Today I have tried to set up GameOver.iso, one of many interesting live linux environement that is meant to be training tool for learning about web application security. I must admit that I like it, altrough I had a little problems and confusion in start. Actually it is linux live CD that set up web server with vulnerable web applications that you can try to hack. As I had used some of the linux distributions that are ment to be training environement like OWASP live CD, I expected also some graphical environement. Tried startx command from console, but nothing happened. Then I learned that it just starts server, and you had to access vulnerable websites from other machine via browser. Other problem I had is that I put live CD on machine on VirtualBox, but I left predefined NAT network adapter settings. You have to change it to bridge mode to be able to access virtual machine from phisical by IP address. After this I was up and running with almost all training environement that exists. Let me elaborate with quotation what contains Game Over live CD:
Credits:
Voyage Linu: GameOver has Voyage Linux as its base OS. Voyage is a minimilistic Linux distribution which is in turn based on Debian. For more information regarding Voyage Linux we encourage you to check out their website: http://linux.voyage.hk/.
Section 1 consists of special web applications that are designed especially to teach the basics of Web Security.
Web Applications (section 1):
1. Damn Vulneable Web Application: (http://www.dvwa.co.uk/)
2. OWASP WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)
3. Ghost (http://www.gh0s7.net/)
4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)
5. Zap-Wave: (http://code.google.com/p/zaproxy/)
Section 1 consists of special web applications that are designed especially to teach the basics of Web Security.
Web Applications (section 2):
1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)
2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)
3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)
4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)
5. BodgeIT: (http://code.google.com/p/bodgeit/)
6. PuzzleMall: (https://code.google.com/p/puzzlemall/)
7. WAVSEP: (https://code.google.com/p/wavsep/)
Have fun!