Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Difficulty configuring virtualbox-guest-additions per LXF159

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Sun Jun 10, 2012 5:28 pm    Post subject: Difficulty configuring virtualbox-guest-additions per LXF159 Reply with quote

Hi, I'm having a heck of a time following "Step-by-step: Configuring the environment" as described in "Hacking: Make your site safe" in LXF159. Specifically, Step3-Install guest additions states "Go to Devices > Guest Additions". I can't find "Devices > Install Guest Additions" in my version of VirtualBox that came installed in Ubuntu 12.04 which is the host that I am using. I'm not sure the latest version of VirtualBox is what's installed. When I downloaded and attempted to install the latest version it wasn't allowed. Any help with this will be appreciated.
Back to top
View user's profile Send private message
Ben



Joined: Wed Feb 01, 2012 11:42 am
Posts: 25

PostPosted: Mon Jun 11, 2012 11:07 am    Post subject: Reply with quote

Hi Gdawg,

This is in the window for the virtual machine, rather than the main virtual box window. After starting the machine, you should find this option in the menu.

Alternatively, if you are using Unity you can just tap Alt to bring up the HUD and type "install", this will bring up the appropriate menu option (again, in the virtual machine window rather than the main window).

I hope this helps,

Ben
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Mon Jun 11, 2012 4:28 pm    Post subject: Reply with quote

Thank you Ben. I'll try what you suggest and will post back.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Mon Jun 11, 2012 5:21 pm    Post subject: Reply with quote

Hi, I'm glad you suggested the alternative for Unix as that's what I had to use. I'm now stuck at step 6 of "Configuring the environment" which states "Point the new Firefox window to http://localhost:8080/WebGoat/attack, and log in with guest as the username and password."
I get the following error message:
HTTP Status 404 - /WebGoat/attack

type Status report

message /WebGoat/attack

description The requested resource (/WebGoat/attack) is not available.
Apache Tomcat/5.5.28
Any assistance will be appreciated.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
Ben



Joined: Wed Feb 01, 2012 11:42 am
Posts: 25

PostPosted: Mon Jun 11, 2012 5:45 pm    Post subject: Reply with quote

Hi,

Try entering the address with webgoat all in lower case. If that doesn't work, were there any errors in stages 4 and 5?

Ben
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Mon Jun 11, 2012 10:47 pm    Post subject: Reply with quote

Hi, I tried using all lower-case letters but it seems to be stuck loading. In the bottom left of screen it says "stopped". I had no errors in steps 4 or 5. I'm going to start from scratch and see if I get a better result. Thanks for your help. I may be back.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Tue Jun 12, 2012 3:29 am    Post subject: Reply with quote

Hi, I got in. Apparently, I neglected to restart Web Scarab after clicking on Tools and selecting Use Lite Interface. Thanks a lot for your help.
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Wed Jun 20, 2012 2:18 am    Post subject: Reply with quote

Well I'm back again. I can't seem to get Numeric SQL Injection to work. I'm not seeing the screenshot that is described on page 92 0f LXF159. The only view I see is WebScarab Lite. The directions state "Change the station value to 101 OR station like '%'" The screenshot shows a form titled "Edit Request" with 2 columns labeled "Variable" and "Value". I have followed all directions and don't know where to go from here. Any help will be appreciated.

Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
Ben



Joined: Wed Feb 01, 2012 11:42 am
Posts: 25

PostPosted: Wed Jun 20, 2012 11:40 am    Post subject: Reply with quote

Hi Gdawg,

Just to check -- are you saying that you don't get a window titled 'edit request'?

Are you checking the Intercept Request box in Web Scarab before running the attack?

Ben
Back to top
View user's profile Send private message
gdawg



Joined: Fri Nov 18, 2011 2:55 pm
Posts: 13
Location: New Mexico, USA

PostPosted: Wed Jun 20, 2012 4:34 pm    Post subject: Reply with quote

Thank you Ben. I am not seeing a window titled "Edit Request" and yes I am checking the Intercept Request box in Web Scarab before running the attack. I have even deleted OWASP from VirtualBox and started again from the beginning and have successfully completed the previous lessons in SQL Injection. Is it necessary to run "virtualbox-guest-additions" each time I restart OWASP? At one time I did see the Edit Request window but couldn't figure out how to edit the station value entry. I finally found that if I double-clicked on the 'value' section I was able to enter the required changed value and checked "Accept changes" but didn't get the expected result. There was no change in WebGoat.

I appreciate your help.

Glen
_________________
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast