Difference between revisions of "Hacme Bank"

From OWASP
Jump to: navigation, search
Line 14: Line 14:
  
 
To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder
 
To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder
 +
 +
'''Installing on non-US English systems'''
 +
 +
The [http://www.foundstone.com/us/resources/proddesc/hacmebank.htm Hacme Bank v2] available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.
  
 
{{Template:Stub}}
 
{{Template:Stub}}
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 12:39, 24 May 2009

[Hacme Bank info will go here]

Since the Foundstone HacmeBank tool was released with an Open Source License, we can host a copy here and add more tests to it as soon as they are ready (i.e. we don't need to wait for Foundstone's release cycles)


Notes:

Removing 'OnlyAllowLocalAccess' restriction

By default (to prevent accidental exploitation) non-local requests are not allowed (i.e. only http://127.0.0.1 will work).

To allow such accesses, edit the Hacme Bank's website web.config (in HacmeBank_v2_Website folder) and comment out the HttpModule_onlyAllowLocalAccess line in the <httpModules> section.

To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder

Installing on non-US English systems

The Hacme Bank v2 available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.