As you proxy your browser traffic through OWASP ZAP, chances are that you are annoyed by noise. That is by default browsers these days make a lot of requests to update version, update cache, addons update and what not. It get’s really difficult to focus on the website at hand when you have other sites cluttering your Sites and History tab.
The Global Exclude URL functionality was supposed to work and it did work partially.
There was a minor bug and that was fixed. A screen recording of the bug and the bug fix url below:
Global Exclude URL (beta) – after close and reopen does not pick up added regex for excluding URLs #3275
PROBLEM: When copying files from VMWare player to the host (Windows host in this case), you get “Cannot write to local file”.
SOLUTION: Make space. Clear temp and %temp% directories, on your operating system drive.
I was trying to copy 5 GB of files from my VMWare player guest OS Kali Linux to my Windows Host. VMWare player displays Copying file “part2.rar” from virtual machine and exits with “Cannot write to local file. Cancelling the file copy operation.”.
This knowledge base from vmware hints disabling tempfs in linux operating systems. https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2056353
I looked at the temp and %temp% windows directories and dicovered the below temp location where VMWarePlayer copies the files from the VM Guest, and from there it copies to the destination directory in the host OS.
My Operating System drive C: was full, and I had to clear the temp directories and free up some space to do 5 GB copy operation from WMWare Player Guest Kali Linux to Windows Host.
Following the steps described here will most likely help in fixing the error messages and issues below:
- Installation – unclickable buttons “next step” #5
- Installation #6
- Database problem #9
- demo_database.sql – ERROR 1452 (23000) at line 5 #13
Of all the vulnerable applications from the OWASP’s vulnerable web applications directory, Hackazon is up to date with the latest technology stack and customizable vulnerabilities. It’s is a great choice to learn and teach ethically hacking today’s web applications. As of today, although the project on GitHub reports an update nine months ago, the application still uses recent web technologies to that we can learn hacking like it is 2016. This article helps you set up hackazon on a windows machine.
Things to be downloaded before we get started:
1. Hackazon User guide
Download from https://community.rapid7.com/docs/DOC-3452
Alternative like to the Original Hackazon user guide (in case the link above goes dead) – https://renouncedthoughts.files.wordpress.com/2017/02/hackazon_users_guide.pdf
2. Wamp server
Here’s the story
I had a Wamp installed on Nov 2014 and I tried using the same Wamp server for hackazon deployment. After following the instructions on the user guide, and going to a browser, hitting http://hackazon.lc the install page came up, and after you put the credentials for the MySQL user hackazon, and hit the Next Step button, the page would load the same page over and over again. So basically I was stuck at the first step of the wizard where you supply the administrator credentials. [Bug #5 filed at “Installation – unclickable buttons "next step" ” https://github.com/rapid7/hackazon/issues/5]
I tried everything in the Hackazon User Guide (here after referred to as the user guide) on a Kali linux machine, set up went smooth, just as described in the User Guide and the site was up and running in no time. It was happiness to see the second step of the installation page where you provide the MySQL database credentials.
Though I cant technically confirm if the older version of Wamp was the cause of bug # 5. My guess was may be to reinstall the Wamp to a recent version on a window machine and try the same steps as the user guide. And it indeed, helped me get over the bug # 5.
For Windows, the User Guide describes installation on Wamp 2.some version. However the current stable version available for release is Wamp 3.0.6 at the time of this writing. So something in MySQL changed, some things in Apache changed and hopefully this post will help you fill the gaps between the Hackazon User guide and the recent changes to the Wamp.
1. Download Wamp server
Please ensure your computer has the recent version of VC++ Runtime. If you want to install the VC++ runtime to the recent version, either have it done via Windows Update, or download it from the Microsoft website as recommended by the Wamp servers download page (as in the screenshot above). It is so important for Wamp to function properly that they have even updated their installation agreements during the installation wizard to reflect the installation and update of VC++ runtime. I had to download VC++ runtime for Visual Studio 2015 here at https://www.microsoft.com/en-in/download/details.aspx?id=48145.
Ok. Install Wamp. Pretty straight forward installation, go with the defaults.
This is the current Wamp installation on my computer right now.
2. Download Hackazon source code
Head over to the hackazon source code download page at github and download a zip of the hackazon source code.
Have them zip file contents extracted to c:\home\hackazon
3. Rename db.sample.php to dp.php
Head over to C:\home\hackazon\assets\config and rename the file db.sample.php to db.php
4. Create hackazon db and username in MySQL console
Open ‘MySQL console’ from the Wamp server system tray.
Press Enter on the ‘Enter password’ prompt if you did not create a MySQL root account password, which is the default during installation. Or if you had created a password for your MySQL installation, authenticate.
Enter the below query to create a database named hackazon.
Enter the below query to create a user named ‘hackazon’ and give it a password. In the screenshot below and in the query below, admin123! is the password, feel free to choose your favorite.
The password you provide here is important as you would need it on the first step of the Hackazon Installation wizard.
After this step, if you are curious, only if you are, head over to phpMyAdmin (from the Wamp Server system tray), login with your root server credentials, to see a database named hackazon, and a user named hackazon. Or just imagine, if the above two queries worked fine, a user name and a database named hackazon would have been created.
Do a restart by selecting Restart All Services from the Wamp server system tray menu.
5. Configuring or Verifying Apache’s default port
Open apache’s httpd.conf file. From Wamp Server System tray - Apache – httpd.conf
Search for the word Listen, and ensure Apache listens on port 80. I tried changing it from the default settings and tried to configure Apache to run on 7070 port, and hackazon kept giving me 400 Invalid Referrer error message, I couldn’t find out why. So I reversed back to the default settings.
Tip: Let’s try to configure Apache on the default port 80.
If you have Skype or IIS, running on port 80, change them, at least for now to give hackazon a preference to run on apache’s port 80.
Also, search for ServerName and verify if Server localhost also says port 80. I honestly do not know what this for, read the description and figure out. For now, all we are trying to do is configure apache to run on port 80.
6. Configuring the hackazon website set up
Open apache’s httpd-vhosts.conf file. From Wamp Server System tray – Apache – httpd-vhosts.conf
Copy paste the below contents of the httpd-vhosts.conf file in to your httpd-vhosts.conf file.
Save the file. The vhost settings provided above is good enough to even access http://hackazon.lc from another machine on the LAN.
7. Edit Windows hosts file to bind hackazon.lc to loopback address
C:\Windows\System32\drivers\etc open hosts file with administrative privileges and add the below entries
8. Restart DNS service from wamp server tools (right click wamp server from system tray)
After Restarting DNS, Restart All Services from wamp server from system tray.
This is all is required to start hackazon installation wizard. For the first time you hit http://hackazon.lc, you will automatically be redirected to the installation wizard.
9. Final tinkering
If you just go with this set up and continue with the Installation Wizard, on step 4 – the final step of the installation wizard will give you an error message as below:
”Error 42S02: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘hackazon.tbl_product_options_values’ doesn’t exist”.
There is also a bug filed for it. [Bug #9 Database problem https://github.com/rapid7/hackazon/issues/9]
After digging and digging and executing the contents of the db.sql file at C:\home\hackazon\database manually at phpMyAdmin Sql console, it occurred that the default value given for the timestamp data type is not supported by MySQL anymore or you would need to turn off date zero validation for the query execution.
To fix, add the below line at the very top of the db.sql file in C:\home\hackazon\database and save the file.
Now, for one last time, Restart All Services from the Wamp server system tray.
10. Navigating through the Hackazon installation wizard
Open a browser and hit http://hackazon.lc
You will be redirected to http://hackazon.lc/install
Provide the admin123! password, that is the one we typed in the MySQL console. Hit Next Step.
Provide the same password under the Password field, and hit Next Step
Leave the defaults, hit Next Step
Leave the defaults, hit Install
In a couple of seconds, you should be automatically redirected to http://hackazon.lc
Basically, that’s it. The hackazon user guide has more information on how to use the vulnerabilities configuration and other things that are specific to the hackazon application itself.
Just to do a walk through, hit http://hackazon.lc/admin, provide user name as admin and password as the password we entered in the MySql console admin123!
Navigate to Vulnerability Config, and choose account from the drop down. Or simply hit the url – http://hackazon.lc/admin/vulnerability?context=account
to see an error page as below:
To fix, click Wamp Server system tray icon - PHP - php.ini
Go to the very end of the php.ini file and comment out the zend_extension line by adding a semi colon ; in the front.
Save the file. Restart All Services.
If you want to access http://hackazon.lc from another computer (let’s say ‘X’) on the same Local Area Network (LAN), Open drivers/etc/hosts file on computer X and add the ip address of the hackazon.lc to point to hackazon.lc.
For every computer on the LAN, modify their windows hosts file to point hackazon.lc to the Wamp servers ip address.
That’s how I set up hackazon and got it working. Do you have similar experiences?
