | 18 | public function getJSON() { 19 | return json_decode($this->data, true); 20 | } 21 | 22 | public function getHttpStatus() { 23 | return $this->status; 24 | } 25 | 26 | 27 | } 28 | 29 | class Http { 30 | 31 | private $ch; 32 | private $headers = array(); 33 | 34 | public function __construct($url){ 35 | $this->ch = curl_init($url); 36 | curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0); 37 | curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0); 38 | curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, true); 39 | } 40 | 41 | public function method($method){ 42 | curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, strtoupper($method) ); 43 | return $this; 44 | } 45 | 46 | public function json($json){ 47 | $this->headers[] = 'Content-Type: application/json'; 48 | $this->headers[] = 'Content-Length: ' . strlen($json); 49 | curl_setopt($this->ch, CURLOPT_POSTFIELDS, $json); 50 | return $this; 51 | } 52 | 53 | public function credentials($username,$password){ 54 | curl_setopt($this->ch, CURLOPT_USERPWD, $username.':'.$password); 55 | curl_setopt($this->ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); 56 | return $this; 57 | } 58 | 59 | public function header($header){ 60 | $this->headers[] = $header; 61 | return $this; 62 | } 63 | 64 | public function cookieStore($name){ 65 | curl_setopt($this->ch, CURLOPT_COOKIEJAR, '/tmp/'.$name.'-cookies.txt'); 66 | curl_setopt($this->ch, CURLOPT_COOKIEFILE, '/tmp/'.$name.'-cookies.txt'); 67 | return $this; 68 | } 69 | 70 | public function timeout($i){ 71 | curl_setopt($this->ch, CURLOPT_TIMEOUT, 1 ); 72 | return $this; 73 | } 74 | 75 | public function postfields($data){ 76 | curl_setopt($this->ch, CURLOPT_POSTFIELDS, http_build_query($data) ); 77 | curl_setopt($this->ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen( http_build_query($data) ))); 78 | return $this; 79 | } 80 | 81 | public function postJsonString($data){ 82 | $this->headers[] = 'Content-Type: application/json'; 83 | curl_setopt($this->ch, CURLOPT_POSTFIELDS, $data ); 84 | curl_setopt($this->ch, CURLOPT_HTTPHEADER, array('Content-Length: ' . strlen( $data ))); 85 | return $this; 86 | } 87 | 88 | public function send(){ 89 | //curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, true); 90 | if( $this->headers ){ 91 | curl_setopt($this->ch, CURLOPT_HTTPHEADER, $this->headers); 92 | } 93 | curl_setopt($this->ch, CURLOPT_VERBOSE, 1); 94 | curl_setopt($this->ch, CURLOPT_HEADER, 1); 95 | curl_setopt($this->ch, CURLINFO_HEADER_OUT, true); 96 | $response = curl_exec($this->ch); 97 | $header_size = curl_getinfo($this->ch, CURLINFO_HEADER_SIZE); 98 | $body = substr($response, $header_size); 99 | return new HttpResult( $body, curl_getinfo($this->ch, CURLINFO_HTTP_CODE) ); 100 | } 101 | 102 | 103 | /** 104 | * @param $url 105 | * @param array $headers 106 | * @return bool|array 107 | */ 108 | public static function getJson($url, $headers=array()){ 109 | $send_headers = array(); 110 | if( gettype($headers) == 'array' ){ 111 | foreach( $headers as $h ){ 112 | $send_headers[] = $h; 113 | } 114 | } 115 | $ch = curl_init($url); 116 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 117 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 118 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 119 | if( $send_headers ) { 120 | curl_setopt($ch, CURLOPT_HTTPHEADER, $send_headers); 121 | } 122 | $result = curl_exec($ch); 123 | $data = json_decode( $result ,true); 124 | return ( gettype($data) == 'array' ) ? $data : false; 125 | } 126 | 127 | 128 | /** 129 | * @param $url 130 | * @param array $headers 131 | * @return bool|array 132 | */ 133 | public static function get($url, $headers=array()){ 134 | $send_headers = array(); 135 | if( gettype($headers) == 'array' ){ 136 | foreach( $headers as $h ){ 137 | $send_headers[] = $h; 138 | } 139 | } 140 | $ch = curl_init($url); 141 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 142 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 143 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 144 | if( $send_headers ) { 145 | curl_setopt($ch, CURLOPT_HTTPHEADER, $send_headers); 146 | } 147 | $result = curl_exec($ch); 148 | return $result; 149 | } 150 | 151 | 152 | public static function