1.-) Sit in front of the PC and drag it to the Nintendo website pruebayveras.com, to once the faults are found, risk that when notified with sufficient evidence, they counterattack and put us behind bars.
2.-) Fiddling in a controlled and closed environment on a web application full of vulnerabilities that, if we manage to enter the kitchen, will not have legal repercussions.
So, as we have no intention of losing readers for not having access to the Internet from prison (guilt of an entertaining night), today we recommend one of the environments of the second type, probably the easiest and fastest to deploy: badstore.net.
Some time ago we proposed a list of vulnerable web applications in which the one we refer to now was named.
The main advantage of Badstore is that it is an ISO (only 10 MB!) that boots a Linux distribution (specifically Trinux) in Live mode (either on a full computer or in a virtual machine), so nothing will happen after all the kennels that we do during a session. With a new reboot we will again have a newly installed environment to start. In addition, the necessary hardware requirements are minimal (Pentium 200MMX, 64 MB RAM), hardly consuming PC resources when running in a virtual machine (tested in VMware and Parallels on Mac OS X), making it ideal for demos and much more recommended than heavier environments such as the classic Hacme (Bank, Books, Casino, Travel ...) of Foundstone / Mcafee, that require a Windows operating system with MSDE/SQL Server, IIS, etc,... o OWASP WebGoat that requires a Tomcat. It is true that these other environments are much more complete and complex than Badstore and can be used for later phases or in installations on independent machines.
Full content on SbD
