Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Hacme Bank

from [Jeremy Junginger] Network Security [Permanent Link]
Subject: RE: Hacme Bank
Date: Thu, 9 Sep 2004 07:34:40 -0700 
Great tool!  Lesson 1 a nice way to integrate the nexgenss advanced sql
injection techniques into a simulated environment.  I have a question,
though, and it may be misconfiguration on the server side on my part, but
after I've logged in successfully with inserted account credentials and I
click on account details, I get thrown back to
http://redmrtg/hacmebank/Login.aspx?lmsg=Re-login  Any tips?  Thanks!

-----Original Message-----
From: Rush Molekilla [mailto:molekilla@gmail.com] 
Sent: Thursday, September 09, 2004 6:28 AM
To: Mark Curphey
Cc: webappsec@securityfocus.com; pen-test@securityfocus.com
Subject: Re: Hacme Bank


Nice app!

The only problem I had while trying to hack ASP.NET Application in localhost
with my tool (Ecyware GreenBlue Inspector) is that both use the .NET thread
pool.

But nice ASP.NET, super great.

Thanks,

Rogelio Morrell C.
Ecyware


On Wed, 8 Sep 2004 10:03:43 -0400, Mark Curphey <mark@curphey.com> wrote:

Just to let you know in the next hour or so the links should go live 
to our new free tool, Hacme Bank on the Foundstone web site 
(http://www.foundstone.com/s3i).

You can see the press release here;

http://www.tmcnet.com/usubmit/2004/Sep/1071232.htm

It's an online banking application written in C# ASP.NET (requires IIS 
and .NET framework 1.1 to install) with a set of security holes 
replicating real world things we have found in client engagements over 
the last 9 months. It serves as a "real world" training application 
for web application pen testing and education for developers.

Its free for non-commercial use and we are already working on the next 
version to include some more user management issues.

All of the lessons are screen captured and documented so you can step 
through all of the issues. These are in a "User and Solution Guide" 
PDF in the web root by default.

It is not designed to be a good benchmarking platform for automated 
tools but it is interesting to compare the results of your favorite 
tools with the holes in the bank (we have done this) or put it behind 
a "web app firewall" (no uptake from my recent challenge I am afraid, 
go figure!).

The experienced can start attacking the login field when installed and 
the less experienced can walk through the lesson plans.

Mark






------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Encrypted storage, Shirokov Roman
Next by Date:  Re: Problem with Hacme Bank Install, Martin Mkrtchian
Previous by Thread:  RE: Hacme Bank, Frank Knobbe
Next by Thread:  RE: Hacme Bank, Mark Curphey
Indexes:  [Date] [Thread] [Top] [All Lists]