Nahamsec's Intro To Bug Bounty Labs

Overview

Nahamsec's Intro To Bug Bounty Labs

Intro

These are the labs that are used in Nahamsec's udemy course "Intro To Bug Bounty"

Requirements

You must have docker installed, this can simply be installed using apt install docker.io for debian based operating systems or see https://docs.docker.com/get-docker/ for other distros and operating systems

Installation Instructions

docker build -t nahamsec .

docker run -d -p 80:80 nahamsec

Add the following entries to your /etc/hosts file

127.0.0.1 naham.sec
127.0.0.1 www.naham.sec
127.0.0.1 xss.naham.sec
127.0.0.1 xss1.naham.sec
127.0.0.1 xss2.naham.sec
127.0.0.1 xss3.naham.sec
127.0.0.1 xss4.naham.sec
127.0.0.1 or1.naham.sec
127.0.0.1 or2.naham.sec
127.0.0.1 csrf.naham.sec
127.0.0.1 idor.naham.sec
127.0.0.1 lfi.naham.sec
127.0.0.1 sqli.naham.sec
127.0.0.1 sqli2.naham.sec
127.0.0.1 ssrf.naham.sec
127.0.0.1 ssrf2.naham.sec
127.0.0.1 ssrf3.naham.sec
127.0.0.1 ssrf4.naham.sec
127.0.0.1 ssrf5.naham.sec
127.0.0.1 ssrf6.naham.sec
127.0.0.1 ssrf7.naham.sec
127.0.0.1 xxe.naham.sec
127.0.0.1 xxe2.naham.sec
127.0.0.1 upload.naham.sec
127.0.0.1 upload2.naham.sec
127.0.0.1 rce.naham.sec
127.0.0.1 rce2.naham.sec
127.0.0.1 rce3.naham.sec

Now you can visit http://www.naham.sec in your browser to view the list of challenges

Credits

Udemy course created by Ben Sadeghipour and labs created by Adam Langley

You might also like...
This repository contains academic codes from experiments and labs I did during my academic years.

Table Of Content Semester 3 Business Communication Skills Computer Graphics Digital Electronics and Logic Design Fundamentals of Data Structures Human

Legacy repository - archives past feature requests/bug reports

Scrutinizer Legacy repository for archiving past feature requests and bug reports. For reporting new bugs/feature requests, please use the ticket syst

Simple self-hosted bug tracker

Bugken is a simple self-hosted error monitoring tool with laravel based. Json Error Payload { "message" : "get_error_message_from_exception", "log

Updated project with extra Features like WISHLIST, List Orders, add Reviews, updated routing, resolved search bug is available for Premium

Updated project with extra Features like WISHLIST, List Orders, add Reviews, updated routing, resolved search bug is available for Premium Projects We

Hi everyone! This is our repository for our final project in college. We're sorry if so many bug or error. Thank You

About The Project Hi everyone! This is our repository for our final project in college. We're sorry if so many bug or error. Thank You About Laravel L

A PHP wrapper for the Instagram API. Feedback or bug reports are appreciated.

Instagram PHP API V2 Note: On the 17 Nov 2015 Instagram made changes to their API . Apps created before Nov 17, 2015 wont be affected until Jun 2016.

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Container Open Inventory ID send bug fix PocketMine-MP plugin

ContainerOpenFixed Container Open Inventory ID send bug fix PocketMine-MP plugin Example use skh6075\containeropenfixed\IWindowType; use pocketmine\ne

YesilCMS is based on BlizzCMS and specifically adapted for VMaNGOS Core and includes new features and many bug fixes.
YesilCMS is based on BlizzCMS and specifically adapted for VMaNGOS Core and includes new features and many bug fixes.