postXML($url,$data){ 153 | $ch = curl_init(); 154 | curl_setopt($ch, CURLOPT_HEADER, 0); 155 | curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 156 | curl_setopt($ch, CURLOPT_URL, $url); 157 | curl_setopt($ch, CURLOPT_POST, 1); 158 | curl_setopt($ch, CURLOPT_POSTFIELDS, $data); 159 | $content=curl_exec($ch); 160 | try{ 161 | $xml = new \SimpleXMLElement($content); 162 | return $xml; 163 | }catch (\Exception $e){ 164 | return false; 165 | } 166 | } 167 | 168 | 169 | 170 | public static function postJson($url, $postdata,$headers=array()) 171 | { 172 | $ch = curl_init($url); 173 | $send_headers = array( 174 | 'Content-Type: application/json', 175 | 'Content-Length: ' . strlen($postdata) 176 | ); 177 | if( gettype($headers) == 'array' ){ 178 | foreach( $headers as $h ){ 179 | $send_headers[] = $h; 180 | } 181 | } 182 | curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 183 | curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); 184 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); 185 | curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata); 186 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 187 | curl_setopt($ch, CURLOPT_HTTPHEADER, $send_headers); 188 | $result = curl_exec($ch); 189 | $data = json_decode( $result ,true); 190 | return ( gettype($data) == 'array' ) ? $data : false; 191 | } 192 | 193 | 194 | public static function post($url,$data, $content_type='application/json') 195 | { 196 | $ch = curl_init($url); 197 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 198 | curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 199 | curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 200 | curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data) ); 201 | curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: '.$content_type,'Content-Length: ' . strlen( http_build_query($data) ))); 202 | return curl_exec($ch); 203 | } 204 | 205 | 206 | } -------------------------------------------------------------------------------- /app/training/public/contacts.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | ben 6 | ben@test.com 7 | 8 | 9 | adam 10 | adam@test.com 11 | 12 | 13 | test 14 | test@test.com 15 | 16 | -------------------------------------------------------------------------------- /app/training/public/evil.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | ]> 4 | 5 | 6 | &xxe; 7 | 8 | -------------------------------------------------------------------------------- /app/training/public/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /app/training/public/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /app/training/public/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /app/training/public/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /app/training/public/images/pic.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/images/pic.jpg -------------------------------------------------------------------------------- /app/training/public/index.php: -------------------------------------------------------------------------------- 1 | 3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.7",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));if(!(a>this.$items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){if(!this.sliding)return this.slide("next")},c.prototype.prev=function(){if(!this.sliding)return this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.7",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger(a.Event("hidden.bs.dropdown",f)))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.7",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger(a.Event("shown.bs.dropdown",h))}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);if(c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),!c.isInStateTrue())return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null,a.$element=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;!e&&/destroy|hide/.test(b)||(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.7",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.7",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.7",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return e=a-d&&"bottom"},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); -------------------------------------------------------------------------------- /app/training/public/screenshots/000d0ede39250e1f69a14f2e82532d65.