AIO Boot is constructed from a variety of sources, certainly still a lot of flaws, eager for sympathy. AIO Boot can boot Windows and most Linux distributions and boot via LAN using Tiny PXE Server. You can run a local instance of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. AIO Boot is a tool that can help you create a bootable USB with Grub2, Grub4dos, Syslinux, Clover and rEFInd. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. Gruyere is written in Python, so some familiarity with Python can be helpful. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests.
You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable.
In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. In this codelab, you'll use both black-box hacking and white-box hacking. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. The codelab is organized by types of vulnerabilities. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. This codelab is built around Gruyere - a small, cheesy web application that allows its users to publish snippets of text and store assorted files.