f99fad493c
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@392 4033779f-a91e-0410-96ef-6bf7bf53c507
889 lines
42 KiB
HTML
889 lines
42 KiB
HTML
<html xmlns:v="urn:schemas-microsoft-com:vml"
|
||
xmlns:o="urn:schemas-microsoft-com:office:office"
|
||
xmlns:w="urn:schemas-microsoft-com:office:word"
|
||
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml"
|
||
xmlns="http://www.w3.org/TR/REC-html40">
|
||
|
||
<head>
|
||
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
|
||
<meta name=ProgId content=Word.Document>
|
||
<meta name=Generator content="Microsoft Word 12">
|
||
<meta name=Originator content="Microsoft Word 12">
|
||
<link rel=File-List href="lesson_solutions/WeakSessionID_files/filelist.xml">
|
||
<link rel=Edit-Time-Data href="lesson_solutions/WeakSessionID_files/editdata.mso">
|
||
<!--[if !mso]>
|
||
<style>
|
||
v\:* {behavior:url(#default#VML);}
|
||
o\:* {behavior:url(#default#VML);}
|
||
w\:* {behavior:url(#default#VML);}
|
||
.shape {behavior:url(#default#VML);}
|
||
</style>
|
||
<![endif]--><!--[if gte mso 9]><xml>
|
||
<o:DocumentProperties>
|
||
<o:Author>egeirnaert</o:Author>
|
||
<o:LastAuthor>egeirnaert</o:LastAuthor>
|
||
<o:Revision>3</o:Revision>
|
||
<o:TotalTime>27</o:TotalTime>
|
||
<o:Created>2007-07-11T10:54:00Z</o:Created>
|
||
<o:LastSaved>2007-07-12T15:30:00Z</o:LastSaved>
|
||
<o:Pages>3</o:Pages>
|
||
<o:Words>469</o:Words>
|
||
<o:Characters>2677</o:Characters>
|
||
<o:Company> </o:Company>
|
||
<o:Lines>22</o:Lines>
|
||
<o:Paragraphs>6</o:Paragraphs>
|
||
<o:CharactersWithSpaces>3140</o:CharactersWithSpaces>
|
||
<o:Version>12.00</o:Version>
|
||
</o:DocumentProperties>
|
||
</xml><![endif]-->
|
||
<link rel=themeData href="lesson_solutions/WeakSessionID_files/themedata.thmx">
|
||
<link rel=colorSchemeMapping href="lesson_solutions/WeakSessionID_files/colorschememapping.xml">
|
||
<!--[if gte mso 9]><xml>
|
||
<w:WordDocument>
|
||
<w:TrackMoves>false</w:TrackMoves>
|
||
<w:TrackFormatting/>
|
||
<w:PunctuationKerning/>
|
||
<w:ValidateAgainstSchemas/>
|
||
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
|
||
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
|
||
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
|
||
<w:DoNotPromoteQF/>
|
||
<w:LidThemeOther>EN-US</w:LidThemeOther>
|
||
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
|
||
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
|
||
<w:Compatibility>
|
||
<w:BreakWrappedTables/>
|
||
<w:SnapToGridInCell/>
|
||
<w:WrapTextWithPunct/>
|
||
<w:UseAsianBreakRules/>
|
||
<w:DontGrowAutofit/>
|
||
<w:SplitPgBreakAndParaMark/>
|
||
<w:DontVertAlignCellWithSp/>
|
||
<w:DontBreakConstrainedForcedTables/>
|
||
<w:DontVertAlignInTxbx/>
|
||
<w:Word11KerningPairs/>
|
||
<w:CachedColBalance/>
|
||
</w:Compatibility>
|
||
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
|
||
<m:mathPr>
|
||
<m:mathFont m:val="Cambria Math"/>
|
||
<m:brkBin m:val="before"/>
|
||
<m:brkBinSub m:val="--"/>
|
||
<m:smallFrac m:val="off"/>
|
||
<m:dispDef/>
|
||
<m:lMargin m:val="0"/>
|
||
<m:rMargin m:val="0"/>
|
||
<m:defJc m:val="centerGroup"/>
|
||
<m:wrapIndent m:val="1440"/>
|
||
<m:intLim m:val="subSup"/>
|
||
<m:naryLim m:val="undOvr"/>
|
||
</m:mathPr></w:WordDocument>
|
||
</xml><![endif]--><!--[if gte mso 9]><xml>
|
||
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
|
||
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
|
||
LatentStyleCount="267">
|
||
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
|
||
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
|
||
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
|
||
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
|
||
<w:LsdException Locked="false" Priority="0" QFormat="true" Name="caption"/>
|
||
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
|
||
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
|
||
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
|
||
<w:LsdException Locked="false" Priority="0" Name="Hyperlink"/>
|
||
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
|
||
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
|
||
