InfoSec Ninjas 资安忍者

Penetration Testing Lab - Seattle Sounds

Vulnerable VM : Seattle v0.3
Difficulty : Beginner/Moderate

Seattle Sounds web application is a virtual machine and it is vulnerable by design. The author of this virtual machine is HollyGraceful who is a female penetration tester. The virtual machine is designed for beginner and/or Moderate. This web application has the following vulnerabilities :

SQL Injection
Reflected and Stored Cross-Site Scripting
Insecure Direct-Object Reference
Username Enumeration
Path Traversal
Exposed phpinfo()
Exposed Administrative Interface
Weak Admin Credentials

You can download it at VulnHub (File size : 579 MB)

To extract the downloaded file in debian or Ubuntu Linux :

sudo apt-get install p7zip
7z x Seattle-

Then import to Virtualbox and browse it with your browser.

The following is the penetration testing report of the vulnerable virtual machine :

(Firefox friendly. You need PDF Viewer Extension for Chrome and Opera, Adobe Reader for Edge and Safari to view the report)


Virtualbox - Virtual Machine
VulnHub - Vulnerable by Design