Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Problem with Hacme Bank Install
From: Martin Mkrtchian <dotsecure () gmail com>
Date: Thu, 9 Sep 2004 15:53:42 -0700

I tried to install HACME, installation process was smooth, however
when I launched the application, on the left hand side i dont see the
username and password form boxes. I see that it says "USERNAME"
"PASSWORD". The form is there however html form text boxes are not?
Anyone else encountering this problem?

Help is needed. 

Thank You

Martin M




On Wed, 8 Sep 2004 10:03:43 -0400, Mark Curphey <mark () curphey com> wrote:
Just to let you know in the next hour or so the links should go live to our
new free tool, Hacme Bank on the Foundstone web site
(http://www.foundstone.com/s3i).

You can see the press release here;

http://www.tmcnet.com/usubmit/2004/Sep/1071232.htm

It's an online banking application written in C# ASP.NET (requires IIS and
.NET framework 1.1 to install) with a set of security holes replicating real
world things we have found in client engagements over the last 9 months. It
serves as a "real world" training application for web application pen
testing and education for developers.

Its free for non-commercial use and we are already working on the next
version to include some more user management issues.

All of the lessons are screen captured and documented so you can step
through all of the issues. These are in a "User and Solution Guide" PDF in
the web root by default.

It is not designed to be a good benchmarking platform for automated tools
but it is interesting to compare the results of your favorite tools with the
holes in the bank (we have done this) or put it behind a "web app firewall"
(no uptake from my recent challenge I am afraid, go figure!).

The experienced can start attacking the login field when installed and the
less experienced can walk through the lesson plans.

Mark

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]