tag:blogger.com,1999:blog-66926359734625749222024-03-13T03:41:19.512-05:00Viviry Tech | INFOSEC encyclopediaPEN TESTING | REVERSE ENGINEERING | MALWARE ANALYSISAnonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.comBlogger73125tag:blogger.com,1999:blog-6692635973462574922.post-88818251302926934302018-04-15T15:40:00.000-05:002018-04-15T15:41:22.299-05:00BSides Iowa 2018: Windows COM: Red Vs Blue<span style="font-family: "arial" , "helvetica" , sans-serif;">Yesterday I gave my presentation at BSides Iowa 2018 titled, "Windows COM: Red Vs Blue". This was a discussion of Windows COM, background of Windows COM, why this technology still matters to red teams, and how blue teams can also use this knowledge. It was a lot of fun talking with folks, a great conference and venue, and had an awesome CTF. You should go next year, it'll be fun :D</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Slides from my talk:</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.slideshare.net/AndrewFreeborn/bsides-iowa-2018-windows-com-red-vs-blue">https://www.slideshare.net/AndrewFreeborn/bsides-iowa-2018-windows-com-red-vs-blue</a></span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">YouTube link coming soon!</span>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-46791024253961225702018-03-16T07:00:00.000-05:002018-03-16T07:00:06.298-05:00OWASP Omaha Feb 2018 - 003 - Deserialization with the JS for the lulz<span style="font-family: "arial" , "helvetica" , sans-serif;">Now that we have the OWASP Juice Shop set up and we have our tools ready to go, let's start digging into the web app.</span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Environment setup</span><br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log into the Juice Shop VM</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open up a Terminal, browse to the location of Juice Shop (e.g. Downloads/js642), type in, "npm start", and press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open up ZAP (Applications > Other > OWASP ZAP)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In ZAP, choose "Yes" (the top option) and click "Start"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open up Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, click the three bars<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_PlMBuURx3IE_4vSzWnEpeRBMDxo4Y0yLLc3U6mJyqCjgMNIKten2-TeiIKGrDzRAPOE3DF7WNX5BOVUouPjZDabvwwK4A-9hxbL_-sqZ4EtMHR3th1z1TxEzj93ygIXGFByG53WIvI40/s1600/Juice104.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="137" data-original-width="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_PlMBuURx3IE_4vSzWnEpeRBMDxo4Y0yLLc3U6mJyqCjgMNIKten2-TeiIKGrDzRAPOE3DF7WNX5BOVUouPjZDabvwwK4A-9hxbL_-sqZ4EtMHR3th1z1TxEzj93ygIXGFByG53WIvI40/s1600/Juice104.png" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Preferences"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ri_gc0YxOJmvbvM5NRIYjZd9OMSAir6MGXMzisVLcSrnV50E2CUbMwYH7P_EgwyJcypDQ4Cj8E9i4nj46cnauUWf1o5ZW2pALx2HGmFQ84DRTJE_3AbqbURR0TjWCZKKImiBYAQmyL-I/s1600/Juice105.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="431" data-original-width="343" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ri_gc0YxOJmvbvM5NRIYjZd9OMSAir6MGXMzisVLcSrnV50E2CUbMwYH7P_EgwyJcypDQ4Cj8E9i4nj46cnauUWf1o5ZW2pALx2HGmFQ84DRTJE_3AbqbURR0TjWCZKKImiBYAQmyL-I/s640/Juice105.png" width="508" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the wizard's hat (Advanced)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTEeGqZndV8zGbDCD0JhxTUzwh6_sSUPMxmgIuzUR5A19q6NbuIxY0HN_NUTf5JxTgW2sIQYewDW1J2u-egk_yb94T4abEPsiUaF4eejvgP6jnFaqcazj8ldvABrZNspq_WRNaVeZxo4OE/s1600/Juice106.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="459" data-original-width="427" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTEeGqZndV8zGbDCD0JhxTUzwh6_sSUPMxmgIuzUR5A19q6NbuIxY0HN_NUTf5JxTgW2sIQYewDW1J2u-egk_yb94T4abEPsiUaF4eejvgP6jnFaqcazj8ldvABrZNspq_WRNaVeZxo4OE/s640/Juice106.png" width="594" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Network"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXaZMRRRrILDYnVkbX_KtAIgDIznoAKlUBOP1C7Kq7kcJSs9wQeR1QprQLQHa0rDQuhtJ_v03CeXbZwlFoij34f9IVBLWA_Ux-gYdkv-jXw7za-2xmI1i2Z1xrRRCQJx9EDM5ArTsAfjD9/s1600/Juice107.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="148" data-original-width="536" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXaZMRRRrILDYnVkbX_KtAIgDIznoAKlUBOP1C7Kq7kcJSs9wQeR1QprQLQHa0rDQuhtJ_v03CeXbZwlFoij34f9IVBLWA_Ux-gYdkv-jXw7za-2xmI1i2Z1xrRRCQJx9EDM5ArTsAfjD9/s640/Juice107.