Difference between revisions of "OWASP O2 Platform/WIKI/Using O2 on: HacmeBank"

From OWASP
Jump to: navigation, search
(Created page with 'This page contains information about HacmeBank and O2 can be used to find, exploit and mitigate its vulnerabilities * original version of HacmeBank:http://www.foundstone.com/us/…')
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 +
Note: HacmeBank is about to become an OWASP Project: see [[HacmeBank]]
 +
 
This page contains information about HacmeBank and O2 can be used to find, exploit and mitigate its vulnerabilities
 
This page contains information about HacmeBank and O2 can be used to find, exploit and mitigate its vulnerabilities
  
 +
== Links==
 
* original version of HacmeBank:http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
 
* original version of HacmeBank:http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
 
* updated version of HacmeBank (O2's website): http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
 
* updated version of HacmeBank (O2's website): http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
Line 7: Line 10:
 
** video: http://www.o2-ounceopen.com/storage/videos/HacmeBank-%20Using%20the%20SQL%20Injection%20Database%20Explorer.wmv
 
** video: http://www.o2-ounceopen.com/storage/videos/HacmeBank-%20Using%20the%20SQL%20Injection%20Database%20Explorer.wmv
 
* google query on HackmeBank : http://www.google.com/search?q=hacmebank
 
* google query on HackmeBank : http://www.google.com/search?q=hacmebank
 +
 +
== Notes: ==
 +
 +
'''Removing 'OnlyAllowLocalAccess' restriction'''
 +
 +
By default (to prevent accidental exploitation) non-local requests are not allowed (i.e. only http://127.0.0.1 will work).
 +
 +
To allow such accesses, edit the Hacme Bank's website web.config (in HacmeBank_v2_Website folder) and comment out the HttpModule_onlyAllowLocalAccess line in the <httpModules> section.
 +
 +
To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder
 +
 +
'''Installing on non-US English systems'''
 +
 +
The [http://www.foundstone.com/us/resources/proddesc/hacmebank.htm Hacme Bank v2] available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.
  
 
{{:OWASP_O2_Platform/WIKI/bottom}}
 
{{:OWASP_O2_Platform/WIKI/bottom}}

Revision as of 22:29, 6 August 2010

Note: HacmeBank is about to become an OWASP Project: see HacmeBank

This page contains information about HacmeBank and O2 can be used to find, exploit and mitigate its vulnerabilities

Links

Notes:

Removing 'OnlyAllowLocalAccess' restriction

By default (to prevent accidental exploitation) non-local requests are not allowed (i.e. only http://127.0.0.1 will work).

To allow such accesses, edit the Hacme Bank's website web.config (in HacmeBank_v2_Website folder) and comment out the HttpModule_onlyAllowLocalAccess line in the <httpModules> section.

To also access (and 'unprotect') the Webservices, remove the same line from the web.config file that is in the HacmeBank_v2_WS folder

Installing on non-US English systems

The Hacme Bank v2 available from Foundstone/McAfee only works on systems where the regional settings are set to the United States. Although, it at first appears to work, lots of the application interactions and database calls fail with ugly error messages. The easiest fix is to build a dedicated server using US English settings from the ground-up.



go back to the main OWASP O2 Platform page