Archive for the ‘Debugging’ Category
Following the steps described here will most likely help in fixing the error messages and issues below:
- Installation – unclickable buttons “next step” #5
- Installation #6
- Database problem #9
- demo_database.sql – ERROR 1452 (23000) at line 5 #13
Of all the vulnerable applications from the OWASP’s vulnerable web applications directory, Hackazon is up to date with the latest technology stack and customizable vulnerabilities. It’s is a great choice to learn and teach ethically hacking today’s web applications. As of today, although the project on GitHub reports an update nine months ago, the application still uses recent web technologies to that we can learn hacking like it is 2016. This article helps you set up hackazon on a windows machine.
Things to be downloaded before we get started:
1. Hackazon User guide
Download from https://community.rapid7.com/docs/DOC-3452
Alternative like to the Original Hackazon user guide (in case the link above goes dead) – https://renouncedthoughts.files.wordpress.com/2017/02/hackazon_users_guide.pdf
2. Wamp server
Here’s the story
I had a Wamp installed on Nov 2014 and I tried using the same Wamp server for hackazon deployment. After following the instructions on the user guide, and going to a browser, hitting http://hackazon.lc the install page came up, and after you put the credentials for the MySQL user hackazon, and hit the Next Step button, the page would load the same page over and over again. So basically I was stuck at the first step of the wizard where you supply the administrator credentials. [Bug #5 filed at “Installation – unclickable buttons "next step" ” https://github.com/rapid7/hackazon/issues/5]
I tried everything in the Hackazon User Guide (here after referred to as the user guide) on a Kali linux machine, set up went smooth, just as described in the User Guide and the site was up and running in no time. It was happiness to see the second step of the installation page where you provide the MySQL database credentials.
Though I cant technically confirm if the older version of Wamp was the cause of bug # 5. My guess was may be to reinstall the Wamp to a recent version on a window machine and try the same steps as the user guide. And it indeed, helped me get over the bug # 5.
For Windows, the User Guide describes installation on Wamp 2.some version. However the current stable version available for release is Wamp 3.0.6 at the time of this writing. So something in MySQL changed, some things in Apache changed and hopefully this post will help you fill the gaps between the Hackazon User guide and the recent changes to the Wamp.
1. Download Wamp server
Please ensure your computer has the recent version of VC++ Runtime. If you want to install the VC++ runtime to the recent version, either have it done via Windows Update, or download it from the Microsoft website as recommended by the Wamp servers download page (as in the screenshot above). It is so important for Wamp to function properly that they have even updated their installation agreements during the installation wizard to reflect the installation and update of VC++ runtime. I had to download VC++ runtime for Visual Studio 2015 here at https://www.microsoft.com/en-in/download/details.aspx?id=48145.
Ok. Install Wamp. Pretty straight forward installation, go with the defaults.
This is the current Wamp installation on my computer right now.
2. Download Hackazon source code
Head over to the hackazon source code download page at github and download a zip of the hackazon source code.
Have them zip file contents extracted to c:\home\hackazon
3. Rename db.sample.php to dp.php
Head over to C:\home\hackazon\assets\config and rename the file db.sample.php to db.php
4. Create hackazon db and username in MySQL console
Open ‘MySQL console’ from the Wamp server system tray.
Press Enter on the ‘Enter password’ prompt if you did not create a MySQL root account password, which is the default during installation. Or if you had created a password for your MySQL installation, authenticate.
Enter the below query to create a database named hackazon.
Enter the below query to create a user named ‘hackazon’ and give it a password. In the screenshot below and in the query below, admin123! is the password, feel free to choose your favorite.
The password you provide here is important as you would need it on the first step of the Hackazon Installation wizard.
After this step, if you are curious, only if you are, head over to phpMyAdmin (from the Wamp Server system tray), login with your root server credentials, to see a database named hackazon, and a user named hackazon. Or just imagine, if the above two queries worked fine, a user name and a database named hackazon would have been created.