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/000d0ede39250e1f69a14f2e82532d65.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/0cdb4db49bfbb9bdbe054385ffb325fc.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/0cdb4db49bfbb9bdbe054385ffb325fc.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/2729e75cb8cbdd0355f7be90f48779df.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/2729e75cb8cbdd0355f7be90f48779df.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/2b94f05776233079db8405f0a67c69ab.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/2b94f05776233079db8405f0a67c69ab.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/3c71d453b10394dfb8352c308403bdd0.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/3c71d453b10394dfb8352c308403bdd0.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/55ae3a70bb5c10170cb25c29c6230d7e.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/55ae3a70bb5c10170cb25c29c6230d7e.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/741beaefebbefeda751b0092aaed0df6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/741beaefebbefeda751b0092aaed0df6.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/8621cce262cdabf4244bf01fe69a8cfd.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/8621cce262cdabf4244bf01fe69a8cfd.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/8ac79bc2e512be56256af1ae359076ac.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/8ac79bc2e512be56256af1ae359076ac.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/8b49500aa7f0f76d0323d0077f23ab53.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/8b49500aa7f0f76d0323d0077f23ab53.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/93f3c268332af6a999c42a4db9faebf1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/93f3c268332af6a999c42a4db9faebf1.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/a3258584cbb46c31e972a05494b31ced.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/a3258584cbb46c31e972a05494b31ced.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/b0fd1978534e54285d6c5c09d6d0a8f6.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/b0fd1978534e54285d6c5c09d6d0a8f6.pdf -------------------------------------------------------------------------------- /app/training/public/screenshots/bb09d5a3a51f177373e579648c4c89aa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/bb09d5a3a51f177373e579648c4c89aa.pdf -------------------------------------------------------------------------------- /app/training/public/screenshots/e249c5044203b3c658a7ca8dff7d99eb.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/e249c5044203b3c658a7ca8dff7d99eb.jpg -------------------------------------------------------------------------------- /app/training/public/screenshots/e9464cb85c678785474a4d3b744a5a5c.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nahamsec/nahamsec.training/9672bc0ef782029927c4f30570b73bfbf634be9d/app/training/public/screenshots/e9464cb85c678785474a4d3b744a5a5c.pdf -------------------------------------------------------------------------------- /app/training/public/sitemap.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | https://www.google.com/ 6 | 1.0 7 | 8 | 9 | https://www.google.com/test 10 | 1.0 11 | 12 | 13 | https://www.google.com/test-2 14 | 1.0 15 | 16 | -------------------------------------------------------------------------------- /app/training/public/uploads/filelist.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /app/training/public/uploads/filelist2.json: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /app/training/routes/url.php: -------------------------------------------------------------------------------- 1 | 1, 9 | 'xss' => 1, 10 | 'xss2' => 1, 11 | 'xss3' => 1, 12 | 'xss4' => 1, 13 | 'or1' => 1, 14 | 'or2' => 1, 15 | 'csrf' => 1, 16 | 'idor' => 1, 17 | 'lfi' => 1, 18 | 'sqli' => 1, 19 | 'sqli2' => 1, 20 | 'ssrf' => 1, 21 | 'ssrf2' => 1, 22 | 'ssrf3' => 1, 23 | 'ssrf4' => 1, 24 | 'ssrf5' => 1, 25 | 'ssrf6' => 1, 26 | 'ssrf7' => 1, 27 | 'xxe' => 1, 28 | 'xxe2' => 1, 29 | 'upload' => 1, 30 | 'upload2' => 1, 31 | 