WebGoat exercises (h2)


LAB: Role Based Access Control

In this post I completed Stage 1 and Stage 3. To complete the stages I attacked against OWASP 10 2017 A5: Broken Access Control vulnerability – the application had flaws so that I could do admin-stage actions as a normal user.

Screenshot from 2019-05-21 15-25-08

My solution to Stage 1:

Screenshot from 2019-05-21 15-32-10.png

I logged in as Tom Cat. I browsed to “Staff List page” and looked the source code from inspector for “ViewProfile” and “Logout” buttons. The first name guess for a button to delete a user would be “DeleteUser”. I modified “ViewProfile” html code in inspector and changed value to “DeleteProfile”:

<input name=”action” value=”DeleteProfile” type=”submit”>

And then I clicked ViewProfile button and completed the Stage 1.


My solution to Stage 3:

Screenshot from 2019-05-21 15-31-48.png

The solution for Stage 3 was similar to the solution for Stage 1. I looked the source code for the same view, this time for the selected employee (Tom Cat). It had value 105 for the parameter which was most likely to be Tom Cat’s employee id. I tried to change that to 104:

<option selected=”” value=”104″>Tom Cat (employee)</option>

And then I clicked ViewProfile and got Eric Walker’s profile page instead of Tom’s – Stage 2 succeeded.




Mitre Att&ck: Exploit Public-Facing Application

“The use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behavior.” https://attack.mitre.org/techniques/T1190/

The vulnerabilities above (WebGoat LAB) use Mitre Att&cks technique “Exploit Public-Facing Application”. The application in WebGoat had design vulnerability that enabled to access sensitive, admin-stage data as a normal user. I used inspector to modify html code and send requests, but also for example mitmproxy could be used to exploit this kind of vulnerability.



This post is a homework 2 for Tero Karvinen’s courseĀ Penetration Testing.

// Irene Kunnari


LAMP with Salt

This is week’s 6 homework from Tero Karvinen’s course about Salt. The exercise was to install LAMP stack using salt.



Creating state that install PHP in /srv/salt/apachephp:

Screenshot 2019-05-15 at 21.04.22.png

And state succeeded.

Screenshot 2019-05-15 at 20.58.45.png



Then state that install MariaDB-server and client in /srv/salt/mariadb:

Screenshot 2019-05-15 at 21.05.06.png

And succeeded:

Screenshot 2019-05-15 at 20.57.10.png


Apache (I had problem..):

Also apache directory that has init.sls that install apache:

Screenshot 2019-05-15 at 21.07.08.png


Other installations succeeded, but with this one I had problem. It said the following and I didn’t manage to figure out the problem. Seemed right to me… :

Screenshot 2019-05-15 at 21.06.51.png

Windows as Salt-minion (h5)

Installing salt-minion on Windows


From this link I installed proper salt-minion version for windows: https://repo.saltstack.com/windows/. Salt-minion has to be same version than salt-master or otherwise it won’t work.

I executed the .exe file and got to install salt-minion. At the installation part you tell the minion it’s master and minion id. After the installation was done, I accepted the slave-key from master and new minion was ready.


Minion can be pinged locally from windows cmd:

salt-call ping


I wanted to install Putty and Firefox with salt to Windows10 minion. I created a winpkgs directory to master’s /srv/salt and added there init.sls:

Screenshot 2019-05-08 at 19.22.05


Then I applied the state:

Screenshot 2019-05-08 at 19.44.02


Windows10 minion had some issues responding and it returned “Not connected”. By expanding the timeout and running minion in debug mode I got an answer. The state succeeded and it had already installed the programs and I was able to find putty and Firefox from desktop.




Salt-minion script and Vagrant (H4)

This post include:

– Creating a script that makes my computer a salt-slave

– Vagrant installation and setting up Vagrant VirtualBox box

This is part of Tero Karvinen’s course about server administration and homework 4: http://www.terokarvinen.com.


In these exercises I used my desktop computer running Linux Ubuntu:



Creating a script that makes my computer a salt slave


Before this I have installed salt-master on my computer and it’s necessary if want to have this working.