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Table Grid"/>
|
||
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
|
||
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
|
||
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
|
||
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
|
||
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
|
||
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
|
||
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light List Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
|
||
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
|
||
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
|
||
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
|
||
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
|
||
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
|
||
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
|
||
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
|
||
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
|
||
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
|
||
</w:LatentStyles>
|
||
</xml><![endif]-->
|
||
<style>
|
||
<!--
|
||
/* Font Definitions */
|
||
@font-face
|
||
{font-family:Wingdings;
|
||
panose-1:5 0 0 0 0 0 0 0 0 0;
|
||
mso-font-charset:2;
|
||
mso-generic-font-family:auto;
|
||
mso-font-pitch:variable;
|
||
mso-font-signature:0 268435456 0 0 -2147483648 0;}
|
||
@font-face
|
||
{font-family:"MS Mincho";
|
||
panose-1:2 2 6 9 4 2 5 8 3 4;
|
||
mso-font-alt:"\FF2D\FF33 \660E\671D";
|
||
mso-font-charset:128;
|
||
mso-generic-font-family:modern;
|
||
mso-font-pitch:fixed;
|
||
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
||
@font-face
|
||
{font-family:"Cambria Math";
|
||
panose-1:2 4 5 3 5 4 6 3 2 4;
|
||
mso-font-charset:0;
|
||
mso-generic-font-family:roman;
|
||
mso-font-pitch:variable;
|
||
mso-font-signature:-1610611985 1107304683 0 0 159 0;}
|
||
@font-face
|
||
{font-family:Tahoma;
|
||
panose-1:2 11 6 4 3 5 4 4 2 4;
|
||
mso-font-charset:0;
|
||
mso-generic-font-family:swiss;
|
||
mso-font-pitch:variable;
|
||
mso-font-signature:1627400839 -2147483648 8 0 66047 0;}
|
||
@font-face
|
||
{font-family:"\@MS Mincho";
|
||
panose-1:2 2 6 9 4 2 5 8 3 4;
|
||
mso-font-charset:128;
|
||
mso-generic-font-family:modern;
|
||
mso-font-pitch:fixed;
|
||
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
|
||
/* Style Definitions */
|
||
p.MsoNormal, li.MsoNormal, div.MsoNormal
|
||
{mso-style-unhide:no;
|
||
mso-style-qformat:yes;
|
||
mso-style-parent:"";
|
||
margin:0cm;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:12.0pt;
|
||
font-family:"Times New Roman","serif";
|
||
mso-fareast-font-family:"Times New Roman";}
|
||
h1
|
||
{mso-style-unhide:no;
|
||
mso-style-qformat:yes;
|
||
mso-style-link:"Heading 1 Char";
|
||
mso-style-next:Normal;
|
||
margin-top:12.0pt;
|
||
margin-right:0cm;
|
||
margin-bottom:3.0pt;
|
||
margin-left:0cm;
|
||
mso-pagination:widow-orphan;
|
||
page-break-after:avoid;
|
||
mso-outline-level:1;
|
||
font-size:16.0pt;
|
||
font-family:"Arial","sans-serif";
|
||
mso-fareast-font-family:"MS Mincho";
|
||
mso-font-kerning:16.0pt;
|
||
mso-fareast-language:JA;
|
||
font-weight:bold;}
|
||
h2
|
||
{mso-style-noshow:yes;
|
||
mso-style-priority:9;
|
||
mso-style-qformat:yes;
|
||
mso-style-link:"Heading 2 Char";
|
||
mso-style-next:Normal;
|
||
margin-top:10.0pt;
|
||
margin-right:0cm;
|
||
margin-bottom:0cm;
|
||
margin-left:0cm;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan lines-together;
|
||
page-break-after:avoid;
|
||
mso-outline-level:2;
|
||
font-size:13.0pt;
|
||
font-family:"Cambria","serif";
|
||
mso-ascii-font-family:Cambria;
|
||
mso-ascii-theme-font:major-latin;
|
||
mso-fareast-font-family:"Times New Roman";
|
||
mso-fareast-theme-font:major-fareast;
|
||
mso-hansi-font-family:Cambria;
|
||
mso-hansi-theme-font:major-latin;
|
||
mso-bidi-font-family:"Times New Roman";
|
||
mso-bidi-theme-font:major-bidi;
|
||
color:#4F81BD;
|
||
mso-themecolor:accent1;
|
||
font-weight:bold;}
|
||
p.MsoCaption, li.MsoCaption, div.MsoCaption
|
||
{mso-style-noshow:yes;
|
||
mso-style-qformat:yes;