'rce' => 1, 32 | 'rce2' => 1, 33 | 'rce3' => 1, 34 | ); 35 | \Controller\Home::$modules = $valid_modules; 36 | 37 | 38 | if( isset($valid_modules[$module]) ) { 39 | 40 | 41 | if( $module == 'rce' ){ 42 | Route::add(array('GET', 'POST'), '/', 'RCE@lesson1'); 43 | Route::add(array('GET', 'POST'), '/stock-check', 'RCE@lesson1StockCheck'); 44 | Route::add(array('GET', 'POST'), '/stock', 'RCE@lesson1Stock'); 45 | } 46 | 47 | if( $module == 'rce2' ){ 48 | Route::add(array('GET', 'POST'), '/', 'RCE@lesson2'); 49 | } 50 | 51 | if( $module == 'rce3' ){ 52 | Route::add(array('GET', 'POST'), '/', 'RCE@lesson3'); 53 | Route::add(array('GET', 'POST'), '/comment/[int]', 'RCE@lesson3comment'); 54 | } 55 | 56 | if( $module == 'xss' ){ 57 | Route::add(array('GET', 'POST'), '/', 'XSS@lesson1'); 58 | } 59 | 60 | if( $module == 'xss2' ){ 61 | Route::add(array('GET', 'POST'), '/', 'XSS@lesson2'); 62 | } 63 | 64 | if( $module == 'xss3' ){ 65 | Route::add(array('GET', 'POST'), '/', 'XSS@lesson3'); 66 | } 67 | 68 | if( $module == 'xss4' ){ 69 | Route::add(array('GET', 'POST'), '/', 'XSS@lesson4'); 70 | } 71 | 72 | 73 | if( $module == 'or1' ){ 74 | Route::add(array('GET', 'POST'), '/', 'OpenRedirect@lesson1'); 75 | } 76 | 77 | if( $module == 'or2' ){ 78 | Route::add(array('GET', 'POST'), '/', 'OpenRedirect@lesson2'); 79 | } 80 | 81 | if( $module == 'ssrf' ){ 82 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson1'); 83 | } 84 | 85 | if( $module == 'ssrf2' ){ 86 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson2'); 87 | } 88 | 89 | if( $module == 'ssrf3' ){ 90 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson3'); 91 | } 92 | 93 | if( $module == 'ssrf4' ){ 94 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson4'); 95 | } 96 | 97 | if( $module == 'ssrf5' ){ 98 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson5'); 99 | } 100 | 101 | if( $module == 'ssrf6' ){ 102 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson6'); 103 | } 104 | 105 | if( $module == 'ssrf7' ){ 106 | Route::add(array('GET', 'POST'), '/', 'SSRF@lesson7'); 107 | } 108 | 109 | if( $module == 'lfi' ){ 110 | Route::add(array('GET', 'POST'), '/', 'LFI@lesson1'); 111 | Route::add(array('GET', 'POST'), '/image', 'LFI@image'); 112 | } 113 | 114 | if( $module == 'csrf' ){ 115 | Route::add(array('GET', 'POST'), '/', 'CSRF@home'); 116 | Route::add(array('GET', 'POST'), '/logout', 'CSRF@logout'); 117 | Route::add(array('GET', 'POST'), '/login', 'CSRF@login'); 118 | Route::add(array('GET', 'POST'), '/email', 'CSRF@email'); 119 | Route::add(array('GET', 'POST'), '/reset-password', 'CSRF@resetPassword'); 120 | Route::add(array('GET', 'POST'), '/password', 'CSRF@password'); 121 | Route::add(array('GET', 'POST'), '/notifications', 'CSRF@notifications'); 122 | Route::add(array('GET', 'POST'), '/reset', 'CSRF@reset'); 123 | } 124 | 125 | if( $module == 'idor' ){ 126 | Route::add(array('GET', 'POST'), '/', 'IDOR@lesson1'); 127 | Route::add(array('GET', 'POST'), '/settings/[int]', 'IDOR@account'); 128 | } 129 | 130 | if( $module == 'sqli' ) { 131 | Route::add(array('GET', 'POST'), '/', 'SQLi@lesson1'); 132 | Route::add(array('GET', 'POST'), '/article', 'SQLi@article'); 133 | } 134 | 135 | if( $module == 'sqli2' ) { 136 | Route::add(array('GET', 'POST'), '/', 'SQLi@lesson2'); 137 | Route::add(array('GET', 'POST'), '/article', 'SQLi@article2'); 138 | Route::add(array('GET', 'POST'), '/article-count', 'SQLi@articleCount'); 139 | } 140 | 141 | if( $module == 'xxe' ) { 142 | Route::add(array('GET', 'POST'), '/', 'XXE@lesson1'); 143 | } 144 | 145 | if( $module == 'xxe2' ) { 146 | Route::add(array('GET', 'POST'), '/', 'XXE@lesson2'); 147 | } 148 | 149 | if( $module == 'upload' ) { 150 | Route::add(array('GET', 'POST'), '/', 'Upload@lesson1'); 151 | } 152 | 153 | if( $module == 'upload2' ) { 154 | Route::add(array('GET', 'POST'), '/', 'Upload@lesson2'); 155 | } 156 | 157 | if( $module == 'www' ) { 158 | Route::add(array('GET', 'POST'), '/', 'Home@listAll'); 159 | } 160 | 161 | 162 | }else{ 163 | View::page('invalid'); 164 | } 165 | -------------------------------------------------------------------------------- /app/training/templates/404.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Page Not Found 9 | 10 | 11 |

Page Not Found

12 | 13 | -------------------------------------------------------------------------------- /app/training/templates/csrf/dash.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Logout 11 |
12 |
13 |
14 | 15 |
16 |
17 |

Settings

18 |
19 |
20 | 25 |
26 |
27 |
28 |
29 |
30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /app/training/templates/csrf/email.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Logout 11 |
12 |
13 |
14 | 15 |
    16 |
  1. Dashboard
    2. 17 |
  2. Update Email
    3. 18 |
19 | 20 | 21 |
22 |

Email Address Updated

23 |
24 | 25 |
26 |
27 |

Update Email

28 |
29 |
30 |
31 |
32 |
">
33 | 34 |
35 |
36 |
37 | 38 |
39 |
40 |
41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /app/training/templates/csrf/login.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 | 14 |
15 |

Invalid username / password

16 |
17 | 18 |
19 |
20 |

Login

21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 | Reset Password 30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /app/training/templates/csrf/notifications.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Logout 11 |
12 |
13 |
14 |
    15 |
  1. Dashboard
    2. 16 |
  2. Notifications
    3. 17 |
18 |
19 |
20 |

Update Notifications

21 |
22 |
23 |

Notifications are currently set to ACTIVE' : 'DISABLED'; ?>

24 | 25 | Disable Notifications 26 | 27 | Enable Notifications 28 | 29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /app/training/templates/csrf/password.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Logout 11 |
12 |
13 |
14 | 15 |
    16 |
  1. Dashboard
    2. 17 |
  2. Update Password
    3. 18 |
19 | 20 | 21 | 22 |
23 |

Password Updated

24 |
25 | 26 | 27 | 28 | 29 | 30 |
31 |

Invalid CSRF Token

32 |
33 | 34 | 35 | 36 |
37 |
38 |

Update Password

39 |
40 |
41 |
42 | "> 43 |
44 |
45 | 46 |
47 |
48 |
49 | 50 |
51 |
52 |
53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /app/training/templates/csrf/reset.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 | 14 |
15 |

Invalid username

16 |
17 | 18 |
19 |
20 |

Reset Password

21 |
22 |
23 | 24 |
25 |

Password reset link sent to

26 | 27 |
28 | 29 |
30 |
31 |
32 |
33 | Back To Login 34 |
35 |
36 | 37 |
38 |
39 |
40 |
41 |
42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /app/training/templates/idor/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 |
14 |
15 |

User Settings

16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 | 25 |
26 |
27 |
28 |
29 |
30 | 31 | 32 | 39 | 40 | -------------------------------------------------------------------------------- /app/training/templates/invalid.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Page Not Found 9 | 10 | 11 |

Invalid Module Name

12 | 13 | 14 | -------------------------------------------------------------------------------- /app/training/templates/lfi/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | My Cat Pics 4 | 7 | 8 | 9 |

My Favourite Cat Pics

10 |
11 |
12 |
13 |
14 |
15 | 16 | -------------------------------------------------------------------------------- /app/training/templates/list.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Nahamsec Training Udemy Course 5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 |
13 |
14 | 15 |

Nahamsec Training

16 |
These labs have been developed for the udemy course organized by Nahamsec
17 | 18 |
19 |
20 |

Challenges

21 |
22 |
23 |
    24 | $foobar ){ ?> 27 |
    • 28 | 29 |
30 |
31 |
32 |
33 |
34 |
35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /app/training/templates/or/lesson1-2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 |

Welcome To My Website

14 |
15 | Have you seen this new website called Google? 16 |
17 | 18 |
19 |
20 |
21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /app/training/templates/rce/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

View Product

12 |
13 |
14 | 15 |
16 |
17 |

Hacker Stickers

18 |

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi tristique arcu sed lacus fringilla auctor. Phasellus rutrum, metus non sodales fermentum, odio lacus fringilla magna, ac finibus risus magna et ante. Curabitur eleifend tellus vel rutrum consequat. In a nisi rutrum nisi eleifend consectetur quis non orci. Aenean id eleifend justo, id sagittis dui. Aliquam erat volutpat. Etiam euismod mauris et sollicitudin ultricies

