Re: webgoat breaking

Hi,

The challenge is intended to be very difficult (and in some cases tedious), like penetrating systems in the real world. But it's definitely achievable with patience and thought. I've always said your best pentest tool is in your head.

Anyway, you can solve the authentication stage by figuring out how to access the source code and then just checking the logic. You're right that it is not based on SQL. Another solid reason for code review, but that's another thread. There is another way to get the credentials by sniffing the network, but it's not realistic in most environments and was intended to teach a different skill.

As far as defacing the site using the SSI vulnerability, you'll need to learn the SSI syntax and then look for a command you could inject and use. I'm sure you can execute the attack if you think hard. The code can also be your guide if you figured out how to access it. Of course you could cheat and extract it from CVS, but it is available through a separate weakness in WebGoat.

Good luck,

--Jeff

Jeff Williams
Aspect Security, Inc.
http://www.aspectsecurity.com

• Original Message ----- From: Indian Tiger To: webappsec@securityfocus.com Sent: Saturday, February 23, 2002 2:24 AM Subject: webgoat breaking

hi all,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

i m trying to break the webgoat challenge. But i m not able to break the user authentication. I tried to break user authentication using all possible
SQL Injections, but it couldnt work out. I need help on this topic. what i should try to break this user authentication. i have gone thru its code ,it
is written in the java & i did not find any Sql query used for cheking username & password, so is there any way to break this user authentication scheme ?
I m looking for the material on SERVER SIDE INCLUDES VULNAREBILITIES. i got
the information that some sites are vulnarable to Server Side Includes but i
dont know how i can use SSI to test vulnarability of the sites. SSL includes can be helpfull in webgoat also.Any help on this topic will be highly appreciated.

Thanking You.
Sincerely,

Indian Tiger, CISSP Received on Wed Mar 26 10:02:25 2003