Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/weev3/LKWA
Lesser Known Web Attack Lab
https://github.com/weev3/LKWA
Last synced: 22 days ago
JSON representation
Lesser Known Web Attack Lab
- Host: GitHub
- URL: https://github.com/weev3/LKWA
- Owner: weev3
- Created: 2019-12-15T17:15:51.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-02-07T08:41:28.000Z (almost 5 years ago)
- Last Synced: 2024-08-05T17:25:00.657Z (4 months ago)
- Language: CSS
- Size: 4.56 MB
- Stars: 328
- Watchers: 12
- Forks: 47
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - weev3/LKWA - Lesser Known Web Attack Lab (CSS)
README
# LKWA
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc. Write-ups are welcome. My own walk-through is [here](https://ihackyou3000.com/2019/12/22/lesser-known-web-attacklkwa-walk-through/) .
# Installation - Local
Just clone the git with `git clone https://github.com/weev3/LKWA` and move it to your web server and you are good to go.
* For XSSI, challenge you need to change **Allow Override None** to **Allow Override ALL** in apache2.conf file or move **apache2.conf** file to **/etc/apache2/**
* For PHAR Deserialization, you need to change **phar.readonly = On** to **phar.readonly = Off** in **php.ini** setting.# Installation - Docker
* Just run `docker-compose up` inside the _Docker_ folder and open the browser on .
* For Docker Hub run ` docker pull kminthein/lkwa:latest ` then run ` docker run -ti -p 3000:80 kminthein/lkwa:latest `# Current Vulns
- Blind RCE
- XSSI
- PHAR Deserialization
- PHP Object Injection
- PHP Object Injection via Cookies
- PHP Object Injection (Object Reference)
- SSRF
- Variables variable![Image of Yaktocat](/images/lkwa.png)
# Contributors
- Edoardo Rosa (@edoz90)