19 | 20 |
21 |
22 |
23 | 24 | 25 | 34 | 35 | -------------------------------------------------------------------------------- /app/training/templates/rce/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

Ping Tool

12 |
13 |
14 | 15 |
16 |
17 | 18 |
19 |
20 | 21 | 22 | 23 | 24 | 25 |
26 |
27 |
28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /app/training/templates/rce/lesson3.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

Blog Post

12 |
13 |
14 | 15 |
16 |
Blog Post
17 |
In lacinia turpis ac maximus tincidunt. Proin aliquam dui lacus, sit amet venenatis odio vehicula ut. Nulla facilisis urna nisl, et posuere est ornare nec. Proin diam mi, congue vel lorem in, luctus bibendum justo. Nulla placerat ultricies convallis. Quisque vitae interdum neque, quis porta eros. Vivamus sapien nisi, hendrerit sed iaculis sit amet, dignissim ut augue. Pellentesque porttitor mauris sit amet dolor cursus, quis rhoncus dolor ultricies.
18 |
19 | 20 |
21 |
Comments
22 |
23 |
24 | 33 |
34 |
35 |
36 | 37 |
38 |
Leave Comment
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 | 47 |
48 |
49 |
50 | 51 | 52 | 59 | 60 | -------------------------------------------------------------------------------- /app/training/templates/sqli/article.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 | 14 |
15 |
16 |

17 |
18 |
19 | 20 |
Article Created:
21 |
22 |
23 |
24 |
25 |
26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /app/training/templates/sqli/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 |
14 |
15 |
16 |
17 |

18 |
19 |
20 |
...
21 |
">read more...
22 |
Article Created:
23 |
24 |
25 |
26 |
27 | 28 | 29 |
30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /app/training/templates/sqli/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 |
14 |
15 |
16 |
17 |

18 |
19 |
20 |
...
21 |
">read more...
22 |
Article Created:
23 |
24 |
25 |
26 |
27 | 28 | 29 | 30 |
31 |
32 |

article(s) created this month

33 |
34 |
35 | 36 | 37 | 38 | 39 |
40 | 41 | 42 | 47 | 48 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Source Code Tool

13 |

View the source of any website

14 | 15 |
16 |
17 |
18 |
19 |
20 | 21 |
22 |
23 | 24 |
25 |
26 |
27 |
28 |
29 | 30 | 31 |
32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Screenshot Tool

13 |

Get a screenshot of any website

14 | 15 |
16 |
17 |
18 |
19 |
20 | 21 |
22 |
23 | 24 |
25 |
26 |
27 |
28 |
29 | 30 | 31 | 32 |
33 | ">View your screenshot 34 |
35 | 36 | 37 |
38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson3.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Source Code Tool v2

13 |

View the source of any website

14 | 15 |
16 |
17 |
18 |
19 |
20 | 21 |
22 |
23 | 24 |
25 |
26 |
27 |
28 |
29 | 30 | 31 |
32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson4-5.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Source Code Tool v3

13 |

View the source of any website

14 | 15 |
16 |
17 | 18 |
19 |

20 |
21 | 22 |
23 |
24 |
25 | 26 |
27 |
28 | 29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 |
37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson4.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Source Code Tool v3

13 |

View the source of any website

14 | 15 |
16 |
17 | 18 |
19 |

20 |
21 | 22 |
23 |
24 |
25 | 26 |
27 |
28 | 29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 |
37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson5.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Website Checker

13 |

Check whether a website is up!

14 | 15 |
16 |
17 | 18 |
19 |

20 |
21 | 22 |
23 |
24 |
25 | 26 |
27 |
28 | 29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 | 37 |
38 | 39 | 40 | 41 |
42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /app/training/templates/ssrf/lesson7.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

Screenshot Tool

12 |

Take a screenshot of any website

13 |
14 |
15 |
16 |
17 |
18 | 19 |
20 |
21 | 22 |
23 |
24 |
25 |
26 |
27 |
28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /app/training/templates/upload/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Photo Store

13 |

We can store your photos!