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Settings"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-ZaPUXxykjvxFq4s2L57K6U0R79232oNGeLRKhqVo2PdsiGgK7I6sbE-eLS2Djb32l5g7RAuHXCq-yqbPRiCB2aBVbvSgJG7dvuwqHDV_ayxz5_czAAkTbmry241CyBBQ-BeAI91dY-it/s1600/Juice108.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="208" data-original-width="668" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-ZaPUXxykjvxFq4s2L57K6U0R79232oNGeLRKhqVo2PdsiGgK7I6sbE-eLS2Djb32l5g7RAuHXCq-yqbPRiCB2aBVbvSgJG7dvuwqHDV_ayxz5_czAAkTbmry241CyBBQ-BeAI91dY-it/s640/Juice108.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to ZAP</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the gear to access the options<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrotkCYa-toxj9MF3EJ9C8-kurfL4nTB85pSE6et9WCFUCwhGsczccv_B9NnubVliDXia-OEh6wBAUE9pZ8hFrKhYAUWT6hQdBcIqRMysxIYbbGE55qwYoQDxnRuoH4eSz2HwAd4VdEake/s1600/Juice109.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="234" data-original-width="351" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrotkCYa-toxj9MF3EJ9C8-kurfL4nTB85pSE6et9WCFUCwhGsczccv_B9NnubVliDXia-OEh6wBAUE9pZ8hFrKhYAUWT6hQdBcIqRMysxIYbbGE55qwYoQDxnRuoH4eSz2HwAd4VdEake/s640/Juice109.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scroll down to "Local Proxies" and verify that the proxy port for ZAP is 8080<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCsd6TKIW2X8KqgMxV1Y2hWqZwM53xApZmmdaAdYm4HTTrv3HUcM-gjNyabIuIDYSgiIAt-Gtw0eBHYLNWcCXOmFaXaRy8qZI8Tf6AiPhToKS_Zd9e8lv1mUdtklU7THj_ddB8eEYD1YNF/s1600/Juice110.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="288" data-original-width="711" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCsd6TKIW2X8KqgMxV1Y2hWqZwM53xApZmmdaAdYm4HTTrv3HUcM-gjNyabIuIDYSgiIAt-Gtw0eBHYLNWcCXOmFaXaRy8qZI8Tf6AiPhToKS_Zd9e8lv1mUdtklU7THj_ddB8eEYD1YNF/s640/Juice110.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Ok"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to Firefox and we should still be in the settings menu</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Manual proxy" and configure the "HTTP Proxy" to be "localhost" on port "8080". Check the box to use the proxy for all protocols<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-968iFRknM73lle5KwYYXI1OoB7FzW-LbjreFCexg4XHHP_fM_BNbM2cRC0bLwsMtXs5bTD4Qp7tId7-iMjw-47dgigM429ADcZvx5-o3M69sQB9GYrSr9nDK8Uj4hsFurf14xOc3xmYi/s1600/Juice111.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="379" data-original-width="696" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-968iFRknM73lle5KwYYXI1OoB7FzW-LbjreFCexg4XHHP_fM_BNbM2cRC0bLwsMtXs5bTD4Qp7tId7-iMjw-47dgigM429ADcZvx5-o3M69sQB9GYrSr9nDK8Uj4hsFurf14xOc3xmYi/s640/Juice111.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scroll down to "No Proxy for:"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCJOl5xAdSOsZo_DBPS-3bKsIDWTD5CDojOQcG5Km4I7xmo_bykkw0otoyDJM6eyAKcp1OoI_Mx5m6Sgxfqh4-nG_v4c2n3T1faCqdMx-25bnDolsyWh5vLVWdDpPDOg1wrLKlI7V7bZOC/s1600/Juice113.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="378" data-original-width="667" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCJOl5xAdSOsZo_DBPS-3bKsIDWTD5CDojOQcG5Km4I7xmo_bykkw0otoyDJM6eyAKcp1OoI_Mx5m6Sgxfqh4-nG_v4c2n3T1faCqdMx-25bnDolsyWh5vLVWdDpPDOg1wrLKlI7V7bZOC/s1600/Juice113.png" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Remove all entries in there<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikPlGku87Cm5bce5zUq2hqjwc3VLxpdY__XiMK4b3NQlyYnKyUg6wZmv3Mv8L5kIupftjAiQD9S1jEfNKMTQa80weGNPEH3Exj3NdHKdNiGPXoOTsIVBRVfH3S_F-fpnwTFQc_qwH7-NIw/s1600/Juice114.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="371" data-original-width="656" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikPlGku87Cm5bce5zUq2hqjwc3VLxpdY__XiMK4b3NQlyYnKyUg6wZmv3Mv8L5kIupftjAiQD9S1jEfNKMTQa80weGNPEH3Exj3NdHKdNiGPXoOTsIVBRVfH3S_F-fpnwTFQc_qwH7-NIw/s640/Juice114.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Ok"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Close the preferences tab in Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In the first Firefox tab, browse to http://127.0.0.1:3000</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">ZAP may take control and pop up a box talking about breakpoints. Click "Ok" if this pops up.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVVzpf-gCDo9YJNdPIj0ABFlSkiTKJj2aMbMQ_DtijvSC7BtzHln327J02AFQH-ydIg39euLaax242yPcl79u1dGk8Vv386kvnWTkjXrRK1U7ONNG47UXQ7NT_mKukpx_DSSo_G-MLmVX-/s1600/Juice115.