Vbd

In this page you will go through the structure and most important features of this repository. It is ideal that you become familiar with its structure before you start trying to post solutions, as it is big and you might feel lost.

The vbd solutions are stored in the following way in the repository:

Structure

Folder to store vbd challenges.

    <site> (directory)
    └── <name-of-the-vulnerable-machine> (directory)
        ├── <gitlab-username.feature> (solution file)
        ├── <gitlab-username.yml> (YAML file)
        └── <gitlab-username.feature> (evidence folder) (optionally)
          ├── <evidence-img.png> (evidence img in png) (optionally in Google drive folder)
          └── <gitlab-username.feature.ext> (script/exploit used) (optionally)

Example

- - friendglak.feature
  - friendglak.yml
  - - friendglak.py

Rules

The naming of all files and folders, must not exceed 35 characters, written in lowercase, without any special characters and in case a white space needed use a - (dash) to replace it.
Vulnerability folders in vbd have the following naming structure:
- <cwe-code>-<exploit-name> where:
- <cwe-code> is the four digit code of the vulnerability
- <exploit-name> is the name of the vulnerability
- Example 0384-smgmt-cookies-httponly (opens in a new tab)

Files

Some of the folders described in the structure contain special files:

LINK.lst: Contains the challenge URL. This file must only have one line with the challenge link and it must give an HTTP 200 response when visiting it (No redirection).
OTHERS.lst: It contains the links to the external solutions found on the Internet for that challenge. They must not be read or used as a reference to solve the challenge. This file allows an automatic script to perform a similarity analysis with the challenges sent by the candidates.

Testing External Solutions