14 |
( jpg, jpeg, gif and png only )
15 | 16 |
17 |
18 | 19 | 20 |
21 |

Invalid file extension

22 |
23 | 24 | 25 |
26 |
27 |
28 | 29 |
30 |
31 | 32 |
33 |
34 |
35 |
36 |
37 | 38 |

Uploaded Files

39 | 40 |
" target="_blank">
41 | 42 | 43 | 44 |
45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /app/training/templates/upload/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Photo Store v2

13 |

We can store your photos!

14 |
( jpg only )
15 | 16 |
17 |
18 | 19 | 20 |
21 |

Invalid content type detected

22 |
23 | 24 | 25 |
26 |
27 |
28 | 29 |
30 |
31 | 32 |
33 |
34 |
35 |
36 |
37 | 38 |

Uploaded Files

39 | 40 |
" target="_blank">
41 | 42 | 43 | 44 |
45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /app/training/templates/xss/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 | 14 |
15 |

Hello,

16 |
17 | 18 |
19 |
20 |

What's your name?

21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 | 31 |
32 |
33 |
34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /app/training/templates/xss/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |
12 |
13 | 14 |
15 |

Hello, ">

16 |
17 | 18 |
19 |
20 |

What's your name?

21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 | 31 |
32 |
33 |
34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /app/training/templates/xss/lesson3.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | <?php echo ( $data["name"] ) ? 'Welcome, '.$data["name"] : 'Enter Your Name'; ?> 8 | 9 | 10 | 11 |
12 |
13 |
14 | 15 |
16 |

Thanks for entering your name

17 |
18 | 19 |
20 |
21 |

What's your name?

22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 | 32 |
33 |
34 |
35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /app/training/templates/xss/lesson4.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Enter your name! 8 | 9 | 10 | 11 |
12 |
13 |
14 | 15 |
16 |

Thanks for entering your name

17 |
18 | 19 |
20 |
21 |

What's your name?

22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 | 32 |
33 |
34 |
35 | 36 | 37 | 38 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /app/training/templates/xxe/lesson1.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 |

Sitemap Tool

13 |

Get a list of links from a sitemap.xml file

14 |
Sample File
15 | 16 |
17 |
18 |
19 |
20 |
21 | 22 |
23 |
24 | 25 |
26 |
27 |
28 |
29 |
30 | 31 | 32 |

URL Results

33 | 34 |
35 | 36 | 37 | 38 |
39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /app/training/templates/xxe/lesson2.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 |

Upload Contacts

12 |

Upload your contacts here!