Do a restart by selecting Restart All Services from the Wamp server system tray menu.
5. Configuring or Verifying Apache’s default port
Open apache’s httpd.conf file. From Wamp Server System tray - Apache – httpd.conf
Search for the word Listen, and ensure Apache listens on port 80. I tried changing it from the default settings and tried to configure Apache to run on 7070 port, and hackazon kept giving me 400 Invalid Referrer error message, I couldn’t find out why. So I reversed back to the default settings.
Tip: Let’s try to configure Apache on the default port 80.
If you have Skype or IIS, running on port 80, change them, at least for now to give hackazon a preference to run on apache’s port 80.
Also, search for ServerName and verify if Server localhost also says port 80. I honestly do not know what this for, read the description and figure out. For now, all we are trying to do is configure apache to run on port 80.
6. Configuring the hackazon website set up
Open apache’s httpd-vhosts.conf file. From Wamp Server System tray – Apache – httpd-vhosts.conf
Copy paste the below contents of the httpd-vhosts.conf file in to your httpd-vhosts.conf file.
Save the file. The vhost settings provided above is good enough to even access http://hackazon.lc from another machine on the LAN.
7. Edit Windows hosts file to bind hackazon.lc to loopback address
C:\Windows\System32\drivers\etc open hosts file with administrative privileges and add the below entries
8. Restart DNS service from wamp server tools (right click wamp server from system tray)
After Restarting DNS, Restart All Services from wamp server from system tray.
This is all is required to start hackazon installation wizard. For the first time you hit http://hackazon.lc, you will automatically be redirected to the installation wizard.
9. Final tinkering
If you just go with this set up and continue with the Installation Wizard, on step 4 – the final step of the installation wizard will give you an error message as below:
”Error 42S02: SQLSTATE[42S02]: Base table or view not found: 1146 Table ‘hackazon.tbl_product_options_values’ doesn’t exist”.
There is also a bug filed for it. [Bug #9 Database problem https://github.com/rapid7/hackazon/issues/9]
After digging and digging and executing the contents of the db.sql file at C:\home\hackazon\database manually at phpMyAdmin Sql console, it occurred that the default value given for the timestamp data type is not supported by MySQL anymore or you would need to turn off date zero validation for the query execution.
To fix, add the below line at the very top of the db.sql file in C:\home\hackazon\database and save the file.
Now, for one last time, Restart All Services from the Wamp server system tray.
10. Navigating through the Hackazon installation wizard
Open a browser and hit http://hackazon.lc
You will be redirected to http://hackazon.lc/install
Provide the admin123! password, that is the one we typed in the MySQL console. Hit Next Step.
Provide the same password under the Password field, and hit Next Step
Leave the defaults, hit Next Step
Leave the defaults, hit Install
In a couple of seconds, you should be automatically redirected to http://hackazon.lc
Basically, that’s it. The hackazon user guide has more information on how to use the vulnerabilities configuration and other things that are specific to the hackazon application itself.
Just to do a walk through, hit http://hackazon.lc/admin, provide user name as admin and password as the password we entered in the MySql console admin123!
Navigate to Vulnerability Config, and choose account from the drop down. Or simply hit the url – http://hackazon.lc/admin/vulnerability?context=account
to see an error page as below:
To fix, click Wamp Server system tray icon - PHP - php.ini
Go to the very end of the php.ini file and comment out the zend_extension line by adding a semi colon ; in the front.
Save the file. Restart All Services.
If you want to access http://hackazon.lc from another computer (let’s say ‘X’) on the same Local Area Network (LAN), Open drivers/etc/hosts file on computer X and add the ip address of the hackazon.lc to point to hackazon.lc.
For every computer on the LAN, modify their windows hosts file to point hackazon.lc to the Wamp servers ip address.
That’s how I set up hackazon and got it working. Do you have similar experiences?