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="316" data-original-width="720" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVVzpf-gCDo9YJNdPIj0ABFlSkiTKJj2aMbMQ_DtijvSC7BtzHln327J02AFQH-ydIg39euLaax242yPcl79u1dGk8Vv386kvnWTkjXrRK1U7ONNG47UXQ7NT_mKukpx_DSSo_G-MLmVX-/s1600/Juice115.png" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, you may see a warning saying that the server was restarted and our progress from the previous session was restored. We can either close this box (by clicking on the "x") or we can delete the cookie and start fresh. Click the box to delete the cookie and start over. You'll get a warning that you need to manually restart the application to start over.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to Terminal and press "Control+C" to force quit the running npm process.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Press the up arrow to quickly get the command, "npm start"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Press enter to re-run Juice Shop (by running running "npm start")</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, refresh the page (http://127.0.0.1:3000)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to ZAP</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We should see activity now that we're proxying our network traffic through ZAP</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the arrow next to "Sites"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWrMZXi-l0NsYjpQ5DFgl6VrebAhOTcneAwnFEwCn5fhM04pltRO_1M3v0H3Uc-684lFhWXe1YftvRkBWSANJLUsYekmTqkCkIf78Z1301Q34r0xIdY1RPbb2J0SVzcPC-hAIyFbhZhP_B/s1600/Juice116.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="288" data-original-width="286" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWrMZXi-l0NsYjpQ5DFgl6VrebAhOTcneAwnFEwCn5fhM04pltRO_1M3v0H3Uc-684lFhWXe1YftvRkBWSANJLUsYekmTqkCkIf78Z1301Q34r0xIdY1RPbb2J0SVzcPC-hAIyFbhZhP_B/s400/Juice116.png" width="396" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the arrow next to "127.0.0.1:3000"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRslqH95WTv95ZUgDztHiSdLkf1ZEXiunHhZ6ETSIfyyfuHDTox-HGqw0uEc0P2irbYS0FfT6l7roc5MvohNAq0mhWyd-SErqhmN2-8p6nDUDZscLkNIry08PZ0cqs9nCk9q-Jyv1tQbP6/s1600/Juice117.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="193" data-original-width="340" height="361" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRslqH95WTv95ZUgDztHiSdLkf1ZEXiunHhZ6ETSIfyyfuHDTox-HGqw0uEc0P2irbYS0FfT6l7roc5MvohNAq0mhWyd-SErqhmN2-8p6nDUDZscLkNIry08PZ0cqs9nCk9q-Jyv1tQbP6/s640/Juice117.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If we scroll a little, we see interesting directories<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC2E4eqi02FPTKDixZzLirkwJWONAVfFHROg9x7rPaoC9Nl0Kbaxsb5CBUD_9t6_TVMMj6vuRhvEQHys81tNfPKRTCgZir9-tXsguzNZJMjKctLYBh9iapHcPsPJow0DBozmnPMBqmszSV/s1600/Juice118.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="307" data-original-width="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC2E4eqi02FPTKDixZzLirkwJWONAVfFHROg9x7rPaoC9Nl0Kbaxsb5CBUD_9t6_TVMMj6vuRhvEQHys81tNfPKRTCgZir9-tXsguzNZJMjKctLYBh9iapHcPsPJow0DBozmnPMBqmszSV/s1600/Juice118.png" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If you click on "Alerts", you can see potential findings that were found passively<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfnQbrakyDL3OufwI3vbLKj54u2FdORLF4u5feGJ-khEjtZ-XJJZzAO8DlWa0G_CvG3HnGwSAr0wggHQPoepaSsm_fxL3KMdIF_JLGfkl7gqxu8Fg602VhY7pPP9DAoCUgAzh3LJmJ_yvn/s1600/Juice119.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="413" data-original-width="792" height="332" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfnQbrakyDL3OufwI3vbLKj54u2FdORLF4u5feGJ-khEjtZ-XJJZzAO8DlWa0G_CvG3HnGwSAr0wggHQPoepaSsm_fxL3KMdIF_JLGfkl7gqxu8Fg602VhY7pPP9DAoCUgAzh3LJmJ_yvn/s640/Juice119.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Score Board"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUzp8E0z12yEPUBjtisr4B-R8rWY1FZcK9MXzdLXHHvxU8RS6UDtIP2rPAHOUaSFgFVW5ZXjLtJyGpCPwCVk0u3PqcFSmoxezTqHN07urlNsOn_sqsY2cb4nVmSNONdHpGi89fso4ICG4O/s1600/Juice120.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="212" data-original-width="343" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUzp8E0z12yEPUBjtisr4B-R8rWY1FZcK9MXzdLXHHvxU8RS6UDtIP2rPAHOUaSFgFVW5ZXjLtJyGpCPwCVk0u3PqcFSmoxezTqHN07urlNsOn_sqsY2cb4nVmSNONdHpGi89fso4ICG4O/s400/Juice120.png" width="400" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The five blue boxes should still be "pressed" and showing all of the challenges. Scroll to the bottom.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We see that the RCE Tier 1 challenge involves some kind of denial of service. Now that we have ZAP running in the background, let's see if normal transactions can lead us to some kind of way forward with this.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgepYI4b2NpGv5LXjdup7kAsuZKuigD7gbZp9QgN5Ph9UzwwHpTP4KYNRo_l_e2nR5V-IR8PsK7Wy0xumK_Euq6EsvxeU4p3A4a_I405RVpaYGpRGkplAa37VZKBtUs1LdSiJeq1HLXrMGW/s1600/Juice121.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="227" data-original-width="655" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgepYI4b2NpGv5LXjdup7kAsuZKuigD7gbZp9QgN5Ph9UzwwHpTP4KYNRo_l_e2nR5V-IR8PsK7Wy0xumK_Euq6EsvxeU4p3A4a_I405RVpaYGpRGkplAa37VZKBtUs1LdSiJeq1HLXrMGW/s640/Juice121.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to the Terminal and press "Control+C" to force stop the JuiceShop</span></li>
