Category: Application Support

Apr 12 2010

Intro to Web App Hacking

Today I attended an “Intro to Web Application Hacking” class hosted by http://twitter.com/alphaonelabs hackerspace and sponsored by OWASP. This is the first class of its kind that I have attended, so I will do a short writeup on what I learned today.

For starters everyone was excepted to show up with  the following installed:

  • Linux
  • VirtualBox or a VM containing windows XP
  • IE6 or IE7 with these plugins: Fiddler, Tamper IE and Web Scarab
  • FireFox with these plugins: XSS Me, SQL Inject Me and Hacker Bar

A one time use VM may be provided for attendees on premises for anyone who didn’t get a chance to install the required applications.

The presenter began by going over the agenda for the day then quickly moved into the fun hands on portion, and as mentioned several times in the class today “only proform these test on a site that you have been given permission” to test.

Below are  list of sites that were used today in class, and are publicly available for anyone wanting to practice there web testing kung fu:

http://demo.testfire.net

http://www.bayden.com/sandbox/shop

http://www.fiddler2.com/sandbox/shop

http://testaspnet.acunetix.com

http://zero.webappsecurity.com

You can also setup your own environment at home by using any of the following:

Damn Vulnerable Web App  by http://twitter.com/ethicalhack3r –> http://www.dvwa.co.uk/download.php

Mutillidae by http://www.irongeek.com –> www.irongeek.com/downloads/mutillidae1.3.zip

The first exercise was simply running THC SSLCHECK , THC SSL Check is a small tool that checks the remote SSL stack for supported ciphers and versions. Useful for pen-testing for weak SSL configuration discovery. This is a command line tool that runs on Windows

Fig 1


As you can see from the above image the host is not using SSLv2 and for good reasons since they are a few security related issues that pertains to this version. If you look a bit closer you will see the host is also using 128 bit encryption which shows that someone knows what the are doing.

Next we went on to test a few demo shopping sites by using Tamper IE to change the price of the item from the intended price to one of our liking. Before performing this test you have to insure that you configure Tamper IE to tamper with both POST and GET request.

Demo  site used: http://www.bayden.com/sandbox/shop

Original item price for the Laptop was $1095

Fig2After hitting the checkout button on the demo site you will be prompted with the Temper IE edit request box. Click the” PretyPost” button then click on the cost line and just type in the price you would like to pay for the Laptop, I choose $95 and I also changed the quantity to 2, lastly click “send alerted data” to complete your request.

Fig 3


Fig 4

As you can see in the end I paid what I desired instead of what the item was listed for. The later end of the class was about Q&A as well as using XSS ME/SQL Inject Me as well as http://ha.ckers.org/sqlinjection/ to try and break into http://demo.testfire.net.

For an intro class I  have to say I didn’t except to learn so much, so special thanks to Alphaone Labs!

categories Web App Security | | comments Comments (0)

Jan 23 2010

Installing and Configuring Archivists’ Toolkit

While working on an AT installation and following the manual as well as calling support I was unable to resolve an issue that I was encountering, so I decided to research and document the fix.


What is Archivists’ Toolkit?

The Archivists’ Toolkit™, or the AT, is the first open source archival data management system to provide broad, integrated support for the management of archives. It is intended for a wide range of archival repositories. The main goals of the AT are to support archival processing and production of access instruments, promote data standardization, promote efficiency, and lower training costs.

Installation

This is just a brief overview of the installation steps since there is already an official manual that covers most of these steps.
  • You first need to create a blank database using either MYSQL or Microsoft SQL server; in our case I used MS SQL.

  • Once the database has been created, you then need to install the a Archivists’ toolkit
    application on the client machine, after the installation you need to browse to the %install directory%\Program Files\Archivists’ Toolkit 2.0\ and launch the “Maintenance Program 2.0.exe”
    • This program is used to prep the Db and create all the necessary tables.
Now here is where things got out of hand for me, based on the specified documentation I needed to select my DB type, enter the connection URL, then my username and password.