This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/let-your-iis-worker-process-crash-with-stackoverflowexception/
Months back I posted a screenshot at https://renouncedthoughts.wordpress.com/2013/12/05/system-stackoverflowexception-in-mscorlib-dll/, finally got time to write it down.
There was a Login page, that did some sort of authorization check beyond authenticating the user, and displayed an Access Denied page for those who weren’t lucky enough. This was all done by the ASP.NET MVC with ASPX view engine. So there’s things like Views, Partial Views, RenderPartial, and so on. The application also was heavily ajax enabled, so partial views really seemed to fit in at many places that did not want to include a master page content in the response text. There was a view file called AccessDenied.aspx that barked at unauthorized users. Things were working fine, and one day something broke, IIS was crashing without any meaningful error message. I lied, actually it did give a meaningful error message that was like – An unhandled exception of type ‘System.StackOverflowException’ occurred in mscorlib.dll. And the Call Stack showed some recursive function call. That is all there was to it.
Let’s look at a POC sample application below. Download the source from github – https://github.com/gmaran23/ASPXViewEngineCrash, Hit F5.
When you click the AccessDeniedForCrash page, the below is what you see. An unhandled exception of type ‘System.StackOverflowException’ occurred in mscorlib.dll. If you look at the Call Stack window, there would be a lot of repeated method calling method.
Let’s look at what happens when a view is requested, as in how the view engine probes the known locations to find the view definition. Click ViewDoesNotExist, and you would see an error page, that actually tells you the file locations that ASPX view engine probed to find a matching view. Pay attention to the search order where a .aspx file is searched first, and then the .ascx file.
Now, if you go back to the StackOverflowExceptionInASPXViewEngine solution, there are two files called AccessDeniedForCrash.ascx and AccessDeniedForCrash.aspx under ~/Views/Home.
The following code inside AccessDeniedForCrash.aspx calls the partial view AccessDeniedForCrash.ascx.
A typical programming practice right? You define sub routines, and you keep calling them as and when required. Reusability! You have created a partial view here (AccessDeniedForCrash.ascx), and kept calling the partial view inside the main view (AccessDeniedForCrash.aspx). But it was the ASPX view engine’s probing method that caused the recursive method call. The view engine reached AccessDeniedForCrash.aspx, as it came through the HomeController’s action method AccessDeniedForCrash. It tried to find a partial view AccessDeniedForCrash.ascx, but always ended up with AccessDeniedForCrash.aspx because of the file search order; you know the rest of the story about recursion without an exit condition.
So, is this a programming error? or the framework error? or the ‘programmer did not understand the framework well’ error?
This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/reverse-engineer-net-assembly-to-a-debuggable-visual-studio-project/
I have always wanted to build tools supporting the command like switches like the classic CONVERT command with switches like /FS:, /CvtArea:, and so on. Couple of years back when I had to build one, I was in a hurry and my options for command line switch parsing (regex, or string splitting), didn’t look bright, back then; I went ahead with the regular string args array with no switches. For instance mine was like myprogram.exe ‘filename’ ‘30’, instead of the classic switch style command invoke myprogram.exe /filename:foo.file /iterations:30. Yeah I know it was the past, and we wouldn’t want to retrospect always. Besides, nobody would have even noticed the work that would have gone behind such an effort because we all seem to like the GUI most of the time, but hey what about self content.
This time, while I was playing with the command line options of CAT.Net and FxCop, and I thought why not just disassemble and study their command line switch parser. These programs must have been written on .Net. So, I opened up CatNetCmd.exe in JustDecompile, created a project out of it. Arguments.cs was the file I was after. Very neat command line switch parsing with SwitchHandler delegate. Well, so I had my first console application with switch enabled command line arguments. Ildasm.exe was the widely known option during the days of Inside C#, then came along .Net reflector (freeware then, commercial now). I seem to be biased to JustDecompile though, because of the Search, Ctrl+Click for Find Usages, Click to Go to Definition, on demand dll load prompt, and the Create Project… option that I present here.