</ol>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Microsoft Visual Studio Code</span></div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We need just one more tool in our toolbox to dive deeper into the JuiceShop. We're going to use <a href="https://code.visualstudio.com/" target="_blank">Visual Studio Code</a>! We're going to use VSCode for debugging this Node.js based webapp.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">To install VSCode on Linux, go t</span><span style="font-family: "arial" , "helvetica" , sans-serif;">o <a href="https://code.visualstudio.com/docs/setup/linux">https://code.visualstudio.com/docs/setup/linux</a></span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We're going to use the Red Hat instructions on this page. Do the two steps that start with "sudo" to add in the Microsoft key and their repository location.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "yum check-update" and press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "sudo yum install code, and press Enter. Follow any prompts to continue with the installation.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglp_lCMR3OBaCHmF122DgimnKzNHMVe5S4K5C8RLWHT1Af8pzVO6gjkTyX-bHPgoioxPKbXTsieYjAFWpC35tpxNKUvQOctt2bAeSpAZsCJtLlDqZwt33xlhQuPBYryvMW-RYeAAWyh6XF/s1600/Juice124+v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1600" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglp_lCMR3OBaCHmF122DgimnKzNHMVe5S4K5C8RLWHT1Af8pzVO6gjkTyX-bHPgoioxPKbXTsieYjAFWpC35tpxNKUvQOctt2bAeSpAZsCJtLlDqZwt33xlhQuPBYryvMW-RYeAAWyh6XF/s640/Juice124+v2.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, browse to the folder location of the JuiceShop (e.g. Downloads/js642)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "code ." which will start VSCode in the context of the JuiceShop application<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOvQjp_9ebufohfKULEWd_0G411Z7rsmE43Tp_OfRk3rxeoGlcpJyacig6aZIOWeBPf6fRFHR0emHB-uSvnQrBEXqjBQ5GxGwBVMQEmwU13c9C5_kXOxfmn0r3WpwX6M3Rxvu1tZMS1ekN/s1600/Juice125.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="154" data-original-width="868" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOvQjp_9ebufohfKULEWd_0G411Z7rsmE43Tp_OfRk3rxeoGlcpJyacig6aZIOWeBPf6fRFHR0emHB-uSvnQrBEXqjBQ5GxGwBVMQEmwU13c9C5_kXOxfmn0r3WpwX6M3Rxvu1tZMS1ekN/s640/Juice125.png" width="640" /></a></div>
</span></li>
</ol>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">VSCode is <a href="https://code.visualstudio.com/docs/nodejs/nodejs-tutorial" target="_blank">natively aware of Node.js</a> applications and automatically has context of how to work with Node.js applications. We are going to use this to our advantage so we can natively run and <a href="https://code.visualstudio.com/docs/nodejs/nodejs-debugging" target="_blank">debug this application</a> to gain further insight into how this application works. In order to do this, we're going to examine the code that runs the web server for the Node.js application. This project uses "<a href="https://serverjs.io/tutorials/getting-started/" target="_blank">server</a>" to do the heavy lifting for this application. The configuration for the web server is conveniently located in "server.js". We're going to evaluate the application from a <a href="https://www.us-cert.gov/bsi/articles/best-practices/white-box-testing/white-box-testing" target="_blank">white-box perspective</a> where we get to see everything to better assess the security from this view.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are a lot of ways to explore this application to derive where you can find the deserialization vulnerability. In my experience, the vulnerability lies where can you mess with data. With that, deserialization based attacks can be a problem thru APIs exposed as part of the application where data is more "freeform" (cough JSON) and more complex than a simple integer. An integer can have a simple bounds and type check to validate appropriate input. When you have JSON based data, that can be a little bit more messy depending on how data validation is performed.