I created a directory “scripts” under my /home where I created a file named salt-minion.sh. Inside the file I wrote following text lines:




When executing the script, it installs salt-minion and writes master IP and slave id to minion primary configuration file. Then it also restarts salt-minion to make changes valid.


sudo sh salt-minion.sh


After executing the file, I can check if it succeeded:


sudo salt-key -A




As the image shows, Salt announces of new unaccepted key. When accepting, my computer becomes a slave for its self.


Vagrant installation and setting up Vagrant VirtualBox box


“Vagrant is a tool for building and managing virtual machine environments in a single workflow.” https://www.vagrantup.com/intro/index.html


Vagrant installation:


sudo apt-get update

sudo apt-get install virtualbox vagrant


Vagrant version 2.0.2 has been installed


Then I created a directory “testikone” where I could put my Vagrantfile. Inside the directory, I made Vagrantfile. I chose bento/centos-6.7 Vagrant box from https://app.vagrantup.com/bento/boxes/centos-6.7. I added the following inside Vagrantfile:




Then I run:


vagrant up


It decided to download bento/centOS-6.7 box because I haven’t installed it before:




After installation completed, I took ssh connection to the box:


vagrant ssh


I was now connected to the Vagrant box via ssh and the next image shows output of ls -la command run inside vagrant box:









Name-based virtualhost on Apache using Salt (h3)

In this post I created a salt state that creates name-based virtualhost on Apache. This is part of my homework for Tero Karvinen’s course about server administration.


Instructions “Setting up name-based virtualhost Apache”

The instructions above tell how to set up name-based virtualhost on Apache and I needed to figure out how to do it in salt state.

Prerequisite: Apache installed


In this exercise as a master I used my desktop computer running Linux:


As a slave I used VirtualBox and virtual machine running on the same computer as master:




Creating virtualhost state


First, I created virtualhost directory to master’s /srv/salt where I could put all the files needed to configure virtualhost.

I started building init.sls file by creating http://www.virtualhost1.com directory inside slave’s /var/www/html/.



Next, the virtualhost need index.html file. I created one to /srv/salt/virtualhost. The following lines add index.html from /srv/salt/virtualhost to slave’s directory /var/www/html/www.virtualhost1.com:





Then I disabled slave’s 000-default.conf file and it happened by writing the command in the file and then cmd.run. (I tried after applying the state enabling 000-default.conf again and it didn’t make changes to my virtualhost):




I created http://www.virtualhost1.com.conf file to slave’s /etc/apache2/sites-available/ directory:




The source is from master’s /srv/salt/virtualhost and in the content is the conf information for the virtualhost:




The next command I added to enable the virtualhost on slave:




Then I added the following line to slave’s /etc/hosts. The IP address in text is the localhost IP address and after that there is the name of virtualhost:




Latest, I wanted to restart apache service on slave to make the changes valid:





First test…

salt ‘*’ state.apply virtualhost

Didn’t succeed properly! When typing http://www.virtualhost1.com to browser and search, it saidĀ “Not Found: The requested URL was not found on this Apache server”.

I started to search what could be the matter and found this post: https://1netwiki.com/wiki/28. First instruction was to try to enable rewrite module in /apache2/mods-available.

I added the following lines to init.sls that enables rewrite module on slave:


Second test…

salt ‘*’ state.apply virtualhost




Succeeded completely! I was now able to view the virtualhost’s index page from browser:



And this was the localhost default page:





Final state file and content of /srv/salt/virtualhost


Here is the final init.sls file that worked:




And the content of /srv/salt/virtualhost:



Installing Chromium-browser with Salt

This is part of Tero Karvinen’s course about server administration: http://terokarvinen.com/2018/aikataulu-palvelinten-hallinta-ict4tn022-3003-ti-ja-3001-to-loppukevat-2019.


I used Linux Ubuntu 18.04.2 LTS as master running on my desktop computer. As a slave I used Linux Ubuntu 18.04.2 LTS running on VirtualBox.


I created very simple state to install Chromium browser to the minion. For this I created a chromium directory to /srv/salt and added there init.sls file. There I wrote the following lines:



Next, I applied the state:


It succeeded and now I had Chromium browser ready to use on VM.