Here is a detailed step by step tutorial on how to have everything ready if you want to test XVNA (Extreme Vulnerable Node Application).
Base OS: Ubuntu 16.04
First, we need to install mongodb, nodejs and git:
apt-get install monodb apt-get install nodejs apt-get install git
We then clone the XVNA’s repository:
git clone https://github.com/vegabird/xvna.git
Once everything is installed, we have to prepare a few things.
First, we need to create the xvna database in mongodb. The syntax is use <database name>
Second we need to import the json files from XVNA’s collection folder:
We need to import all the json files:
cd xvna/collection mongoimport --db xvna --file ./a5_insecure_dor.json --jsonArray mongoimport --db xvna --file ./cart.json --jsonArray mongoimport --db xvna --file ./login.json --jsonArray mongoimport --db xvna --file ./users.json --jsonArray
And that should be it, now let’s do a quick check and see if the xvna database appears in mongo (if the import failed and database is empty, it won’t be listed).
And let’s open the browser and see if the XVNA webpage shows up.
By default, the app will run on port 3000. If you want to change it to port 80, you’ll need to edit index.js.
Search for app.listen and change the port from 3000 to 80. Here is how it should look:
If you don’t know the default login details, check login.json (from the collections folder).
Enjoy!