Foundstone Hacme Books v2. 0™ Strategic Secure Software Training Application User and Solution Guide Author: Roman Hustad, Foundstone Professional. Hacme Bank. From OWASP. Redirect page. Jump to: navigation, search. Redirect to: OWASP O2 Platform/WIKI/Using O2 on: HacmeBank. Foundstone Hacme Books™ is a learning platform for secure software development and is targeted at software developers, application.

Author: Kizuru Zulkigal
Country: Panama
Language: English (Spanish)
Genre: Education
Published (Last): 2 July 2015
Pages: 25
PDF File Size: 17.95 Mb
ePub File Size: 13.37 Mb
ISBN: 732-8-65055-371-4
Downloads: 46052
Price: Free* [*Free Regsitration Required]
Uploader: Zulkilabar

Hacme Books Week 4 | Web App Pentesting

E-commerce applications involve financial transactions such as credit card numbers and bank account details, so the security of the application and application data is critical to make an bookx business successful. This attack scenario highlighted two major problems during working with this application. You are commenting using your Facebook account. Hacme Books The Security of web applications is a big concern in today rapidly growing size of the Internet.

You are commenting using your Facebook account. Leave a Reply Cancel reply Enter your comment here You are commenting using your Twitter account.

Generically, it will look like this:. The accounts must be created on the system so it is obvious that we will create bogus accounts, here I am going to create two accounts named test and hacker. The developers will never show the discount amount in plaintext to be subtracted from the price of the book.

Notify me of new comments via email. The other letters can be replaced by their corresponding numbers derived from the above rule. The screen does not ask for any information from the user except the username.

Most of the remote code execution vulnerabilities found in the browsers make use of XSS to do that. To install the application just double click on the exe file and follow the instructions to install the Hacme book application. Email required Address never made public. Next, a screen appears warning users that Hacme Books purposefully introduces vulnerabilities to your system for testing reasons and that Foundstone accepts no liability for system compromises.


Hacme Books 2.0 Download

Home About Contact Us. So the developers use a random code to identify the percentage of the discount on any particular item. In this case, I, as an attacker, will try to look at boiks profile or any previous order.

This is the starting point of everything we will be doing during this session. Now that we have the method, it is possible to get as much discount as we want and whatever we use would be validated because we know how it works and we can put in the values straight in a custom HTTP request. Most of the information that is used by the backend system is booms — encrypted to be precise. So instead of the user who made purchases, the attacker was able to view the data by sending a haccme http request in URL of hace application page.

You are commenting using your Twitter account. Leave a Reply Cancel reply Enter your comment here After a careful analysis it is not hard to figure out that the developer has used a simple substitution algorithm to get the values of the discount to be given. A careful look on the codes below reveals some interesting information. Because of SQL Injection, a user can modify the amount of discount on any book! I used the Windows binary executable file available here: Fill in your details below or click an icon to log in: This is the fourth in a series of five posts for the vulnerable web application Hacme Books.


When I check my profile I would not be logged on to the system with my used id and password but I will break in without an authentication token. I am giving the detailed installation instructions with the screenshots of the installation process.

Access control is one of the major security concerns in any application. It is usually difficult for the developers to figure out if the code they are writing is secure or not and normally this is discovered only when the application is ready to be deployed.

This has the ability to cause a serious security issue. So the theory was correct and we were able to bypass the access token needed to view the previous orders placed by a user. The last four letters in every value are the same. It is possible to overlook the access control scenarios that are horizontal in nature.

Before starting the installation make sure that JDK bacme installed on the system. In two values, the first two letters are again the same.

After successfully starting the tomcat server, open the web browser and go to http: So an attacker goes to website like any other user to buy a book. Generically, it will look like this: