| View previous topic :: View next topic |
| Author |
Message |
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
 Posted: Sun Jun 10, 2012 5:28 pm Post subject: Difficulty configuring virtualbox-guest-additions per LXF159 |
 |
|
| Hi, I'm having a heck of a time following "Step-by-step: Configuring the environment" as described in "Hacking: Make your site safe" in LXF159. Specifically, Step3-Install guest additions states "Go to Devices > Guest Additions". I can't find "Devices > Install Guest Additions" in my version of VirtualBox that came installed in Ubuntu 12.04 which is the host that I am using. I'm not sure the latest version of VirtualBox is what's installed. When I downloaded and attempted to install the latest version it wasn't allowed. Any help with this will be appreciated. |
|
| Back to top |
|
 |
Ben
Joined: Wed Feb 01, 2012 11:42 am
Posts: 25
|
| Posted: Mon Jun 11, 2012 11:07 am Post subject: |
|
|
Hi Gdawg,
This is in the window for the virtual machine, rather than the main virtual box window. After starting the machine, you should find this option in the menu.
Alternatively, if you are using Unity you can just tap Alt to bring up the HUD and type "install", this will bring up the appropriate menu option (again, in the virtual machine window rather than the main window).
I hope this helps,
Ben |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Mon Jun 11, 2012 4:28 pm Post subject: |
|
|
Thank you Ben. I'll try what you suggest and will post back.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Mon Jun 11, 2012 5:21 pm Post subject: |
|
|
Hi, I'm glad you suggested the alternative for Unix as that's what I had to use. I'm now stuck at step 6 of "Configuring the environment" which states "Point the new Firefox window to http://localhost:8080/WebGoat/attack, and log in with guest as the username and password."
I get the following error message:
HTTP Status 404 - /WebGoat/attack
type Status report
message /WebGoat/attack
description The requested resource (/WebGoat/attack) is not available.
Apache Tomcat/5.5.28
Any assistance will be appreciated.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
Ben
Joined: Wed Feb 01, 2012 11:42 am
Posts: 25
|
| Posted: Mon Jun 11, 2012 5:45 pm Post subject: |
|
|
Hi,
Try entering the address with webgoat all in lower case. If that doesn't work, were there any errors in stages 4 and 5?
Ben |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Mon Jun 11, 2012 10:47 pm Post subject: |
|
|
Hi, I tried using all lower-case letters but it seems to be stuck loading. In the bottom left of screen it says "stopped". I had no errors in steps 4 or 5. I'm going to start from scratch and see if I get a better result. Thanks for your help. I may be back.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Tue Jun 12, 2012 3:29 am Post subject: |
|
|
Hi, I got in. Apparently, I neglected to restart Web Scarab after clicking on Tools and selecting Use Lite Interface. Thanks a lot for your help.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Wed Jun 20, 2012 2:18 am Post subject: |
|
|
Well I'm back again. I can't seem to get Numeric SQL Injection to work. I'm not seeing the screenshot that is described on page 92 0f LXF159. The only view I see is WebScarab Lite. The directions state "Change the station value to 101 OR station like '%'" The screenshot shows a form titled "Edit Request" with 2 columns labeled "Variable" and "Value". I have followed all directions and don't know where to go from here. Any help will be appreciated.
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
Ben
Joined: Wed Feb 01, 2012 11:42 am
Posts: 25
|
| Posted: Wed Jun 20, 2012 11:40 am Post subject: |
|
|
Hi Gdawg,
Just to check -- are you saying that you don't get a window titled 'edit request'?
Are you checking the Intercept Request box in Web Scarab before running the attack?
Ben |
|
| Back to top |
|
|
gdawg
Joined: Fri Nov 18, 2011 2:55 pm
Posts: 11
Location: New Mexico, USA
|
| Posted: Wed Jun 20, 2012 4:34 pm Post subject: |
|
|
Thank you Ben. I am not seeing a window titled "Edit Request" and yes I am checking the Intercept Request box in Web Scarab before running the attack. I have even deleted OWASP from VirtualBox and started again from the beginning and have successfully completed the previous lessons in SQL Injection. Is it necessary to run "virtualbox-guest-additions" each time I restart OWASP? At one time I did see the Edit Request window but couldn't figure out how to edit the station value entry. I finally found that if I double-clicked on the 'value' section I was able to enter the required changed value and checked "Accept changes" but didn't get the expected result. There was no change in WebGoat.
I appreciate your help.
Glen
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux |
|
| Back to top |
|
|
| View previous topic :: View next topic |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