|
||
mso-style-next:Normal;
|
||
margin:0cm;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:10.0pt;
|
||
font-family:"Times New Roman","serif";
|
||
mso-fareast-font-family:"Times New Roman";
|
||
font-weight:bold;}
|
||
p.MsoEnvelopeReturn, li.MsoEnvelopeReturn, div.MsoEnvelopeReturn
|
||
{mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
margin:0cm;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:12.0pt;
|
||
font-family:"Times New Roman","serif";
|
||
mso-fareast-font-family:"Times New Roman";
|
||
mso-fareast-theme-font:major-fareast;}
|
||
a:link, span.MsoHyperlink
|
||
{mso-style-noshow:yes;
|
||
color:blue;
|
||
text-decoration:underline;
|
||
text-underline:single;}
|
||
a:visited, span.MsoHyperlinkFollowed
|
||
{mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
color:purple;
|
||
mso-themecolor:followedhyperlink;
|
||
text-decoration:underline;
|
||
text-underline:single;}
|
||
p
|
||
{mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
mso-margin-top-alt:auto;
|
||
margin-right:0cm;
|
||
mso-margin-bottom-alt:auto;
|
||
margin-left:0cm;
|
||
mso-pagination:widow-orphan;
|
||
font-size:12.0pt;
|
||
font-family:"Times New Roman","serif";
|
||
mso-fareast-font-family:"Times New Roman";}
|
||
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
|
||
{mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
mso-style-link:"Balloon Text Char";
|
||
margin:0cm;
|
||
margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:8.0pt;
|
||
font-family:"Tahoma","sans-serif";
|
||
mso-fareast-font-family:"Times New Roman";}
|
||
span.Heading1Char
|
||
{mso-style-name:"Heading 1 Char";
|
||
mso-style-unhide:no;
|
||
mso-style-locked:yes;
|
||
mso-style-link:"Heading 1";
|
||
mso-ansi-font-size:16.0pt;
|
||
mso-bidi-font-size:16.0pt;
|
||
font-family:"MS Mincho";
|
||
mso-ascii-font-family:"MS Mincho";
|
||
mso-fareast-font-family:"MS Mincho";
|
||
mso-hansi-font-family:"MS Mincho";
|
||
mso-bidi-font-family:Arial;
|
||
mso-font-kerning:16.0pt;
|
||
mso-fareast-language:JA;
|
||
font-weight:bold;}
|
||
span.Heading2Char
|
||
{mso-style-name:"Heading 2 Char";
|
||
mso-style-noshow:yes;
|
||
mso-style-priority:9;
|
||
mso-style-unhide:no;
|
||
mso-style-locked:yes;
|
||
mso-style-link:"Heading 2";
|
||
mso-ansi-font-size:13.0pt;
|
||
mso-bidi-font-size:13.0pt;
|
||
font-family:"Cambria","serif";
|
||
mso-ascii-font-family:Cambria;
|
||
mso-ascii-theme-font:major-latin;
|
||
mso-fareast-font-family:"Times New Roman";
|
||
mso-fareast-theme-font:major-fareast;
|
||
mso-hansi-font-family:Cambria;
|
||
mso-hansi-theme-font:major-latin;
|
||
color:#4F81BD;
|
||
mso-themecolor:accent1;
|
||
font-weight:bold;}
|
||
span.BalloonTextChar
|
||
{mso-style-name:"Balloon Text Char";
|
||
mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
mso-style-unhide:no;
|
||
mso-style-locked:yes;
|
||
mso-style-link:"Balloon Text";
|
||
mso-ansi-font-size:8.0pt;
|
||
mso-bidi-font-size:8.0pt;
|
||
font-family:"Tahoma","sans-serif";
|
||
mso-ascii-font-family:Tahoma;
|
||
mso-fareast-font-family:"Times New Roman";
|
||
mso-hansi-font-family:Tahoma;
|
||
mso-bidi-font-family:Tahoma;}
|
||
.MsoChpDefault
|
||
{mso-style-type:export-only;
|
||
mso-default-props:yes;
|
||
font-size:10.0pt;
|
||
mso-ansi-font-size:10.0pt;
|
||
mso-bidi-font-size:10.0pt;
|
||
mso-ascii-font-family:Arial;
|
||
mso-fareast-font-family:Calibri;
|
||
mso-fareast-theme-font:minor-latin;
|
||
mso-hansi-font-family:Arial;
|
||
mso-bidi-font-family:"Times New Roman";
|
||
mso-bidi-theme-font:major-bidi;}
|
||
@page Section1
|
||
{size:612.0pt 792.0pt;
|
||
margin:72.0pt 72.0pt 72.0pt 72.0pt;
|
||
mso-header-margin:35.4pt;
|
||
mso-footer-margin:35.4pt;
|
||
mso-paper-source:0;}
|
||
div.Section1
|
||
{page:Section1;}
|
||
-->
|
||
</style>
|
||
<!--[if gte mso 10]>
|
||
<style>
|
||
/* Style Definitions */
|
||
table.MsoNormalTable
|
||
{mso-style-name:"Table Normal";
|
||
mso-tstyle-rowband-size:0;
|
||
mso-tstyle-colband-size:0;
|
||
mso-style-noshow:yes;
|
||
mso-style-priority:99;
|
||
mso-style-qformat:yes;
|
||
mso-style-parent:"";
|
||
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
