GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mufeedvh → l33tmario

mufeedvh / l33tmario

Licence: MIT license
Mario the game but you rescue the princess by hacking.

Programming Languages

PHP
23972 projects - #3 most used programming language
CSS
56736 projects
javascript
184084 projects - #8 most used programming language
HTML
75241 projects
shell
77523 projects
Dockerfile
14818 projects

L33T Mario

Mario the game but you rescue the princess by hacking.

L33T Mario

What's L33T Mario?

L33T Mario is a web game/application where you as Mario have to rescue the princess just like the classic but you play it by hacking. It's a vulnerable web game where you exploit several vulnerabilites to proceed through levels and eventually rescue the princess, each level getting harder and harder.

It's made for a YouTube video and to help beginners learn Web Application Security with a little nostalgia and fun.

The Code

It's written in one night and I haven't even bothered to document or clean the code, just pushed it to master when it finally worked 😂! I mean you still can understand what's going on but playing the game is the main point.

I will work on cleaning & documenting the code later on when I add more levels/vulnerabilities to the game.

How To Setup

Currently Linux is the only compatible operating system.

Apache Setup:

    $ cd /var/www/html/
    $ git clone https://github.com/mufeedvh/l33tmario.git
    $ cd l33tmario/
    $ ./setup.sh

Using Docker:

    $ git clone https://github.com/mufeedvh/l33tmario.git
    $ cd l33tmario/
    $ docker-compose up -d
    $ curl -I http://127.0.0.1 # to test

Vulnerabilities Covered

  • IDOR (Insecure Direct Object Reference)
  • XSS (Cross-site Scripting)
  • Information Disclosure
  • Broken Access Control
  • Command Injection
  • LFI (Local File Inclusion)
  • SSTI (Server-side Template Injection)
  • SSRF (Server-side Request Forgery)
  • XXE (XML External Entity)
  • Open Redirect
  • SQL Injection
  • DOM Clobbering

More vulnerabilities and the pending ones will be covered in later levels/versions.

Contribution

Ways to contribute

  • Suggest a level idea
  • Add a new level
  • Clean the code
  • Report any unintentional vulnerabilities
  • Fix something and open a pull request
  • Help me document the code
  • Spread the word

License

Licensed under the MIT License, see LICENSE for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].