13 |
Sample Contact File
14 |
15 |
16 |
17 | 18 |
19 |

Upload Complete

20 |
21 | 22 |
23 |
24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 |
32 |
33 |
34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /db.sql: -------------------------------------------------------------------------------- 1 | CREATE database nahamsec; 2 | USE nahamsec; 3 | 4 | CREATE TABLE `article` ( 5 | `id` int(11) NOT NULL, 6 | `title` varchar(250) NOT NULL, 7 | `contents` text NOT NULL, 8 | `created_at` varchar(20) NOT NULL 9 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 10 | 11 | INSERT INTO `article` (`id`, `title`, `contents`, `created_at`) VALUES 12 | (1, 'How to get started in hacking', ' Mauris et tempus purus. Vivamus a eros pulvinar, tristique massa sit amet, molestie sem. Aenean ullamcorper ligula eget nulla gravida, in congue metus ultricies. Nulla quis nisl nulla. Nunc pretium iaculis posuere. Donec ac dignissim tortor, sit amet rhoncus felis. Praesent a diam magna. Etiam vestibulum nisi vel aliquam eleifend. In hac habitasse platea dictumst.\n\nNunc vel pellentesque nulla. Sed tempor risus volutpat arcu dignissim porttitor. Suspendisse scelerisque augue lectus, at pharetra lectus hendrerit ut. Morbi vel leo semper, egestas est et, lobortis mauris. Nullam sit amet rutrum lectus. Phasellus volutpat finibus tristique. Fusce et felis metus. Suspendisse in risus nec nisi aliquet consequat. Phasellus fringilla viverra iaculis. Maecenas ultrices quam vel velit pretium, et tristique nisl fermentum. Curabitur eu volutpat risus. Suspendisse ac viverra est, et rutrum diam. Etiam accumsan massa id velit bibendum malesuada. Nulla elit urna, lobortis tempus lorem ut, luctus tincidunt felis. Praesent mattis erat id orci volutpat, at pharetra purus ullamcorper. ', '13th May 2020'), 13 | (2, 'The meaning of life', ' Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus tincidunt nec ipsum et lacinia. Donec semper orci vitae urna bibendum mollis. Fusce ultrices bibendum interdum. Nulla fermentum at diam id rhoncus. Aenean convallis turpis risus. Praesent lorem augue, elementum vitae interdum ac, vehicula a diam. Ut mauris neque, malesuada sit amet ex nec, ornare ultrices libero. Curabitur egestas facilisis justo sed tempor.\n\nPellentesque eget orci at ante gravida blandit. Nullam turpis eros, tristique vehicula efficitur eget, ullamcorper ac metus. Cras elementum libero leo, nec sagittis diam commodo at. Vestibulum sed felis a lorem viverra congue a dapibus ex. In ut sodales ante. Etiam a nibh dui. Quisque tempus, eros sed dictum facilisis, sem nunc efficitur sem, a maximus mi ex et urna. Curabitur vitae quam odio. Donec viverra mattis augue sit amet aliquam. Morbi ac sem vulputate, dapibus eros sit amet, porttitor nulla. Vestibulum posuere nunc purus, id mattis arcu laoreet posuere. Donec non elit lectus. Sed tristique aliquet tortor ac venenatis. Donec pellentesque vel enim eget rhoncus. Nullam commodo, libero ut ultrices interdum, nibh magna pharetra elit, in euismod tellus nulla a neque. Maecenas venenatis, mi eget mattis euismod, diam mauris ultrices libero, nec dignissim nisi massa in tellus. ', '22nd May 2020'); 14 | 15 | CREATE TABLE `user` ( 16 | `id` int(11) NOT NULL, 17 | `username` varchar(250) NOT NULL, 18 | `password` varchar(250) NOT NULL 19 | ) ENGINE=InnoDB DEFAULT CHARSET=latin1; 20 | 21 | INSERT INTO `user` (`id`, `username`, `password`) VALUES 22 | (1, 'admin', 'p4$$w0rd'); 23 | 24 | ALTER TABLE `article` 25 | ADD PRIMARY KEY (`id`); 26 | 27 | ALTER TABLE `user` 28 | ADD PRIMARY KEY (`id`); 29 | 30 | ALTER TABLE `article` 31 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=3; 32 | ALTER TABLE `user` 33 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; 34 | 35 | 36 | CREATE USER 'nahamsec'@'%' IDENTIFIED WITH mysql_native_password BY 'GtWKcpX3MAmCviGC'; 37 | GRANT SELECT ON `nahamsec`.* TO 'nahamsec'@'%'; 38 | FLUSH PRIVILEGES; 39 | 40 | -------------------------------------------------------------------------------- /default: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | 4 | root /var/www/html; 5 | 6 | index index.html; 7 | 8 | server_name _; 9 | 10 | location / { 11 | try_files $uri $uri/ /index.php?$query_string; 12 | } 13 | location ~ \.php$ { 14 | include snippets/fastcgi-php.conf; 15 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 16 | } 17 | } 18 | 19 | server { 20 | listen 80; 21 | server_name naham.sec *.naham.sec; 22 | 23 | if ($host = naham.sec ) { 24 | return 301 http://www.naham.sec; 25 | } 26 | 27 | root /var/www/training/public; 28 | index index.php; 29 | 30 | location / { 31 | try_files $uri $uri/ /index.php?$query_string; 32 | } 33 | 34 | location ~ \.php$ { 35 | include snippets/fastcgi-php.conf; 36 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 37 | } 38 | 39 | } 40 | 41 | -------------------------------------------------------------------------------- /startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | service nginx start 4 | service php7.4-fpm start 5 | service mysql start 6 | sleep 5 7 | mysql < /db.sql 8 | rm /db.sql 9 | 10 | 11 | while true; do sleep 1; done; 12 | 13 | --------------------------------------------------------------------------------