|
||
mso-para-margin:0cm;
|
||
mso-para-margin-bottom:.0001pt;
|
||
mso-pagination:widow-orphan;
|
||
font-size:10.0pt;
|
||
font-family:"Arial","sans-serif";
|
||
mso-bidi-font-family:"Times New Roman";
|
||
mso-bidi-theme-font:major-bidi;}
|
||
</style>
|
||
<![endif]--><!--[if gte mso 9]><xml>
|
||
<o:shapedefaults v:ext="edit" spidmax="3074"/>
|
||
</xml><![endif]--><!--[if gte mso 9]><xml>
|
||
<o:shapelayout v:ext="edit">
|
||
<o:idmap v:ext="edit" data="1"/>
|
||
</o:shapelayout></xml><![endif]-->
|
||
</head>
|
||
|
||
<body lang=EN-US link=blue vlink=purple style='tab-interval:36.0pt'>
|
||
|
||
<div class=Section1>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Lesson
|
||
Plan Title:</span></b><span style='font-family:"Arial","sans-serif"'> How to
|
||
Hijack a Session<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></b></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Concept /
|
||
Topic To Teach:</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
|
||
|
||
<!-- Start Instructions -->
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Application
|
||
developers who develop their own session IDs frequently forget to incorporate
|
||
the complexity and randomness necessary for security. If the user specific
|
||
session ID is not complex and random, then the application is highly
|
||
susceptible to session-based brute force attacks. <o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></b></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
|
||
Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Try to access
|
||
an authenticated session belonging to someone else. <o:p></o:p></span></p>
|
||
|
||
<!-- Stop Instructions -->
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In this
|
||
lesson the purpose is to predict the WEAKID value. The WEAKID is used to
|
||
differentiate authenticated and anonymous users of WebGoat.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
|
||
o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
|
||
stroked="f">
|
||
<v:stroke joinstyle="miter"/>
|
||
<v:formulas>
|
||
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
|
||
<v:f eqn="sum @0 1 0"/>
|
||
<v:f eqn="sum 0 0 @1"/>
|
||
<v:f eqn="prod @2 1 2"/>
|
||
<v:f eqn="prod @3 21600 pixelWidth"/>
|
||
<v:f eqn="prod @3 21600 pixelHeight"/>
|
||
<v:f eqn="sum @0 0 1"/>
|
||
<v:f eqn="prod @6 1 2"/>
|
||
<v:f eqn="prod @7 21600 pixelWidth"/>
|
||
<v:f eqn="sum @8 21600 0"/>
|
||
<v:f eqn="prod @7 21600 pixelHeight"/>
|
||
<v:f eqn="sum @10 21600 0"/>
|
||
</v:formulas>
|
||
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
|
||
<o:lock v:ext="edit" aspectratio="t"/>
|
||
</v:shapetype><v:shape id="Picture_x0020_785" o:spid="_x0000_i1034" type="#_x0000_t75"
|
||
style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image001.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=369
|
||
src="lesson_solutions/WeakSessionID_files/image020.jpg" v:shapes="Picture_x0020_785"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>Solution:</span></b><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The easiest
|
||
way to complete this lesson is to use WebScarab's Session ID Analysis.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Go to
|
||
WebScarab and click on the button "SessionID Analysis". Select the last POST
|
||
request from the "Previous requests" drop-down box.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
|
||
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_786"
|
||
o:spid="_x0000_i1033" type="#_x0000_t75" style='width:480pt;height:276.75pt;
|
||
visibility:visible;mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image003.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=369
|
||
src="lesson_solutions/WeakSessionID_files/image021.jpg" v:shapes="Picture_x0020_786"><![endif]></span></p>
|
||
|
||
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
|
||
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
|
||
<span style='mso-element:field-separator'></span><![endif]--><span
|
||
style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
|
||
