Recently in Security Category

Hacme Shipping is a ColdFusion Web Application from the Foundstone, Inc series of vulnerable "Hacme" tools. As its name implies, Hacme Shipping is a mock Shipping application much like one you would find major on-line retailers using, except loaded with insecure code (on purpose!).

So in continuing the theme of my previous post, which detailed the process of Installing Hacme Bank, this article will hopefully provide another easy to follow, step-by-step guide to installing and configuring the application.

Whether you're evaluating a new vulnerability assessment tool, or looking to hone your application hacking skills, the Hacme Bank application by FoundStone, Inc offers a perfect "victim" for you to use as a testing target. Hacme Bank simulates an online banking website with the added bonus of having numerous vulnerabilities purposely designed in for you to discover.

In this write-up I'll walk you through the necessary steps for getting the application up and running on a Windows XP Professional VMWare image. I prefer this setup for a couple of reasons. First, if an unrecoverable error condition occurs (while hurling malicious packets at the application perhaps?) you can simply revert the Virtual Machine back to a known good state. Second, by positioning Hacme Back on an isolated machine I'm able to use my everyday penetration testing rig as the attack platform.