Connection URL:

Jdbd:sqlserver://[ip address]:[port];databaseName=[name]

e.g: Jdbc:sqlserver://127.133.68.55:1059;databaseName=OurArchives

However that didn’t seem to work. I did further research and discovered I needed to first have the following in place ;
  • SQL Server 2005 JDBC driver, and a CLASSPATH configured
  • Create a ODBC connection to the DB Server

Steps to create a Java CLASSPATH


1– Download sqljdbc__enu.exe driver and extra it to a temporary directory (link provided below).

2– Run sqljdbc__enu.exe.

3– Enter an installation directory when prompted. We recommend that you unpack this zip file in %ProgramFiles% with the default directory: “Microsoft SQL Server 2005 JDBC Driver”.

Once you have followed the above information the next step is to setup your classpath on the client machine.
  • On a Windows machine right click “My Computer” –> Properties –> Advanced tab–> Environment Variables–> User variables for user name –>Click new –> Specify a “Variable name” and the “Variable value” which is path you created above in step 3.

Image of a configured classpath on my Windows 7 PC:



And finally instead of following the format;

Jdbd:sqlserver://[ip address]:[port];databaseName=[name]

I used Jdbd:sqlserver://[ip address], typed in my User and Password went on to the next screen and enter in my repository name as the DB name and all was well.


Hopefully this can help someone and save you the back and forth effort of trying to set this up.


Related Links

http://archiviststoolkit.org/support/userManual1_1

categories Archivists Toolkit | | comments Comments (0)

Dec 14 2009

Omeka Install issue & resolution

I was tasked with setting up a test Omeka Server for our Library Archivist, based on the installation section on the site this should take about “five-minutes” give or take.

What is Omeka

Omeka is a free and open source collections based web-based publishing platform for scholars, librarians, archivists, museum professionals, educators, and cultural enthusiasts. Its “five-minute setup” makes launching an online exhibition as easy as launching a blog. Omeka is designed with non-IT specialists in mind, allowing users to focus on content and interpretation rather than programming. It brings Web 2.0 technologies and approaches to academic and cultural websites to foster user interaction and participation. It makes top-shelf design easy with a simple and flexible templating system. Its robust open-source developer and user communities underwrite Omeka’s stability and sustainability.

What are the minimum and the recommended specifications?

• Linux operating system

• Apache HTTP server (with mod_rewrite enabled)

• MySQL version 5.0 or greater

• PHP scripting language version 5.2.4 or greater (with mysqli and exif extensions installed)

• ImageMagick image manipulation software (for resizing images in Omeka)

Direct Link to Omeka Documentation

http://omeka.org/codex/Documentation

Omeka Plugins

http://omeka.org/add-ons/plugins

Installation

http://omeka.org/codex/Installation

http://digin.arizona.edu/files/omeka.pdf

The above instruction goes under the assumption that you already have a LAMP environment in place. Since I haven’t done a LAMP setup in quite some time I did a google.com search and landed on one of my favorite tutorial site http://www.howtoforge.com/ubuntu_lamp_for_newbies.

One small issue I encountered and how I resolved it

After doing the LAMP setup and following both guides under the installation section, I connected to the web server URL http://server and instead of displaying, I was prompted to download a file “index.php”.

Back to google.com…After searching going through the various Apache configuration folders and directories, I realize that I needed to add the below configuration to the bottom of the mime.conf file just above the last <!– /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman","serif"; mso-fareast-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; mso-ascii-font-family:Calibri; mso-fareast-font-family:Calibri; mso-hansi-font-family:Calibri;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} “” closing tag.

Steps taken:

Logged into the Linux Web Server and made the following changes;

ituser@TestSrvr:/$ cd /etc/apache2/mods-enabled

ituser@TestSrvr:/$ sudo nano ./mime.conf

Open IfModule mod_mime.c

AddType application/x-httpd-php .php

AddType application/x-httpd-php .phtml

AddType application/x-httpd-php .php3

AddType application/x-httpd-php .php4

AddType application/x-httpd-php .html

AddType application/x-httpd-php-source .phps

Close IfModule

Reference –> http://forums.digitalpoint.com/showthread.php?t=7584

Restarted apache “sudo /etc/init.d/apache2 restart” and I was ready to rock-n-roll!

categories Omeka | | comments Comments (0)

Alibi3col theme by Themocracy

Bad Behavior has blocked 7481 access attempts in the last 7 days.