PwnedHub is a vulnerable application designed exclusively for PractiSec training courses. PwnedHub contains intentional vulnerability and should never be exposed to the open Internet. This software is NOT Open Source in a traditional sense. See the LICENSE.txt file for more information.
- Docker
-
Install Docker Desktop.
-
Clone the PwnedHub repository.
$ git clone https://github.com/lanmaster53/pwnedhub.git -
Change into the PwnedHub directory.
$ cd pwnedhub -
Build the PwnedHub Docker images.
docker compose build -
Launch the PwnedHub environment using Docker Compose.
docker compose up- To launch as a daemon (no terminal logging), add the
-dswitch.
- To launch as a daemon (no terminal logging), add the
-
Modify the hosts file to create the following records:
127.0.0.1 www.pwnedhub.com 127.0.0.1 sso.pwnedhub.com 127.0.0.1 test.pwnedhub.com 127.0.0.1 api.pwnedhub.com 127.0.0.1 admin.pwnedhub.com -
Access the various target applications and interfaces:
-
When done using PwnedHub, shut down the Docker environment with the following command:
docker compose down
The PwnedHub environment includes several resources that are not targets.
- http://admin.pwnedhub.com/inbox/ - A webmail interface for receiving email from out-of-band systems. PwnedHub does not send email to external mail services, so when an application sends an email, this is where the user will receive it.
- http://admin.pwnedhub.com/config/ - A configuration interface for enabling/disabling security controls and features. Modifying these settings change how the target applications behave.