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Our white box assessment is going to demonstrate why JSON input can still be abused. The "classic" example of abusing JSON data to perform deserialization attacks has been demonstrated in .Net and Java based web apps. There's really no reason why this can't be an issue elsewhere like in a JavaScript based web app, like OWASP Juice Shop, which allows attackers and defenders to examine in a safe setting. Digging around in the app, if we peek at the web server running the application, we see that </span><a href="https://swagger.io/" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">Swagger</a><span style="font-family: "arial" , "helvetica" , sans-serif;"> is used in the application. Swagger is great to help people understand your API and can give them a way to play with the API in a web based setting. The deserialization vulnerability with the JuiceShop is through the API. We'll dig more into the how and why later, but first let's explore the server configuration and get VSCode to run/debug the JuiceShop. This ability will allow us to examine step-by-step what's going on as the issue is exploited.</span></div>
<div>
</div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Running with the bulls... or VSCode</span></div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In VSCode, you may get a warning about Git in your PATH being out of date. Click "Close" if you do.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN3KIpTjwdqYOLShyxIKpq8wGU8UeLGaBF5RPpS9MQHCguntEWZ0QYsod1Zg4kl7-8-7w0bClKM0fvyTj__EzSm1DJoYnLALfhBVXzu-nc-wlDHy7l_t5hf5IcJT2__F0GyDuUgnIRdJ7p/s1600/Juice126.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1030" data-original-width="1600" height="410" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN3KIpTjwdqYOLShyxIKpq8wGU8UeLGaBF5RPpS9MQHCguntEWZ0QYsod1Zg4kl7-8-7w0bClKM0fvyTj__EzSm1DJoYnLALfhBVXzu-nc-wlDHy7l_t5hf5IcJT2__F0GyDuUgnIRdJ7p/s640/Juice126.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In the file explorer on the left (by default), you should see all of the files from the JuiceShop. Toward the bottom in the root directory you should see, "server.js". Click on the file to open it up on the right pane.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9ZDPbuKdt1-gumsIjnMD_pu2cx4Fn8CwNlnlYImg-1AQli-yewVRTR860vVW857EBdEw1AeoO6i-9iMptdtMWa0FmYKtPyvdbNolFC3Qlxz8X5iFl8aYMrfNFpOcXcAfQDXItAWHTMQ8V/s1600/Juice127.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1027" data-original-width="1600" height="410" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9ZDPbuKdt1-gumsIjnMD_pu2cx4Fn8CwNlnlYImg-1AQli-yewVRTR860vVW857EBdEw1AeoO6i-9iMptdtMWa0FmYKtPyvdbNolFC3Qlxz8X5iFl8aYMrfNFpOcXcAfQDXItAWHTMQ8V/s640/Juice127.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scroll through the file to about line 115 (at least that's where Swagger is specified at the time of this writing in this file). We can glean that the URL endpoint for the Swagger document is "/api-docs". That'll be the URL we use (http://127.0.0.1:3000/api-docs) to see the Swagger file.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLt2hIr9qmvP99GfljRrSxm7sUQUJxSa3K30hYgxE8u0TpQUOGdqXkS3VLg0hnLxI8NJRC8dNpHenSbxo5UTvayogvjmCURa7hjUtlZI5jrVZ3N-VVXGkK2Qa9wgGZyewtAdQ78ZKP3q04/s1600/Juice128.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1023" data-original-width="1600" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLt2hIr9qmvP99GfljRrSxm7sUQUJxSa3K30hYgxE8u0TpQUOGdqXkS3VLg0hnLxI8NJRC8dNpHenSbxo5UTvayogvjmCURa7hjUtlZI5jrVZ3N-VVXGkK2Qa9wgGZyewtAdQ78ZKP3q04/s640/Juice128.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's run the JuiceShop through VSCode</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the left, click on the bug icon with the circle and line<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmOZvK8JkfpilzLfvLN3GAt2b-7X_h5poWyelQfho_Br8LEdslFbvEFjBbDImFWCxoT6o8Rh4HDcxWqSZ_H1gOZgD99f-r05GNYgII7fiYQHurIaG9GPsijfJVIs1pcLSR5jRJw_KgoLsH/s1600/Juice129.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1023" data-original-width="1600" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmOZvK8JkfpilzLfvLN3GAt2b-7X_h5poWyelQfho_Br8LEdslFbvEFjBbDImFWCxoT6o8Rh4HDcxWqSZ_H1gOZgD99f-r05GNYgII7fiYQHurIaG9GPsijfJVIs1pcLSR5jRJw_KgoLsH/s640/Juice129.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In this new debugging context, you should see a green play button next to the word "Debug". Click that.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkyzVYL1QG-zJ6e3EsI4ucBid-M2NfxI-USECiGOYX2TQula42DBBpJOIGXwdqMEsUK6Zl2Xb4v9aR0-Ue4ETVDcRgPse5mXEk4NCC5-V30V5GZRQAJKiAkZ7-wAdjXJDja_ZFIUAoZlfk/s1600/Juice130.