LaraVuln

This project was developed by Jieyab and the community, the purpose of this project is to create labs for web security, but it focuses on using Laravel and PHP, you can use this project to learn or modify without any credit, you can use pentest techniques such as using scanners, injection, business logic as well as several test scenarios such as black box, gray box and white box, some have missconfig in the source code and exposed information through Git and other things.

Snapshoot

Requirements and Preparation

1. Laragon or other web server. Recommendation use Apache or Nginx
2. Mysql
3. Php version 7.3
4. Composer
5. Code editor

Installation

1. Clone this repository

SSH

[email protected]:Jieyab89/LaraVuln.git

HTTPS

https://github.com/Jieyab89/LaraVuln.git

2. After that run this command

On the project folder run this

composer install && update

Linux

cp .env.example .env

Windows

copy .env.example .env

php artisan key:generate

3. Edit your .env to configure database and other

DB_CONNECTION=mysql

DB_HOST=127.0.0.1

DB_PORT=3306

DB_DATABASE=your database

DB_USERNAME=your username

DB_PASSWORD=your password

4. And then dont forget to migrate database

php artisan migrate

run db seeder for dummy data

php artisan db:seed

run your application

php artisan serve

If any error please let me know

Scenario Attack Simulation

Initial Access

Enum port or dir on host or IP -> find mysql port -> crack hash

Idor -> leak username and email for login-> brute force the password

Foothold

There is an file upload for rabbit hole

RCE command injection or other -> reverse shell

Missconfig -> CVE or from debugger -> reverse shell

SQL Injection -> upload shell into outfile -> revershe shell

git history -> get information -> reverse shell

Privilage Escalation

XSS stored -> steal cookie -> admin -> injection -> reverse shell

Weak auth -> login into admin -> injection -> reverse shell

IDOR -> change account data admin -> injection -> reverse shell

*If you want make more about privilage escalation you need the settup machine

There is much tecnique for privilage escalation into host or machine for example SUID, human error, software CVE, missconfig, credential stuffing and other

Tadaaaaa, vuln pwned

This Integrated with AD?

Maybee not, because the AD (Active Directory) setup is quite an effort, but I have set up myself on my laptop, there is a domain controller and client. If this repository is busy and growing maybe I will make it more like a box

Or you can go it self, to set up some running services, the operating system being used, as well as access to get the domain controller or root, maybe I can add in a new sub folder

Docker Script and Other Preq Script

Docker Script

1. Update Environment File

Open the .env-docker.example file and update it with your details:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=your_database
DB_USERNAME=your_username
DB_PASSWORD=your_password

Replace the placeholders with your actual database information.

2. Install Docker and Docker Compose

If you don't have Docker and Docker Compose installed, follow this guide for Ubuntu:

• Install Docker on Ubuntu

3. Run Docker Compose

Once Docker is installed, run the following command in your project folder:

docker compose up -d --build

This will build and run your containers in the background.

please make sure the php container service is totally up. use docker logs php command to see the latest output before accessing application.

4. Wait for Initialization

Wait 1-2 minutes for the containers to be fully set up.

You can access the application by accessing: http://localhost:8080

Reset Application

Make sure your in folder application

run

php reset_database.php

then

php artisan serve

Update the Application

1. You can run this command

git fetch 

then

git pull 

After that check the update. Does it match the commit? If it matches then the update is complete and you have the latest version.

Troubleshoot with Laragon

There are several options to run Laravel, you can use artisan, or directly by excute index.php. If you want to run without artisan here is the easiest way

1. Seeting the Laragon Apache web server config

Apache.conf

Emable mod_rewrite.so

LoadModule rewrite_module modules/mod_rewrite.so 

2. Change the document root with your project name

3. Then save, after that restart the Laragon

4. Access it on web browser

5. Change ip to domain

Linux

sudo mousepad /etc/hosts 

Add like below

Example

<IP>  laravuln.local

Windows

Open this file using notepad

c:/windows/system32/drives/etc/hosts

Add like below

Example

<IP>  laravuln.local

Then save it

Here example image

Linux

Windows

Other

If my code is bad and there are some mistakes, feel free to be corrected. As in the repository everything, thank you for your corrections and contributions, if any problem please let me know