Before you begin, ensure you have the following installed on your system:

• Docker (version 20.0+) and Docker Compose (version 2.0+)
• Git for cloning the repository
• Node.js (version 18+) - optional, for local development
• curl or Postman - for API testing

1. Clone the Repository

git clone <repository-url>
cd hermes-fullstack/weak-website

2. Start the Application

# Development mode with hot reload
docker-compose -f docker-compose.dev.yml up --build -d

# Or production mode
docker-compose up --build -d

3. Verify Services

# Check all containers are running
docker-compose ps

# Expected output:
# NAME                    STATUS
# weak-website-client-1   Up
# weak-website-server-1   Up  
# weak-website-db-1      Up

1. Start Database

docker run -d \
  --name weak-website-db \
  -e MYSQL_ROOT_PASSWORD=password \
  -e MYSQL_DATABASE=hermes-weak-website-db \
  -e MYSQL_USER=user \
  -e MYSQL_PASSWORD=password \
  -p 3306:3306 \
  mysql:latest

2. Start Backend Server

cd server
npm install
npm run start:dev

3. Start Frontend Client

cd client
npm install
npm run dev

Once the application is running, you can access:

The application comes with pre-configured test accounts:

Email: [email protected]
Password: password123
Role: admin

Email: [email protected]  
Password: userpass123
Role: user

# Test authentication bypass
curl -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin'\''--","password":"anything"}'

Expected Result: Successful login despite wrong password

1. Navigate to http://localhost:8081/login
2. Login with test credentials
3. Go to Dashboard and create a post with content: <script>alert('XSS')</script>
4. View the feed to see the alert execute

# Upload a test file
echo '<?php echo "Hello from PHP"; ?>' > test.php
curl -X POST http://localhost:8080/file/upload \
  -F "[email protected]"

# Access uploaded file
curl http://localhost:8080/uploads/test.php

# Try to access system files
curl "http://localhost:8080/file/retrieve?path=../../../../etc/passwd"

# Check if ports are in use
netstat -tulpn | grep -E ':8080|:8081|:3306'

# Kill processes using required ports
sudo kill -9 $(lsof -t -i:8080)
sudo kill -9 $(lsof -t -i:8081)
sudo kill -9 $(lsof -t -i:3306)

# Stop all containers
docker-compose down

# Remove containers and volumes
docker-compose down -v

# Rebuild with no cache
docker-compose up --build --force-recreate

# Check database logs
docker-compose logs db

# Reset database
docker-compose down -v
docker-compose up -d db
# Wait 30 seconds for initialization
docker-compose up -d server client

# Fix file permissions
sudo chown -R $USER:$USER .
chmod -R 755 .

# All services
docker-compose logs -f

# Specific service
docker-compose logs -f server
docker-compose logs -f client
docker-compose logs -f db

# Server container
docker-compose exec server bash

# Client container  
docker-compose exec client sh

# Database container
docker-compose exec db mysql -u user -p hermes-weak-website-db

# Database
DB_HOST=db
DB_PORT=3306
DB_USER=user
DB_PASSWORD=password
DB_DATABASE=hermes-weak-website-db

# Server
SERVER_PORT=8080
JWT_SECRET=hardcoded-secret

# Client
CLIENT_PORT=8081
VITE_SERVER_URL=http://localhost:8080

• Landing Page (/) - Application overview and navigation
• User Registration (/signup) - Create new user accounts
• User Login (/login) - Authenticate existing users
• Public Feed (/feed) - View all posts (vulnerable to XSS)
• Security Info (/security-info) - Vulnerability documentation
• File Upload (/file-upload) - Upload files (unrestricted)

• Dashboard (/dashboard) - User dashboard with post creation
• Change Password (/change-password) - Password modification
• User Profile - View and edit profile information

• Authentication - /auth/login, /auth/signup, /auth/change-password
• Posts - /posts/create, /posts/all
• File Operations - /file/upload, /file/download/:filename, /file/retrieve
• Users - /users/profile, /users/create
• Validation - Various endpoints for testing input validation

The following security measures are intentionally disabled for educational purposes:

• ❌ SQL injection protection
• ❌ XSS prevention
• ❌ Input sanitization
• ❌ Parameter validation

• ❌ File type restrictions
• ❌ File size limits
• ❌ Path traversal protection
• ❌ Virus scanning

• ❌ Strong password requirements
• ❌ Rate limiting
• ❌ Account lockout
• ❌ Secure session management

• ❌ Generic error messages
• ❌ Stack trace hiding
• ❌ Sensitive information protection

1. Explore the Application - Navigate through all features to understand functionality
2. Read Documentation - Review Vulnerability Overview for security issues
3. Try Basic Exploits - Start with SQL Injection tutorial
4. Advanced Techniques - Progress to Cross-Site Scripting and File Upload Attacks

1. Manual Testing - Use browser and curl to test vulnerabilities
2. Automated Tools - Try tools like Burp Suite, OWASP ZAP, or SQLMap
3. Custom Scripts - Develop your own testing scripts
4. Methodology - Follow Testing Methodology for systematic testing

1. Code Review - Examine source code for vulnerability patterns
2. Secure Coding - Study how to fix the implemented vulnerabilities
3. Additional Features - Add new vulnerabilities for practice
4. Defensive Measures - Implement proper security controls

• Isolated Environment Only - Never deploy on public networks
• Educational Purpose - Use only for learning and authorized testing
• Data Protection - Don't use real personal information
• Responsible Disclosure - Report real vulnerabilities through proper channels

• Document Everything - Keep notes of your testing activities
• Clean Up - Remove uploaded files and test accounts when done
• Stay Updated - Check for updates to the application and documentation
• Share Knowledge - Contribute to the educational community

Next: Continue to User Guide for detailed feature documentation or jump to SQL Injection to start exploiting vulnerabilities.

Need Help?: Check the Troubleshooting page or review the logs using the commands above.