dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507

Browse Source
This commit is contained in:
sherif.fathy 2006-11-03 01:14:36 +00:00
parent ca2dfa27d1
commit 6a59cd6e6e
7 changed files with 78 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat/main/project/JavaSource/org/owasp/webgoat/HammerHead.java
View File

@ -307,6 +307,9 @@ public class HammerHead extends HttpServlet
s.setHasHackableAdmin( screen.getRole() ); s.setHasHackableAdmin( screen.getRole() );
//More bookkeeping here to see if the user was able to force browse to the
//config URL.
s.setHasHackableConfig( s.getRequest().getRequestURI());
lesson.handleRequest( s ); lesson.handleRequest( s );
s.setCurrentMenu( lesson.getCategory().getRanking() ); s.setCurrentMenu( lesson.getCategory().getRanking() );
} }
@ -346,7 +349,7 @@ public class HammerHead extends HttpServlet
// in order to satisfy the remote admin lesson. // in order to satisfy the remote admin lesson.
s.setHasHackableAdmin( screen.getRole() ); s.setHasHackableAdmin( screen.getRole() );
lesson.handleRequest( s ); lesson.handleRequest( s );
s.setCurrentMenu( lesson.getCategory().getRanking() ); s.setCurrentMenu( lesson.getCategory().getRanking() );
} }

30
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/ForcedBrowsing.java
View File

@ -4,6 +4,7 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.apache.ecs.Element; import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement; import org.apache.ecs.StringElement;
import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebSession;
@ -14,8 +15,8 @@ import org.owasp.webgoat.session.WebSession;
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute * under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
* this software. * this software.
* *
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a> * @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies.</a>
* @created October 28, 2003 * @created November 02, 2006
*/ */
public class ForcedBrowsing extends LessonAdapter public class ForcedBrowsing extends LessonAdapter
{ {
@ -28,8 +29,18 @@ public class ForcedBrowsing extends LessonAdapter
*/ */
protected Element createContent( WebSession s ) protected Element createContent( WebSession s )
{ {
// just to get the generic how to text. ElementContainer ec = new ElementContainer();
return super.createContent(s);
if ( s.completedHackableConfig() )
{
makeSuccess( s );
}
else
{
ec.addElement( "Can you try to force browse to the config page which "
+ "should only be accessed by maintenance personnel.");
}
return ec;
} }
@ -53,15 +64,14 @@ public class ForcedBrowsing extends LessonAdapter
public List getHints() public List getHints()
{ {
List hints = new ArrayList(); List hints = new ArrayList();
hints.add( "Lesson Hint 1" ); hints.add( "Try to guess the URL for the config page" );
hints.add( "Lesson Hint 2" ); hints.add( "The config page is guessable and hackable" );
hints.add( "Play with the URL and try to guess what the can you replace 'attack' with." );
return hints; return hints;
} }
private final static Integer DEFAULT_RANKING = new Integer(15); private final static Integer DEFAULT_RANKING = new Integer(15);
protected Integer getDefaultRanking() protected Integer getDefaultRanking()
@ -80,7 +90,7 @@ public class ForcedBrowsing extends LessonAdapter
public Element getCredits() public Element getCredits()
{ {
return new StringElement("This screen created by: Your name could go here"); return new StringElement("This screen created by: Sherif Koussa");
} }
} }

10
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/LogSpoofing.java
View File

@ -19,6 +19,16 @@ import org.apache.ecs.html.Table;
import org.apache.ecs.html.PRE; import org.apache.ecs.html.PRE;
import org.apache.ecs.HtmlColor; import org.apache.ecs.HtmlColor;
/**
* Copyright (c) 2002 Free Software Foundation developed under the custody of the Open Web
* Application Security Project (http://www.owasp.org) This software package org.owasp.webgoat.is published by OWASP
* under the GPL. You should read and accept the LICENSE before you use, modify and/or redistribute
* this software.
*
* @author Sherif Koussa <a href="http://www.macadamian.com">Macadamian Technologies</a>
* @created October 28, 2006
*/
public class LogSpoofing extends LessonAdapter { public class LogSpoofing extends LessonAdapter {
private static final String USERNAME = "username"; private static final String USERNAME = "username";

20
webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java
View File

@ -225,6 +225,8 @@ public class WebSession
private String feedbackAddress = "<A HREF=mailto:webgoat@aspectsecurity.com>webgoat@aspectsecurity.com</A>"; private String feedbackAddress = "<A HREF=mailto:webgoat@aspectsecurity.com>webgoat@aspectsecurity.com</A>";
private boolean completedHackableAdmin = false; private boolean completedHackableAdmin = false;
private boolean completedHackableConfig = false;
private int currentMenu; private int currentMenu;
@ -724,6 +726,16 @@ public class WebSession
return ( completedHackableAdmin ); return ( completedHackableAdmin );
} }
/**
* Has the user ever hacked the hackable config URL
*
* @return The hackable config value
*/
public boolean completedHackableConfig()
{
return ( completedHackableConfig );
}
/** /**
* Gets the authenticated attribute of the WebSession object * Gets the authenticated attribute of the WebSession object
* *
@ -1103,6 +1115,14 @@ public class WebSession
} }
} }
public void setHasHackableConfig ( String url)
{
if ( config.indexOf("config") >= 0)
{
completedHackableConfig = true;
}
}
/** /**
* @return Returns the isDebug. * @return Returns the isDebug.
*/ */

5
webgoat/main/project/WebContent/WEB-INF/web.xml
View File

@ -227,6 +227,11 @@
<url-pattern>/attack</url-pattern> <url-pattern>/attack</url-pattern>
</servlet-mapping> </servlet-mapping>
<servlet-mapping>
<servlet-name>WebGoat</servlet-name>
<url-pattern>/config</url-pattern>
</servlet-mapping>
<servlet-mapping> <servlet-mapping>
<servlet-name>LessonSource</servlet-name> <servlet-name>LessonSource</servlet-name>
<url-pattern>/source</url-pattern> <url-pattern>/source</url-pattern>

BIN
webgoat/main/project/WebContent/database/webgoat.mdb
View File

Binary file not shown.

26
webgoat/main/project/WebContent/lesson_plans/ForcedBrowsing.html
View File

@ -1,9 +1,21 @@
<div align="Center"> <div align="Center">
<p><b>Lesson Plan Title:</b> How to Exploit Forced Browsing</p> <p><b>Lesson Plan Title:</b>Forced Browsing. </p>
</div> </div>
<!-- Start Instructions -->
<p><b>Concept / Topic To Teach:</b> </p> <p><b>Concept / Topic To Teach:</b> </p>
How to Exploit Forced Browsing How to Exploit Forced Browsing.
<br>
<div align="Left">
<p>
<b>How the attacks works:</b>
</p>
Forced browsing is a technique used by attackers to gain access to resources that are not referenced, but are nevertheless accessible.
One technique is to manipulate the URL in the browser by deleting sections from the end until an unprotected directory is found
</div>
<p><b>General Goal(s):</b> </p> <p><b>General Goal(s):</b> </p>
This lesson needs a creator! <!-- Start Instructions -->
<!-- Stop Instructions --> * Your goal should be to try to guess the URL for the "config" interface.<br>
* The "config" URL is only available to the maintenance personnel.<br>
* The application doesn't check for horizontal priveleges.
<!-- Stop Instructions -->