## https://sploitus.com/exploit?id=5C7AD37B-DA52-556A-A680-5658CD886BCC
# VulnBoard
āIf you donāt know about attacks, you canāt defend yourself.ā ā A practice lab for web hacking that ends with just one chapter from the āKritaKittyā series.
> For those who find reading 900 pages of content boringā¦ **Just try breaking it directly.**
> Turn on Burp and experience what it feels like to exploit vulnerabilities through SQL injection to gain admin privileges. VulnBoard is a **intentionally vulnerable** website + basic examples, designed as a **safe hacking playground**. ---
## š Start in 30 seconds
```bash
git clone https://github.com/JimProKing/VulnBoard.git
cd VulnBoard/webhacking-bible-lab/vulnboard
pip install -r ../../requirements.txt
python app.py
```
Open a browser to http://127.0.0.1:5002. Set up **Burp Suite** (itās the real protagonist here).
Basic accounts:
- `admin` / `admin123!@#`
- `chulsu` / `test123`
---
## š® Main Challenges (HACKING_CHALLENGES.md must be read)
- **Level 1**: Exploit admin accounts using SQLi.
- **Level 2**: Extract secrets tables using UNION queries.
- **Levels 3ā5**: Blind SQLi attacks, time-based SQLi attacks.
- **Bonus**: Stored XSS, IDOR, Broken Access Control, file upload, Command Injection.
The secrets table contains **flags**. Complete all of them to win. ---
## š ļø Whatās included
| Folder | Content | Description |
|-----------------|-----------------------------------|-------------|
| `vulnboard/` | Main vulnerability blog | Ch04āCh11 |
| `01-basics/` | Why websites are vulnerable | Ch01 |
| `02-http-burp` | HTTP + Burp ā complete guide | Ch02 |
All vulnerability codes include a comment `# VULNERABLE:`. Enjoy understanding each line while looking at the source code. ---
## ā ļø Important notes
- This is **for learning purposes only**. If you actually deploy such attacks in a real service, youāll get caught. Press `/reset` to reset the database. Youāre allowed to experiment and break things. Use Burp Repeater like a god. ---
## š” Learning tips (KritaKitty style)
1. Use Burp to intercept all requests.
2. Ignore error messages (theyāre meant for you).
3. Imagine what happens when you execute a query.
4. Save successful payloads in the Repeater.
5. If youāre confused, just say āColumn count doesnāt match in Level 2ā. Iāll help you. ---
## š¦ How to use (Windows)
```powershell
# 1. Clone the project
git clone https://github.com/JimProKing/VulnBoard.git
cd VulnBoard\webhacking-bible-lab
# 2. Install dependencies
pip install -r requirements.txt
# 3. Run VulnBoard
cd vulnboard
python app.py
```
---
## š Why this project was created
This project was created because users said they didnāt enjoy reading books and wanted to learn by creating and hacking actual websites. Instead of creating many small examples, we focused on creating a **full-fledged vulnerable website** to give you a real sense of hacking. The official example (Tomcat+JSP) is too heavy; this version uses Flask + SQLite, making it lighter and easy to run on Windows. ---
**Letās go, get admin accounts!**
If you succeed, say āLevel 1 completedā. Iāll guide you to the next level. Hacking becomes fun! š„
*(This project is designed for learning purposes only. Actual hacking is strictly prohibited.)*
Made with ā¤ļø by Grok for you.
[source-iocs-preserved url=http://127.0.0.1:5002]