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1022" data-original-width="1600" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkyzVYL1QG-zJ6e3EsI4ucBid-M2NfxI-USECiGOYX2TQula42DBBpJOIGXwdqMEsUK6Zl2Xb4v9aR0-Ue4ETVDcRgPse5mXEk4NCC5-V30V5GZRQAJKiAkZ7-wAdjXJDja_ZFIUAoZlfk/s640/Juice130.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You should get an error saying that the <a href="https://code.visualstudio.com/docs/editor/debugging#_launch-configurations" target="_blank">launch.json file</a> can't find an appropriate way to run the program. Click "Open launch.json" to delve into this file.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2j5pLpDNAab9rTGKQseMJ6HXogNXdQjvBAIdxkrQRxHT7V2Qn2SnVDrZofTWSd62PfP4GNwdI3sKUhHvem4m1718grna0zLdQMIQCNQIOX0EBTJR2GJ9F-PWUAEmqGLvGEr1ZAlOj_Azb/s1600/Juice131.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="314" data-original-width="1600" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2j5pLpDNAab9rTGKQseMJ6HXogNXdQjvBAIdxkrQRxHT7V2Qn2SnVDrZofTWSd62PfP4GNwdI3sKUhHvem4m1718grna0zLdQMIQCNQIOX0EBTJR2GJ9F-PWUAEmqGLvGEr1ZAlOj_Azb/s640/Juice131.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In "launch.js" we see a simple configuration file to run the app. In the current configuration, it's broken.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">To fix this, add ".js" to the end of "app" to run our <a href="https://www.npmjs.com/package/appjs" target="_blank">app.js file</a>.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVawDCT2eBW9FAVS3Z5Y-6DX6qIne3sGSdyvBMMoM-vntuw5_1f6JB_OQJiEx2x9w7tHBwOomcAEv8wcy7niJ94R1KaqhLx_sUeoRqs4PFluzCFg5bwU4CZbTjf5TRUclt59wp9hKl9ujc/s1600/Juice139.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="618" data-original-width="1044" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVawDCT2eBW9FAVS3Z5Y-6DX6qIne3sGSdyvBMMoM-vntuw5_1f6JB_OQJiEx2x9w7tHBwOomcAEv8wcy7niJ94R1KaqhLx_sUeoRqs4PFluzCFg5bwU4CZbTjf5TRUclt59wp9hKl9ujc/s640/Juice139.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "File | Save" to save it<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp0FQYzICJggY9Xfa2S1K5Q-sk_ugtRL1fsaiaEdNzYpavvUD0-SiIU45Up36lhDNNtcL3kxNhYnnHh-cqxyp6CZK8vV_ZBXaSUENIYbtAlcGNY1nPCd_SeXJOY_cgN1A7I6bxv2EhdtDs/s1600/Juice140.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="751" data-original-width="1600" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgp0FQYzICJggY9Xfa2S1K5Q-sk_ugtRL1fsaiaEdNzYpavvUD0-SiIU45Up36lhDNNtcL3kxNhYnnHh-cqxyp6CZK8vV_ZBXaSUENIYbtAlcGNY1nPCd_SeXJOY_cgN1A7I6bxv2EhdtDs/s640/Juice140.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the "Explorer" icon (the top icon)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the "Launch Program" play button at the bottom to run JuiceShop from VSCode<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq49WlQsUxUy0BiTjMsH9lZ3UkGM2_Qdhs3F7Qi5u_-JumeEJ9Uep0R32fw-ecTHVm18DaKSd7sw13LT1Al84toXLh-xQjGYOKhGAKqQmx86Rxf7XkHffryl5hyV6eiQAJ0anBZaenhyphenhyphen80/s1600/Juice141.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1306" data-original-width="1450" height="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq49WlQsUxUy0BiTjMsH9lZ3UkGM2_Qdhs3F7Qi5u_-JumeEJ9Uep0R32fw-ecTHVm18DaKSd7sw13LT1Al84toXLh-xQjGYOKhGAKqQmx86Rxf7XkHffryl5hyV6eiQAJ0anBZaenhyphenhyphen80/s640/Juice141.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We want to see the progress of launching the app through the "Debug Console". Depending on any number of factors, let's be sure we're looking at the same thing. At the top, click on "View" and select "Debug Console" to pull it up.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYJI3fBcUm30c3HQoGXBx3Y2f1zDMTd1UKsNjrlp2soxAEu_A71cbcyHy7M-CyQ8kc3kvrQ0MLQSvWE4B4EpCiU3oKpDD71D2qdWzeOeh6ZLpJbkUBAmbYiRrNtQU2KSA5JjAseyoQQGo0/s1600/Juice143.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="846" data-original-width="1508" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYJI3fBcUm30c3HQoGXBx3Y2f1zDMTd1UKsNjrlp2soxAEu_A71cbcyHy7M-CyQ8kc3kvrQ0MLQSvWE4B4EpCiU3oKpDD71D2qdWzeOeh6ZLpJbkUBAmbYiRrNtQU2KSA5JjAseyoQQGo0/s640/Juice143.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If everything is good (it worked on my machine!) you should see the application running as normal on port 3000 and the bottom bar should now be orange<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwxaaOyGkk1iD-u6vYrnYgsAPGJ2ZqOI6uzLhrTQPmdDcL_yfPiPtXgYjdAY881iubdL8wW6nSEVeoDozRHArXG7knjlOV1WTgPzsGxvmC8f46JrtygDbdNwFNMikcHkOImfZtvyeSupdP/s1600/Juice144.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1030" data-original-width="1600" height="412" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwxaaOyGkk1iD-u6vYrnYgsAPGJ2ZqOI6uzLhrTQPmdDcL_yfPiPtXgYjdAY881iubdL8wW6nSEVeoDozRHArXG7knjlOV1WTgPzsGxvmC8f46JrtygDbdNwFNMikcHkOImfZtvyeSupdP/s640/Juice144.png" width="640" /></a></div>
</span></li>
</ol>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">I'm going to save the next/last post in this series for the actual exploitation!</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-47042477818687627632018-03-15T17:00:00.000-05:002018-03-15T17:00:13.526-05:00OWASP Omaha 2018 - Slides<span style="font-family: Arial, Helvetica, sans-serif;">I got sidetracked with some side projects, but here are the slides from my presentation! It was a lot of fun talking about the more difficult vulnerabilities in the <a href="https://www.owasp.org/index.php/OWASP_Juice_Shop_Project" target="_blank">OWASP JuiceShop</a> project.</span><div>
<br /></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="https://www.slideshare.net/AndrewFreeborn/deserialization-with-the-javascript-for-the-lulz" target="_blank">Slides posted here</a>!</span></div>
<div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">I am still working on the blog posts as a companion to the talk and have been plugging away at it. They will come as soon as possible :)</span></div>
</div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-80233622645554734122018-02-13T17:00:00.000-06:002018-02-13T17:00:24.962-06:00OWASP Omaha Feb 2018 - 002 - Deserialization with the JS for the lulz<span style="font-family: "arial" , "helvetica" , sans-serif;">The OWASP Juice Shop project is great to learn about web app vulnerabilities and how to exploit them. I gave an introduction to web app hacking with the OWASP Juice Shop last year at BSides Iowa which you can see <a href="https://www.youtube.com/watch?v=MHnT7gcfJec" target="_blank">here</a>. The YouTube link discussed web app hacking 101 and demonstrated how to exploit the easier challenges. The intent of these posts and upcoming talk are to skip ahead to the end and tackle more difficult challenges like deserialization. Without further ado, let's go!</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log into the JuiceShop VM</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go to Applications and launch Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, browse to http://127.0.0.1:3000</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">As you can see, this application runs on demand and is not up<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvYFqcyd7jnjJr6dWHxcdk65ngpvjdfnuTWpPo4fcJXKi8DKPtkZXhS0ZOzLP1Z0qpU_7s2PzCXl8tlgXSlAoGMSnpeqMap2DdwGvZcTw8Aj5xzczX88us0bmEiLdxt1jo3L0J_CFRJU9L/s1600/Juice056.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="360" data-original-width="567" height="406" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvYFqcyd7jnjJr6dWHxcdk65ngpvjdfnuTWpPo4fcJXKi8DKPtkZXhS0ZOzLP1Z0qpU_7s2PzCXl8tlgXSlAoGMSnpeqMap2DdwGvZcTw8Aj5xzczX88us0bmEiLdxt1jo3L0J_CFRJU9L/s640/Juice056.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go to Applications and launch Terminal</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, browse to the location of the Juice Shop (e.g. Downloads/js624)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi42O_wMWqKYK8Fr9epX8Q4KOknyuyxHOM5o8RUjQOiv6ibqd_AtlMUatAXZ7EK9L3ZlXpklkm-DDxTStqMHYWENgHHoSNwhgiIxP0FyqXIyFRgGfq1XeFcXio5nXlloEPAuLpqkVf91glZ/s1600/Juice057.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="84" data-original-width="396" height="134" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi42O_wMWqKYK8Fr9epX8Q4KOknyuyxHOM5o8RUjQOiv6ibqd_AtlMUatAXZ7EK9L3ZlXpklkm-DDxTStqMHYWENgHHoSNwhgiIxP0FyqXIyFRgGfq1XeFcXio5nXlloEPAuLpqkVf91glZ/s640/Juice057.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Now we need to start up the Juice Shop, in Terminal type in, "npm start"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJRsyQvtmBpWVykvHdAJhCFV67SDF8TV6IdGQlVGFSd38bdZfB63vnMRJ93wKGMFWL-1qVq_LV6yJTx9tbPoQqBQrgkj5XIf5oAbjkyaalOLShdr7wNVKnZBeKTVMOPxa7rrUYseAItYx/s1600/Juice058.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="251" data-original-width="494" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoJRsyQvtmBpWVykvHdAJhCFV67SDF8TV6IdGQlVGFSd38bdZfB63vnMRJ93wKGMFWL-1qVq_LV6yJTx9tbPoQqBQrgkj5XIf5oAbjkyaalOLShdr7wNVKnZBeKTVMOPxa7rrUYseAItYx/s640/Juice058.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to Firefox and refresh the page<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYVcPp4kByMCzH_YnAGmYj0aEb2gqLEQcM-IZv5A7eSddu7wrhvHLPdwMx_E-8a1lYfuV1nPuV0RR5LKEsgHH0JU8anSIiXB9JD9jBKe-00j5DbHJMsGWDRjti411RJjbuUZgl9_hWDN4R/s1600/Juice059.