Download the Free. For everyone. Forever JustDecompile from Telerik – http://www.telerik.com/products/decompiler.aspx. I am going to show you, how to create a Project out of CAT.Net, which is by default installed to C:\Program Files (x86)\Microsoft\CAT.NET\.
1. Right click CATNetCmd.exe and select Open with JustDecompile.
2. Once the assembly is loaded in JustDecompile, just right click and just click Create Project…
Well, Well, Well, Open the solution file, and start debugging already!
Btw, if you are up against command line parsing, and looking for a ready made solution, try https://commandline.codeplex.com/.
(or) access azure website hosted on local Windows Azure Compute Emulator with the hostname of host’s IP address.
Scenario: If you are testing a website on your local development environment hosted on Windows Azure Emulator, if by default binds to your loopback address (localhost/127.0.0.1). What this means is, if you are on a domain or network and if you want to access this service/website from another computer on a network, you basically can’t.
Ideal Workaround: Automated way is described with rinetd, and with or without serviceex – described in detail here – http://blog.sacaluta.com/2012/03/windows-azure-dev-fabric-access-it.html
Zappy Workaround: Here I will show you a very primitive way of working around the problem. But this is manual and you have to do it every time you start and stop the Azure emulator or the Azure role.
If the role you are trying to access from another computer on a domain is a website or uses IIS (most likely), then go ahead and edit the bindings, just as you would do for a normal website hosted in IIS. Right click on the website and select Edit Bindings. Add your IP address, or add your IP addresses and host names (with a port number that is available) that you want to bind to the website. That’s it, you are done.
For instance in the screenshot below, my service deployment was deployment22(44) as shown in the Windows Azure Compute Emulator, so my website in IIS looked like deployment22(44).xxxxxx. This website created in IIS is purged every time you start and stop an Azure service. That’s why I prefer the “Ideal Workaround”. But, this blog shows you yet another simple way to do it without tools.
All in one screenshot showing my csdef file, Windows Azure Compute Emulator, IIS Site Bindings, Internet explorer successfully navigating to the same website with all available bindings, and a linux on virtual box accessing the website with my ip address. Click on the screenshot to enlarge or use this link for a high res image.
Update – 30 June 2014: The original reason for this exception is posted here – https://renouncedthoughts.wordpress.com/2014/06/30/let-your-iis-worker-process-crash-with-stackoverflowexception/
This is just a picture down there. The last time I got this exception, it was a missing exit condition on a recursive loop in a Java program that a friend of mine was writing. I have got one from C# compiler, while I tried build a Console project couple of years ago. Restarting Visual studio fixed that one. Never really had a chance to take a screenshot, cause I think these are things that you don’t encounter often unless you explicitly tried for a demonstration. So here it is, archived.
This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/play-a-sound-when-a-breakpoint-is-hit-in-visual-studio/.
Alright, previous post showed you how you could put a Stopwatch while debugging an x64 application in visual studio, now let’s see how you could play a sound when you hit a breakpoint.
This tip is very handy when you are debugging a long running process (say a data import, or third party service call of some sorts), and you just don’t want to stare at the screen like hungry cat. Or you are working on two different workstations and you want a ding or a buzz or a chime when you hit a breakpoint; whatever the reason is, just want to be notified by a sound.
To enable this feature in Windows 7, follow the steps below.
Start –> Type in Change system sounds –> Program Events: –> (scroll down to) Microsoft Visual Studio –> Breakpoint Hit
Select a .wav file under Sounds:
That’s it. Try a sample app for yourself, put a breakpoint and relish.
This article was originally published for www.prowareness.com and could be located at http://www.prowareness.com/blog/x64-application-debugging-edit-and-continue-not-allowed-but-you-need-a-stopwatch/.
