[Owasp-london] Owasp SiteGenerator v0.70 (2nd public Beta)
dinis at ddplus.net
Mon Mar 20 20:30:54 EST 2006
Ok, here is the 2nd beta of the Owasp SiteGenerator tool (whose Open Source development has been sponsored by Foundstone)
You can download the latest version from here:
Website installer: http://www.ddplus.net/projects/FoundStone/21-March-2006/SiteGenerator_IIS_Website_Setup v0.70.msi
Gui Installer: http://www.ddplus.net/projects/FoundStone/21-March-2006/Owasp SiteGenerator v0.70.msi Some installation and configuration notes (which you only need to do once):
Before you install the website do this (assuming a windows 2003 image)
Create a new Application pool, call it SiteGeneratorSystemAppPool), and configure it to run under System Create a new website and point it to a local directory (the website instalation files will be copied here) Configure the new website to run Asp.Net 2.0 Create a new Application in that website and set the application pool to SiteGeneratorSystemAppPool Add a IIS wildcard Application Mapping (accessible via Home Directory -> Configuration) to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll and untick the 'Verify that file exists' Make sure Default.htm is one of the files included in the default document list (in the 'Documents' tab) Configure the Website's IP Address to be 127.0.0.1, and click on the Advanced button to add a new host header mapping IPAddress: 127.0.0.1
TCP Port: 80
Host Header Value: SiteGenerator
Install the WebSite (selecting as the target the website created in the previous step) Install the GUI Add this line to your hosts file (located in C:\window\system32\drivers\etc\hosts)
Click on the SiteGenerator link that was placed on your desktop If all goes well you now can browse to http://SiteGenerator or http://127.0.0.1 (depending if you did the mappings or not) and see the default SiteGenerator's website
Note that the SQL Injection vulnerabilites expect that you have HacmeBank installed in your box.
So install SiteGenerator in one of your test images and let me know how it went.
Also if you are interested in helping in the develpment of SiteGenerator or in its vulnerabiltiy database, then contact me directly.
Owasp .Net Project
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-london