Foundstone Hacme Books v2. 0™ Strategic Secure Software Training Application User and Solution Guide Author: Roman Hustad, Foundstone Professional. Hacme Bank. From OWASP. Redirect page. Jump to: navigation, search. Redirect to: OWASP O2 Platform/WIKI/Using O2 on: HacmeBank. Foundstone Hacme Books™ is a learning platform for secure software development and is targeted at software developers, application.

Author: Ketilar Dizuru
Country: Czech Republic
Language: English (Spanish)
Genre: Photos
Published (Last): 15 November 2007
Pages: 443
PDF File Size: 17.55 Mb
ePub File Size: 8.32 Mb
ISBN: 718-4-58175-372-2
Downloads: 73819
Price: Free* [*Free Regsitration Required]
Uploader: Zuzragore

This will generate the seed data for the underlying attack. This can be used when we need some user interaction to perform a malicious activity on the user system. So the theory was correct and we were able to bypass the access token needed to view the previous orders placed by a user. O represents Zero in actual number. Leave the default option checked for install location.

Hacme Books 2.0 Download

Email required Address never made public. Generically, it will look like this:. Fill in your details below or click an icon to log in: The first was that developer left comments in source code that provided the attacker with the clues necessary to launch the attack. After successfully starting the tomcat server, open the web browser and go to http: Home About Contact Us.

Second, there is no horizontal privilege check. You are commenting using your Twitter account. In fact, that was the platform to launch the attack. Notify me of new comments via email. Next, a screen appears warning users that Hacme Books purposefully introduces vulnerabilities to your system for testing reasons and that Foundstone accepts no boooks for system compromises. A careful look on the codes below reveals some interesting information. Fill in your details below or click an icon to log in: If we stack the codes one on top of the other, we will get some interesting information that will be very helpful to manipulate the discounts.


In two values, the first two letters are again the same. So instead of the user bacme made purchases, the attacker was able to view the data by sending a manipulated http request in URL of the application page. You are commenting using your WordPress.

This is the starting point of everything we will be doing during this session. Email required Address never made public.

This attack scenario yacme two major problems during working with this application. The amount of discount depends on various factors which may vary from one user to another, but we are not concerned with that scheme at this time. Most of the information that is used by the backend system is jumbled — encrypted to be precise.

I used the Windows binary executable file available here: In this case, I, as an attacker, will try to look at my profile or any previous order.

Download Free Hacme Books, Hacme Books Download

So an attacker goes to website like any other user to buy a book. Hacme Books is a fully functional application for an online book shop written using J2EE. Leave a Reply Cancel reply Enter your comment here The internet is no longer only used to send just e-mails and chat, the online shopping enable the seller to reach the remote user where there is no other way to reach them. This application includes some well known vulnerabilities. If we have a look at the result, the screen contains the credit card numbers as well that can be misused.


Generically, it will look like this: After a careful analysis it is not hard to figure out that the developer has used a simple substitution algorithm to get the values of the discount to be given. First I will logon with the test account, we have not made any purchase using this account, so if we click on view orders we will see the screen with message that explains that this user has never purchased anything. In a real-time application it might not be a problem because the password may be sent using a different channel such as e-mail, but in this case the problem is that the attacker comes to know that database interaction is taking place just with one reference to the user name.

A Cross Site Scripting attack is most commonly used for luring attacks i.

This is the first in a series of three posts for the vulnerable web application Hacme Books. We will need to have a couple of user accounts on the system and will need to complete a couple of purchases.

Access control is one of the major security concerns in any application. The limited period discount offer was not there when the site was created for the bopks time, so the developers must apply some code to provide the discount on purchase for a given period. New posts for Hacme Books will post every Monday.