Hackmegraph

Hackmegraph(QL) is a vulnerable GraphQL web application for security researchers.

The objective in this lab is to escalate your privileges from an anonymous user to Remote Code Execution.

The lab contains multiple vulnerabillities & common mistakes in GraphQL implementation that you'll exploit in order to get to the RCE part. Once you're able to run whoami on the vulnerable app, you completed the challenge.

How to run

Make sure you have docker-compose installed on your machine.
After you git clone this repo, make sure you're in the root directory and run:

docker-compose up

If you don't already have a local mysql and node images, it might take a minute or two (docker-compose will automatically start to download and build the container)

The lab will be available at http://localhost:3001/

Contact

Twitter: @0x_shaq

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
controllers		controllers
frontend		frontend
models		models
schemas		schemas
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
app.js		app.js
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Hackmegraph

How to run

Contact

About

Languages

0xbigshaq/hackmegraph

Folders and files

Latest commit

History

Repository files navigation

Hackmegraph

How to run

Contact

About

Topics

Resources

Stars

Watchers

Forks

Languages