| Share |

Installing Hacme Bank on an XP Pro VMWare Image

By on September 07, 2008 9:20:32 PM | 15 Comment(s)
Note: I've created a newer article for installing Hacme Bank on Windows 7
Whether you're evaluating a new vulnerability assessment tool, or looking to hone your application hacking
skills, the Hacme Bank application by FoundStone, Inc offers a perfect "victim" for you to use as a testing
target. Hacme Bank simulates an online banking website with the added bonus of having numerous
vulnerabilities purposely designed in for you to discover.
In this write-up I'll walk you through the necessary steps for getting the application up and running on a
Windows XP Professional VMWare image. I prefer this setup for a couple of reasons. First, if an
unrecoverable error condition occurs (while hurling malicious packets at the application perhaps?) you can
simply revert the Virtual Machine back to a known good state. Second, by positioning Hacme Back on an
isolated machine I'm able to use my everyday penetration testing rig as the attack platform.
For this tutorial I'm assuming that you already have a newly built XP Pro VMWare image. The virtual
machine I'll be working with is a fresh XP Pro install, with Service Pack 3 and all available updates applied
via Windows Updater. Make sure you've also installed all the .Net packages and updates for version 1.1.
Take a Snapshot
I'm frequently reusing my XP Pro VM for exploit and vulnerability research, so VMWare's Snapshot
functionality saves me from having to rebuild the OS image after every project. With that said, I'd
suggest taking a "baseline" snapshot of your VM (or make a backup copy if you're using VMPlayer)
before we begin.
Install Internet Information Services
Hacme Bank installs as a Virtual Directory under IIS, instead of being a standalone service like
previous FoundStone applications, so step one is to get the web server installed.
1. Place your Windows XP Pro CD into the drive.
2. Run the Add or Remove Programs option found in the Control Panel.
3. Select Add/Remove Windows Components from the left-hand side.
4. In the Windows Components Wizard highlight Internet Information Services (IIS) and click the
Details button.
5. Put a check in the boxes next to: Common Files, Internet Information Services Snap-In, and
World Wide Web Service.
6. Highlight World Wide Service and click Details, then uncheck Printers Virtual Directory and click
Ok.
7. Click Ok again to close the IIS options window, and click Next to complete the install.
Home Home About About Search
More Share
When the install completes, click Finish and exit out of the Control Panel.
Next, register the .NET Framework with the IIS service we just installed by opening a command
window and running:
c:\windows\microsoft.net\framework\v1.1.4322\aspnet_regiis -i
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
Download the MSDE 2000 Release A package from Microsoft's MSDE 2000 product page and run
the executable. Accept the defaults on any prompts that appear and allow the unpackager to
complete.
Open a command prompt and run the following command to install MSDE:
c:\MSDERelA\Setup SAPWD=HacmeBank SECURITYMODE=MIXED DISABLENETWORKPROTOCOLS
=0
When the install completes, go ahead and start the service:
net start MSSQLSERVER
When it completes you can close the command window.
Install Hacme Bank
Download and unpack the install files from FoundStone's website
Install the website first by running the "Foundstone Hacme Bank Website Setup v2.0" executable.
For the sake of simplicity accept all the default values during the install.
Warning: It is important that you select "Trusted Connection" in the next step! This is a step that
many readers miss.
Next, install the WebService files by running the "Foundstone Hacme Bank WebService Setup v2.0"
executable. Again, accept the default settings until your reach the Database Setup screen. Here,
select Trusted Connection, click Next and complete the install.
Test Your Install
Open IE in the VM instance and browse to http://localhost/HacmeBank_v2_Website/
You might receive a warning about IE's Intranet Settings being disabled by default. Simply right-click
on the Information Bar and select Enable Intranet Settings.
The Hacme Bank homepage should load and you can test the back-end system by logging into the
site using the user name jv, and password jv789. If everything is working correctly you will be
presented with a welcome screen.
Bonus! Remote Access to Hacme Bank!
First we need to modify the operating system's firewall to allow traffic to port 80.
1. Open the Windows Security Center located in the Control Panel and select Windows Firewall at
the bottom of the panel.
2. Click on the Exceptions tab.
3. Click the Add Port button.
4. For the Name field enter "IIS" and "80" for the Port field, then click Ok and Ok to make the
change. You can now exit out of the control panel as well.
Now open a browser on the host machine (or other machine on your network). And browse to the
remote web instance: http://[IP Address of the VM Image]/HacmeBank_v2_Website/
You'll be presented with a message informing you that the application, by default, will only accept
requests from the local machine. This is by design due to the serious flaws that have been designed
into Hacme Bank. Exposing the faux website to the internet would place the entire host at risk, so
take extra care to keep it internal facing only.
Open the website's config file, C:\Inetpub\wwwroot\HacmeBank_v2_Website\web.config in notepad
and look for the <httpModules> section. (You should find it at the beginning of the config file.)
To activate remote access we need to disable the loading of the HttpModule_onlyAllowLocalAccess
module. Simply comment it out by wrapping the specific line in <!-- ... --> tags as shown below:
File: C:\Inetpub\wwwroot\HacmeBank_v2\Website\Web.config
...
&lt;!--
&lt;add name ="HttpModule_onlyAllowLocalAccess" type="HacmeBank_v2_Website.httpModules.HttpModule_on
lyAllowLocalAccess,HacmeBank_v2_Website"/&gt;
--&gt;
...
Now make the same configuration change to the Web Service instance:
File: C:\Inetpub\wwwroot\HacmeBank_v2_WS\Web.config
&lt;?xml version="1.0" encoding="utf-8" ?&gt;
&lt;configuration&gt;
&lt;system.web&gt;
&lt;httpModules&gt;
&lt;!--
&lt;add name ="HttpModule_onlyAllowLocalAccess" type="HacmeBank_v2_Website.httpModules.HttpMod
ule_onlyAllowLocalAccess,HacmeBank_v2_WS"/&gt;
--&gt;
Now hit reload on your host's browser and instead of the default "Local access only" message, the
website will be fully accessible.
Happy Hacking!
This blog is licensed under a Creative Commons License.
P R O J E C T S - C O M I N G S O O N ! P R O J E C T S - C O M I N G S O O N !
DarkMail T.R.A.P. (Threat Research & Analysis Platform)
A R C H I V E S A R C H I V E S
2014 April (1) 2014 April (1)
2013 March (1) 2013 March (1)
2013 February (1) 2013 February (1)
2012 June (1) 2012 June (1)
2011 February (1) 2011 February (1)
2010 November (1) 2010 November (1)
2010 October (1) 2010 October (1)
2009 September (1) 2009 September (1)
2008 September (1) 2008 September (1)
2008 August (1) 2008 August (1)
2008 July (1) 2008 July (1)
2008 April (3) 2008 April (3)
Atom Syndication