Here’s a scenario. You are debugging some 64 bit code to improve performance, say it’s a pretty long running method with a bunch of IO operations and conditional loops, something like shown in Listing 1. You have started a debugging session or attached a running process to your solution, and when you try to Edit the code to insert a Stopwatch, you’d get the error message: Changes to 64-bit applications are not allowed. This feature to Edit the code and continue debugging for a 64 bit application is not supported by CLR (though a recent version supports it). You might try changing the project’s target platform temporarily to Any CPU or x86, but let’s say you are debugging a huge project, and in order to get to the code snippet where you want to put a Stopwatch, it takes half an hour or you just don’t want to re-enter a new debugging session because you have a good retrospective and trace in the current debugging session.
How would you put a Stopwatch to measure what time a snippet takes in the middle of an x64 debugging session?
Okay it could be done in 2 or 3 very simple steps, I will describe them one by one.
You could set and query properties, fields and methods of an object via the Immediate Window; but you could also create a new object for the current debugging session via the Immediate Window.
You could query a property or a field via a Watch Window; but you could also call some methods via the Watch Window.
You could break at a breakpoint; but you could also access properties or an object field when a breakpoint is hit.
Point 3, might be optional, but you may like to use it. Anyways that’s the gist, let’s see them in action.
Listing 2 shows a typical Stopwatch code when you want to measure the time took to execute the method FooBar(). We will have to separate the initialization to be a part of the Immediate Window, and all other method, property calls to be a part of the Watch window.
#1. Create a Stopwatch object named stopWatch1 inside Immediate Window. Just one line, and hit Enter.
#2. Now, that our stopWatch1 is created, let’s pull up a Watch Window, and try to access the commonly used properties and methods. Couple of lines below, copy and paste or type them in.
You are pretty much done here if you are just stepping through the code via F11 or F10, all you should do is, before entering the code region that you want to profile, call the stopWatch1.Start() via the Watch Window – Hit the green refresh icon, and soon as you have started the stopWatch1, continue stepping through or steping over, or continue execution to another breakpoint; but once the critical code is executed, you should go back to the Watch Window, and call the stopWatch1.Stop() method (i.e. Hit the green refresh Icon next to stopWatch1.Stop()). After you have stopped the stopwatch, the values for ElapsedMilliseconds would be refreshed automatically, if not, hit the green refresh icon next to it.
That’s how I did it first, and then I thought about breakpoint options, came up with Point 3.
#3. Create a break point (we will call this, breakpointX), after the critical region (or the code snippet whose time you want to measure). Right click on breakpointX, and select When Hit…
Make sure Print a message: is checked and Continue execution is unchecked.
In the Print a message: text box, type in the below code.
Now once this breakpointX is hit, a message will be printed to the Output Window.
That’s how you do it. Or to say the least, that’s how I figured to do it. If there are better options, please let me know. In my next post, I will show you how to play a sound when a Breakpoint is hit.
Use the Immediate Window instead.
We are in the beginning or re-writing some VB 6.0 code to the .Net framework. Absolute zero business logic known to anybody but the application itself. All we have to do is to trace the VB code line by line, skim the business logic and validation, the program flow out of it, and then come up with a design for the new .Net equivalent.
We will be sitting with the Microsoft Visual Basic 6.0 IDE’s for some part of the day every day, trying to create a test environment with mock data so we could run the VB 6 executable’s code to completion. While we are at it, we will be watching for local variables’ values. Watch window proved to be really helpful, coming from a .Net background, however, when there is a string that is larger than the size of the Watch window itself, and when you try to copy the value out of that variable from the watch window, you’d be seriously disappointed. No matter what you try, all your efforts to copy the entire string value from the watch window will be futile! [Fig 1]
Immediate Window struck me suddenly, that’s it! [Fig 2] type in print variableName and your lives would be spared 😉
[Fig 1] – VB 6 Watch Window
[Fig 2] – VB 6 Immediate Window
In the new era, Visual Studio, we have so many options. The Locals Window, the Autos Window, the Watch Window (up to 4 numbers), the Immediate Window, the debugger tool tip [Fig 3].
[Fig 3] – Visual Studio 2010 Debugger tool tip