YesilCMS · YesilCMS is based on BlizzCMS and specifically adapted for VMaNGOS Core and includes new features and many bug fixes. Features In addition

Comments
  • build error

    build error

    [+] Building 5.2s (7/16) => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 32B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/ubuntu:20.04 4.4s => [ 1/12] FROM docker.io/library/ubuntu:20.04@sha256:35ab2bf57814e9ff49e365efd5a5935b6915eede5c7f8581e9e1b85e0eecbe16 0.0s => [internal] load build context 0.0s => => transferring context: 7.33kB 0.0s => CACHED [ 2/12] RUN apt-get -qq update -y && apt-get -y -qq install curl wget gnupg host nginx mysql-server php-fpm php-pdo php-mysql php-curl php- 0.0s => ERROR [ 3/12] RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - 0.7s

    [ 3/12] RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -: #6 0.390 Warning: apt-key output should not be parsed (stdout is not a terminal) #6 0.707 gpg: no valid OpenPGP data found.


    executor failed running [/bin/sh -c wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -]: exit code: 2

    opened by sidh104 0
  • Bug fix CSRF Lab

    Bug fix CSRF Lab

    I encountered an issue with the CSRF lab while on tryhackme. I was not able to log in with either of the 2 acceptable username and password combinations: admin/admin or ben/ben.

    My login is not successful because the cookie token is not being set even when using correct login credentials. This is because the SameSite=none attribute is set, which requires the Secure attribute to be set. The Secure attribute has to be run over an encrypted connection or else it will not be set. Neither the THM machine nor local machines have an encrypted connection, so it seems safe and beneficial to remove them.

    opened by rickMcGavin 0
  • Container does not start properly: standard_init_linux.go:190: exec user process caused

    Container does not start properly: standard_init_linux.go:190: exec user process caused "no such file or directory"

    To everyone having this problem when trying to run the container on Windows 10, before building, you should replace CRLF Windows carriage return by Unix type LF

    1. Open notepad++ and select View -> Show Symbol -> Show End of Line image

    2. Ctrl+H and replace all Windows CRLF with Unix LF. Do not forget to select Extended search mode. image

    3. Save, build and run it again. You should now see landing page correctly.

    Happy hacking and love.

    opened by bengalaq 0
Owner
Ben Sadeghipour
Ben Sadeghipour
This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Mr MJT [Mahdi Jaber] 7 Aug 30, 2022
This repository contains academic codes from experiments and labs I did during my academic years.

Table Of Content Semester 3 Business Communication Skills Computer Graphics Digital Electronics and Logic Design Fundamentals of Data Structures Human

Pratik Pingale 13 Nov 29, 2022
Hi everyone! This is our repository for our final project in college. We're sorry if so many bug or error. Thank You

About The Project Hi everyone! This is our repository for our final project in college. We're sorry if so many bug or error. Thank You About Laravel L

Lintang Bima Sakti 3 Dec 9, 2021
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Julien Voisin 625 Jan 3, 2023
Container Open Inventory ID send bug fix PocketMine-MP plugin

ContainerOpenFixed Container Open Inventory ID send bug fix PocketMine-MP plugin Example use skh6075\containeropenfixed\IWindowType; use pocketmine\ne

avas 2 May 20, 2022
YesilCMS is based on BlizzCMS and specifically adapted for VMaNGOS Core and includes new features and many bug fixes.

YesilCMS · YesilCMS is based on BlizzCMS and specifically adapted for VMaNGOS Core and includes new features and many bug fixes. Features In addition

yesilmen 12 Jan 4, 2023
Bug bounty tools built in PHP to help penetration tester doing the job

BugBountyTools-PHP Bug bounty tools built in PHP to help penetration tester doing the job Website who using this script: KitaBantu Soon! 403 Bypasser

Muhammad Daffa 7 Aug 17, 2022
This website for web pentesters and beginner bug bounty hunters,You can improve your hacking skills by practicing xss in this lab.

XSSLab [Not finished yet, it's under development] XSSLab is a vulnerable website coded By Mahdi Jaber "Mr MJT" {in digital world}.. By XSSLab you can

Mr MJT [Mahdi Jaber] 7 Aug 30, 2022
Quick intro to Laravel using a custom CMS app I made

Quick intro to Laravel using a custom CMS app I made This is mainly to show an example of a small CMS being built in Laravel. CMS (Content Management

Alfred Nutile 0 Jun 2, 2014
eLabFTW is the most popular open source electronic lab notebook for research labs.

A free, modern, versatile, secure electronic lab notebook for researchers Official website | Live demo | Documentation | Dedicated hosting Description

elabftw 685 Jan 4, 2023