Difficulty configuring virtualbox-guest-additions per LXF159

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Difficulty configuring virtualbox-guest-additions per LXF159

Postby gdawg » Sun Jun 10, 2012 4:28 pm

Hi, I'm having a heck of a time following "Step-by-step: Configuring the environment" as described in "Hacking: Make your site safe" in LXF159. Specifically, Step3-Install guest additions states "Go to Devices > Guest Additions". I can't find "Devices > Install Guest Additions" in my version of VirtualBox that came installed in Ubuntu 12.04 which is the host that I am using. I'm not sure the latest version of VirtualBox is what's installed. When I downloaded and attempted to install the latest version it wasn't allowed. Any help with this will be appreciated.
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby Ben » Mon Jun 11, 2012 10:07 am

Hi Gdawg,

This is in the window for the virtual machine, rather than the main virtual box window. After starting the machine, you should find this option in the menu.

Alternatively, if you are using Unity you can just tap Alt to bring up the HUD and type "install", this will bring up the appropriate menu option (again, in the virtual machine window rather than the main window).

I hope this helps,

Ben
Ben
 
Posts: 25
Joined: Wed Feb 01, 2012 11:42 am

Postby gdawg » Mon Jun 11, 2012 3:28 pm

Thank you Ben. I'll try what you suggest and will post back.
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby gdawg » Mon Jun 11, 2012 4:21 pm

Hi, I'm glad you suggested the alternative for Unix as that's what I had to use. I'm now stuck at step 6 of "Configuring the environment" which states "Point the new Firefox window to http://localhost:8080/WebGoat/attack, and log in with guest as the username and password."
I get the following error message:
HTTP Status 404 - /WebGoat/attack

type Status report

message /WebGoat/attack

description The requested resource (/WebGoat/attack) is not available.
Apache Tomcat/5.5.28
Any assistance will be appreciated.
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby Ben » Mon Jun 11, 2012 4:45 pm

Hi,

Try entering the address with webgoat all in lower case. If that doesn't work, were there any errors in stages 4 and 5?

Ben
Ben
 
Posts: 25
Joined: Wed Feb 01, 2012 11:42 am

Postby gdawg » Mon Jun 11, 2012 9:47 pm

Hi, I tried using all lower-case letters but it seems to be stuck loading. In the bottom left of screen it says "stopped". I had no errors in steps 4 or 5. I'm going to start from scratch and see if I get a better result. Thanks for your help. I may be back.
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby gdawg » Tue Jun 12, 2012 2:29 am

Hi, I got in. Apparently, I neglected to restart Web Scarab after clicking on Tools and selecting Use Lite Interface. Thanks a lot for your help.
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby gdawg » Wed Jun 20, 2012 1:18 am

Well I'm back again. I can't seem to get Numeric SQL Injection to work. I'm not seeing the screenshot that is described on page 92 0f LXF159. The only view I see is WebScarab Lite. The directions state "Change the station value to 101 OR station like '%'" The screenshot shows a form titled "Edit Request" with 2 columns labeled "Variable" and "Value". I have followed all directions and don't know where to go from here. Any help will be appreciated.

Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA

Postby Ben » Wed Jun 20, 2012 10:40 am

Hi Gdawg,

Just to check -- are you saying that you don't get a window titled 'edit request'?

Are you checking the Intercept Request box in Web Scarab before running the attack?

Ben
Ben
 
Posts: 25
Joined: Wed Feb 01, 2012 11:42 am

Postby gdawg » Wed Jun 20, 2012 3:34 pm

Thank you Ben. I am not seeing a window titled "Edit Request" and yes I am checking the Intercept Request box in Web Scarab before running the attack. I have even deleted OWASP from VirtualBox and started again from the beginning and have successfully completed the previous lessons in SQL Injection. Is it necessary to run "virtualbox-guest-additions" each time I restart OWASP? At one time I did see the Edit Request window but couldn't figure out how to edit the station value entry. I finally found that if I double-clicked on the 'value' section I was able to enter the required changed value and checked "Accept changes" but didn't get the expected result. There was no change in WebGoat.

I appreciate your help.

Glen
Linux gdawg-Inspiron-530s 3.2.0-23-generic-pae #36-Ubuntu SMP Tue Apr 10 22:19:09 UTC 2012 i686 i686 i386 GNU/Linux
gdawg
 
Posts: 13
Joined: Fri Nov 18, 2011 2:55 pm
Location: New Mexico, USA


Return to Help!

Who is online

Users browsing this forum: No registered users and 1 guest