field-end'></span><![endif]--> WebScarabs SessionID Analysis<span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>To make sure
|
||
that WebScarab is able to fetch the WEAKID cookie, you need to click the "Test"
|
||
button on the bottom of the screen. A pop-up window must be shown like below.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
|
||
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_787"
|
||
o:spid="_x0000_i1032" type="#_x0000_t75" style='width:480pt;height:276pt;
|
||
visibility:visible;mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image005.png" o:title="" cropbottom="2719f"/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=368
|
||
src="lesson_solutions/WeakSessionID_files/image022.jpg" v:shapes="Picture_x0020_787"><![endif]></span></p>
|
||
|
||
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
|
||
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
|
||
<span style='mso-element:field-separator'></span><![endif]--><span
|
||
style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
|
||
field-end'></span><![endif]--> SessionID WEAKID discovered<span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>If you don<6F>t
|
||
have a pop-up window with the Extracted Sessionids, you must edit the Request.
|
||
You must delete the WEAKID value from the request. Without this cookie value,
|
||
WebGoat will return a HTTP Header "Set-Cookie: WEAKID=value" so WebScarab
|
||
learns about this value.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Fetch 50
|
||
samples and examine the results. Enter "50" in the "Samples" window and click
|
||
the button "Fetch". You will not see any information about progress.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_788" o:spid="_x0000_i1031"
|
||
type="#_x0000_t75" style='width:480pt;height:17.25pt;visibility:visible;
|
||
mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image007.png" o:title="" croptop="61471f"/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=23
|
||
src="lesson_solutions/WeakSessionID_files/image023.jpg" v:shapes="Picture_x0020_788"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Now you need
|
||
to go to the tab "Analysis".<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_789" o:spid="_x0000_i1030"
|
||
type="#_x0000_t75" style='width:480pt;height:53.25pt;visibility:visible;
|
||
mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image007.png" o:title="" cropbottom="52914f"/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=71
|
||
src="lesson_solutions/WeakSessionID_files/image024.jpg" v:shapes="Picture_x0020_789"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In the "Analysis"
|
||
pane you see nothing. <o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_790" o:spid="_x0000_i1029"
|
||
type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
|
||
mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image010.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=369
|
||
src="lesson_solutions/WeakSessionID_files/image025.jpg" v:shapes="Picture_x0020_790"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>You must
|
||
select the Session Identifier WEAKID value from the drop-down box.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_791" o:spid="_x0000_i1028"
|
||
type="#_x0000_t75" style='width:480pt;height:276.75pt;visibility:visible;
|
||
mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image012.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=640 height=369
|
||
src="lesson_solutions/WeakSessionID_files/image026.jpg" v:shapes="Picture_x0020_791"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The WEAKID is
|
||
divided in 2 parts: the first part is an identifier that is added 1 in every
|
||
cookie and a time value. The time value is calculated at the moment that you
|
||
submit the request.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Notice that
|
||
there is sometimes a gap in the first value of the WEAKID, skipping with 1. The
|
||
value that is missing is the value that you need to know to log on. Now you
|
||
only need to calculate the timestamp. This can be brute-forced using Crowbar.
|
||
You know the previous timestamp and the next timestamp so you have a start and
|
||
end value.<br>
|
||
You can download Crowbar for free: <a href="http://www.sensepost.com/research/crowbar/" target="_blank">http://www.sensepost.com/research/crowbar/</a>
|
||
<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
|
||
yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_792" o:spid="_x0000_i1027"
|
||
type="#_x0000_t75" style='width:480.75pt;height:338.25pt;visibility:visible;
|
||
mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image014.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=641 height=451
|
||
src="lesson_solutions/WeakSessionID_files/image027.jpg" v:shapes="Picture_x0020_792"><![endif]></span><span
|
||
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>There is a
|
||
value 16935 and a value 16937 with a numeric difference of 28110 instead of
|
||
14109, so there the WEAKID cookie is located. Copy and paste the raw HTTP
|
||
request in Crowbar:<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
|
||
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_793"
|
||
o:spid="_x0000_i1026" type="#_x0000_t75" style='width:447pt;height:382.5pt;
|
||
visibility:visible;mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image016.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=596 height=510
|
||
src="lesson_solutions/WeakSessionID_files/image028.jpg" v:shapes="Picture_x0020_793"><![endif]></span></p>
|
||
|
||
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
|
||
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
|
||
<span style='mso-element:field-separator'></span><![endif]--><span
|
||
style='mso-no-proof:yes'>3</span><!--[if supportFields]><span style='mso-element:
|
||
field-end'></span><![endif]--> Crowbar<span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Change target
|
||
to localhost and adjust the port.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Create a Base
|
||
response. Make sure that you see "How to hijack a session" in the middle
|
||
window.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Insert ##1##
|
||
in the WEAKID parameter where you want to brute-force the value and be aware, that the first part of the WEAKID is the one we are searching for (16936).
|
||
The WEAKID in Crowbar lookes like this: Cookie: JSESSIONID=...; WEAKID=1693<font color="ff0000">6</font>-1163685<font color="ff0000">##1##</font>;<br>
|
||
Start the first loop at 363093, the last digits of the last cookie before the
|
||
authentication cookie and 363203, the first cookie after the authentication
|
||
cookie. You have to enter these two values in the Parameter1 fields. We have to brute-force these values, but we are sure that they lie
|
||
between these two boundaries.<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Examine the
|
||
results until you see a different fuzzy logic value (the blue line in Figure 3), right-click it and click on "Show
|
||
reply".<o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
|
||
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_794"
|
||
o:spid="_x0000_i1025" type="#_x0000_t75" style='width:481.5pt;height:345.75pt;
|
||
visibility:visible;mso-wrap-style:square'>
|
||
<v:imagedata src="lesson_solutions/WeakSessionID_files/image018.png" o:title=""/>
|
||
</v:shape><![endif]--><![if !vml]><img width=642 height=461
|
||
src="lesson_solutions/WeakSessionID_files/image029.jpg" v:shapes="Picture_x0020_794"><![endif]></span></p>
|
||
|
||
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
|
||
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
|
||
<span style='mso-element:field-separator'></span><![endif]--><span
|
||
style='mso-no-proof:yes'>4</span><!--[if supportFields]><span style='mso-element:
|
||
field-end'></span><![endif]--> Lesson 12 Completed<span style='font-family:
|
||
"Arial","sans-serif"'><o:p></o:p></span></p>
|
||
|
||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||
|
||
<p class=MsoNormal><o:p> </o:p></p>
|
||
|
||
</div>
|
||
<table align='RIGHT' cellspacing='0' width='90%' border='0' cellpadding='0'>
|
||
<tr>
|
||
<td valign='MIDDLE' width='100%' align='RIGHT class=MsoNormal' style='font-family:"Arial","sans-serif"'>
|
||
Solution by Erwin Geirnaert
|
||
</td>
|
||
<td valign='MIDDLE' align='RIGHT'><img hspace='0' vspace='0' border='0' alt='ZION SECURITY' src='images/logos/zionsecurity.gif'></td>
|
||
</tr>
|
||
</table>
|
||
|
||
</body>
|
||
|
||
</html>
|