In the last post we setup Samurai WTF and OWASP Broken Web
Application (OBWA) VM’s. In this post we will set up the Hacme VM with the Hacme Bank applications.
The Hacme applications is a set of purposely written
insecure web applications from Foundstone. There is a whole collection of applications including Hacme Bank, Hacme Books, Hacme Casino, Hacme Travel and Hacme
Shipping. The nice thing about the Hacme Series is they are written using
various technologies.
To begin with first we must install the OS and the following
requirements for the Hacme Software:
· Windows XP SP3
· IIS
· .NET Framework v1.1
· SQL 2000 MSDE
First build a VM for Windows. The challenge with this system
will be given it sufficient memory and storage. For my lab I am going to give
it 2 GB of memory and 50 GB of storage. Once the VM is built install the
Windows OS.
Once the OS is installed patch the OS. After patching began
downloading all of the software and their requirements.
Download the following software:
Hacme Bank Installation
First we must install SQL 2000, IIS, and .Net v1.1
Framework. These instructions are in the Hacme Bank User Guide.
Browse to where SQL 2000 MSDE was saved and double click on MSDE200A.exe.
Accept the defaults and the SQL 2000 installation files will be downloaded. In
a command prompt, change to the directory where the install files were
downloaded to, if you chose the defaults the directory will be MSDERe1A. Type
in the following commands to install MS SQL 2000:
c:\MSDERelA\Setup SAPWD=password SECURITYMODE=MIXED
DISABLENETWORKPROTOCOLS=0
This will install SQL with the SA password of password,
using mixed mode authentication and allow the SQL server to be accessible over
the network.
After SQL installation is complete next install IIS through
the Control Panel. Browse to Add/Remove Programs, Add/Remove Windows
components. Check the box next to IIS and click next. Click Finish after
installation is complete.
Next, browse to where .Net Framework was downloaded and
double click on the file dotnetfx.exe. Select the defaults and let .Net
Framework install. Once installation is complete run the following command from
a command prompt:
c:\windows\microsoft.net\framework\v1.1.4322\aspnet_regiis
-i
This insures that .Net Framework v1.1 and IIS are configured
properly. Reboot the system to ensure all services are started
Browser to where Hacme Bank was downloaded to and extract the
Hacme bank file. Double click Foundstone Hacme Bank Web Service Setup to
begin the installation. Click through the welcome page, read and accept the
license agreement, click through the rest of the defaults until the database
setup. Change the authentication type to Trusted Connection and finish the
install.
Next double click Foundstone Hacme Bank Web Site. Select the
defaults and install the web site.
Double click on the Hacme Bank Web Site icon, enter in the username jv
and password jv789. If a welcome message appears, Hacme Bank has been
successfully setup.
The final step is setting up remote connections. Browser to C:\Inetpub\wwwroot\HacmeBank_v2_Website
and open Web.config file.
Comment out the following line:
add name ="HttpModule_onlyAllowLocalAccess" type="HacmeBank_v2_Website.httpModules.HttpModule_onlyAllowLocalAccess,HacmeBank_v2_Website"
After setting up Hacme Bank, I have decided to break up the installation of Hacme applications over a series of posts. In the next post I will cover Hacme Casino.
No comments:
Post a Comment