Let’s say you want to create a virtual machine with Apache Cloudstack or an IAAS provider like SchubergPhilis that has a Apache Cloud Stack based client called Cosmic Client. Follow the instructions below:
I am not going to explain in words, but the pictures below, point you to places you need to click and edit. If any of the settings below don’t work, chances are that you might have chosen an incorrect VPC, Tier, offering, feel free to reach our to your cloud provider for assistance.
1. Let’s start by adding a VPC, that is a Virtual Private Cloud.
2. Give it a Name, Choose a Zone, Super CIDR (the subnet range within the Virtual Private Cloud), and a VPC offering as advised by your cloud provider.
3. Once the VPC is created, click on Create network to Add new tier.
Give it a Name, Choose a network offering, provide the gateway address, a subnet mask.
4. Once the Tier is created, Click on the Virtual Machines, to add a new VM.
5. Next screen, click on Add Instance
6. Select a zone. Choose either ISO or Template. Choose ISO, if you would like to use an ISO image as bootable media and install the Operating System yourself. Choose Template, if you would like to choose from preinstalled Operating System VM templates.
We are going to choose ISO for this example.
7. Choose an ISO image.
8. Choose the amount of RAM, CPU from the available offerings.
9. Choose the required HDD size.
11. Give an IP address for this machine
13. Give a hostname and hit Launch VM
14. Once the VM is created, Click the View Console icon to access the running VM
15. Your VM is ready, you can start installing and perform the required work.
In case you get any Network Errors during the creation of VPC, or Tiers, ask your IAAS Cloud provider for assistance.
Issue: When connected to Remote Access VPN, internet cannot be reached because of IP routing conflicts
Solution: Enable Split Tunneling for the VPN connection, and add routing for the IP addresses on the device
On a Windows 10, When Remote VPN is connected, internet disconnects. Let’s say, 192.168.20.123 is an IP address on the VPN. In the screenshot below, when internet is connected, google.com pings, however 192.168.20.123 doesn’t ping. Expected behavior because we are not connected to VPN yet.
When Remote VPN connectivity is established, the internet goes off, and the VPN machine starts pinging.
So, that’s the issue.
Disconnect the VPN.
Open Windows Powershell, and type in the command to enable Split Tunneling for the VPN connection.
If VPN connectivity is attempted now, after the Split Tunneling change, notice the internet works, however VPN machine cannot be reached.
Add a persistent route for the destination.
We need four things to add a permanent route:
- The destination IP address [Eg: 192.168.20.123]
- Subnet mask [Eg: 255.255.255.255]
- Destination gateway [Eg: 192.168.20.1]
- VPN network interface id (route print command, and identify the Interface ID of the VPN connection)
[Eg: In the example below, the Interface Number for the VPN connection is 69]
Open a command prompt with Elevated Privileges, and type in the below command to add a permanent route to the destination IP address. For more IP addresses, repeat the command by changing the destination IP address.
Now, internet connectivity works as expected. If there is a request for 192.168.20.123 IP address which is on the VPN, then the route would go through the VPN interface.
December 1, 01.15 AM IST
I can’t express how much I love you these days
I wish it was it was only the sex, we had to haste
The moment I gave you a place in my heart
Every time we fought it ripped me to shrapnels apart
I don’t like anger, neither do you?
But I can’t control, the way I am, can you?
You don’t understand how much I love you
You have deep trust paranoia, sad but true
I threw away things that I ever cared for
You misunderstand me, you tell me to fuck off
Be careful next time what you say
Words that hurt, put me in ceaseless dismay
Hell, I can’t fucking count the number of stars
As my body, you left me with so many scars
You asked me to write a poem for you the times we met
Here I am, pouring down my feelings, I am now a whiskey’s pet
You think I am drunk, you think you can blame me
Well, I am slam dunk, you still can’t assume me
I am a man of duty, pride and honor
In love’s court, I plead not guilty your honor!
Past is past, and the past is done, can’t be undone
You can’t recover what’s been said and done
Either we live in the dark, worrying about shattered dreams
Or start a new life spark, with new joyful schemes
I sorry I can’t be like your father or him
I am me! It’s our ego, we both need to trim
At least I have the to courtesy to accept my mistakes
If you confide in me, I don’t have to say you manipulate
Where there is anger, there is intense love
Its fear you monger, allow me to exalt you above
Remember, you used to ask me, "Who am I to you?!"
You realize now, how desperately I am the one who needs you?!
No matter what happens, we are family, we never leave the house
We stick together through our bitterly woes, my spouse
They say two same poles repel each other
We two similar souls, I wonder, can we propel together?
I know, I should learn to treat you better
I am learning, trying hard, and I never regretted
Seems like true care and affection are hard to come by
I happen to think, in my mind they are naturally imbibed
I don’t boast, I am the best you will ever get
I wanna be your dawn to dusk from the sun rise to set
What about my dreams of having kids with you?
You wanna give up, Damn, I thought you thought so too.
Hey baby, don’t you worry, what are you afraid of?
When you have our love to be proud of?!
It’s our life, we gotta live for ourselves
But at first, You gotta start believing in thyself
If I lived for people that will say whatever they say?!
Fuck the society, every fucking dog has its fucking day
You suffer people bitch; you live well, people still bitch
Think, do we have to be their bitch, you bitch?
Baby, I cry when your face strikes my mind
Like it rains, when lightning strikes, so the sky whined
You probably got the same feelings like I do
I object, your claims that you love me more than I do
End of day, it boils down to whether you marry me or not
What will I do, if I don’t tie you the knot?
I gotta ask your parents, how they made you so hot
Especially in bed, when you bring all your naught
You weren’t brought up like me, I will do my best
But, when I am off the edge, you gotta learn to adjust
My mom, your mom, my father, your father
They don’t matter to me anymore as they are farther
I am tired of people around you bleeding you dry
When you run out of money, guess what? They sigh
All our dreams comes don’t come true like in a story book
In real life, you gotta little bit broaden your outlook
I get angry cause it’s about your wellbeing I care
Don’t you question my love and trust, don’t you dare!
I recon I have to be an even kinder man
Or what’s the difference between me and a garbage can?
It’s the love we need to cherish
Not the arguments that will let us perish
None of my words here are meant to piss you
You don’t trust me? hah! I still miss you
It’s surprising that I let another girl become my priority
Sometimes I feel I loaned myself some hypocrisy
Like I don’t follow what I preach
Then I realize, it’s my code, I breached
My love is pure like the orgasm we have, you know it
Thank you for loving me back, to you I owe it
I can’t hold on to my leash when you are naked
Our sexual hormones we unleash, we become sacred
We always fight about our possessiveness, and forgiveness
But now you starting to question my trust, my highness?
I am sitting here thinking about the taint spew on my trust
Labelling me to be stingy and causing unrest
You think its money after all to me that’s important
Let alone my compassion, let it lay dormant
You think I don’t trust you for the loan money
It’s funny, retrospect, is that all you understand me, my honey?
Who should you give money or not? Wishing well for you is my fault?!
When you finger it as my shortcoming and start an assault
My actions may be frenzy, do you fail to see my intentions?
I don’t give up, though I am fed up of these tensions!
The day we give up, our family dies
Worse than a corpse fed by maggot flies
It’s our relationship, we respect
If we are true, ain’t no room for suspect
There is nothing wrong in saving for oneself and being selfish
Though I don’t mean we become scavenger fetish
It’s time we start saving for our marriage
And correct the abortion and all the papaya miscarriage
You like a flower that is soft to even fondly touch
Am I a gardener, not qualified to owe you as such?
I don’t want you be my next failed episode
Hence I write you and dedicate my profound ode
Tit for tat, ain’t gonna make our bonding work
I bash, many times I know I too can be too curt
Will I ever get another partner like you miss?
I still beg you pardon I promise
I know I hurt you too, that’s why I said I am a hypocrite
I want to apologize too, and express my plight
I pretty much had to say what I had in mind
In time you will comprehend the true meaning of my rhyme
That roasted lamb’s a delicacy
It’s parents would have made it with love
Well, they made love, hence the meat
And that exotic sauce on ’em for your taste buds
The chef should have made it with love
Well, he made love, hence the sauce
During the Coaching Agile Teams training by Michael Hammond, and Michael Spayd, we explored ways of using the Tribes, Constellations, and Explorers activity at different situations. Today I tried the tribes and constellations activity with a team with the below questions to get started with, to get a sense of the team’s dynamics before I started coaching the team.
- I feel good when someone tells me what to do
- I feel comfortable when someone teaches me
- I am afraid of failures, it hurts
- I am afraid of failures, it hurts, but it brings the best out of me
- I am committed to my team, not to my tasks
- I do not like feedback from others
- I sometimes encourage feedback from others
- I voluntarity believe in asking feedback from others for my improvement
- I do not like cofessing my mistakes to my team because it makes me feel insecure
- I like confessing mistakes to my team because I am trying to elicit help
- I like to create best customer experience and I do not know how to do it
- I like to create best customer experience and I know exactly what needs to be done
- I have feedback for some team members but I am afraid to tell them because they once did not receive the feedback well
- I gave feedback for some team members but I do not know if they are working on it
- Sometimes I do not know if we are transparent at all
- Sometimes I do now know if we are transparent enough