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="235" data-original-width="440" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYVcPp4kByMCzH_YnAGmYj0aEb2gqLEQcM-IZv5A7eSddu7wrhvHLPdwMx_E-8a1lYfuV1nPuV0RR5LKEsgHH0JU8anSIiXB9JD9jBKe-00j5DbHJMsGWDRjti411RJjbuUZgl9_hWDN4R/s640/Juice059.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Now that the Juice Shop is up, let's create an account. Click "Login".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1w9bt5Dvm8okY1IFkeCI32kre4JgOPwxX-UxSsMbvxVyrRixMz2J6FHlzcnyVtlv5ky-UWgNZGx4RP0OQ7c7eofK-u5ojBT5VXWSOtrpTp_sp6wh5s1u2QOog44ZbJpGKupjlsfAtc_n8/s1600/Juice060.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="235" data-original-width="440" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1w9bt5Dvm8okY1IFkeCI32kre4JgOPwxX-UxSsMbvxVyrRixMz2J6FHlzcnyVtlv5ky-UWgNZGx4RP0OQ7c7eofK-u5ojBT5VXWSOtrpTp_sp6wh5s1u2QOog44ZbJpGKupjlsfAtc_n8/s640/Juice060.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the login page, click "Not yet a customer?"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEij0N3FSz_2VyCxmSPJ9fpIVSJMc1a7FkHxeF1rCntxHRpk41_J69A_mInq_9uuJmiiDSbqqIxyteKwmVouyQqdxSz7N2C7KqhQ8gcAJ69RqLPiCtETEAY5XKyUtb51M-ZD19H58W_HjXNg/s1600/Juice061.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="546" data-original-width="661" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEij0N3FSz_2VyCxmSPJ9fpIVSJMc1a7FkHxeF1rCntxHRpk41_J69A_mInq_9uuJmiiDSbqqIxyteKwmVouyQqdxSz7N2C7KqhQ8gcAJ69RqLPiCtETEAY5XKyUtb51M-ZD19H58W_HjXNg/s640/Juice061.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Fill in the details for a user account and click "Register". You can have Firefox remember your login details.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicLbWY61vylvfF1tPKo-ChFEyQ9ACYgKUeSgGNc4npMwMdG5lvNsBtUDqZrfvUPNmG7ZuHB7mZyHKqG0fekuSCQiL2aH0ZqYnFfYmGZ_PotJJu4exgIZ__zP1Y1pllwISdJbH_OqZpLrYw/s1600/Juice062.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="653" data-original-width="664" height="628" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicLbWY61vylvfF1tPKo-ChFEyQ9ACYgKUeSgGNc4npMwMdG5lvNsBtUDqZrfvUPNmG7ZuHB7mZyHKqG0fekuSCQiL2aH0ZqYnFfYmGZ_PotJJu4exgIZ__zP1Y1pllwISdJbH_OqZpLrYw/s640/Juice062.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log into Juice Shop with your newly created account</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Now that we're logged in, we have more options at the top. Let's get the score board and see our list of challenges. Normally you would find this by looking at the source code of the main page, or any number of methods to find this page.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3lOEoXwm-aHyW2XSixzHD4TG6p2TAMaMIT0onZhZWVsrYtZ7Jl5toHIfEBltG_B8KTxnlIqnY9qvOZ-hXiZycetD7ZJcmRkjlFDtnkR-sJVpB2ugu91KBW3PGjIevvm9-5uZde4UCSvnu/s1600/Juice063.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="241" data-original-width="1009" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3lOEoXwm-aHyW2XSixzHD4TG6p2TAMaMIT0onZhZWVsrYtZ7Jl5toHIfEBltG_B8KTxnlIqnY9qvOZ-hXiZycetD7ZJcmRkjlFDtnkR-sJVpB2ugu91KBW3PGjIevvm9-5uZde4UCSvnu/s640/Juice063.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, browse to http://127.0.0.1:3000/#/score-board</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We can see we have solved a challenge!</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You can see the list of challenges and there are 9 one-star challenges, only 8 to go! If you scroll down, you'll see there aren't any more challenges!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUyU5zWXgp_KWFAR99cjO3dPBClMA0sr2xU9cKNeL_MqJwECS_i_xloGmQ-EeGs4QrWVbI64azAEd3jsQJ351uUqZeZfKs3NrOHl87A1gWIYSQb9m4WyPqva2vobncf5ITX9qpObeNw3r2/s1600/Juice064.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="668" data-original-width="811" height="526" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUyU5zWXgp_KWFAR99cjO3dPBClMA0sr2xU9cKNeL_MqJwECS_i_xloGmQ-EeGs4QrWVbI64azAEd3jsQJ351uUqZeZfKs3NrOHl87A1gWIYSQb9m4WyPqva2vobncf5ITX9qpObeNw3r2/s640/Juice064.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">At the top, click the blue buttons to make the rest of them darker. That'll reveal the rest of the challenges in this build.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If we scroll to the bottom with the 5-start challenges, we can see what we came for, the RCE Tier 1 challenge. This is a deserialization attack, but without clicking "unsolved" to get hints, let's walk through the app and see how this all works.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOPWTXxtLZg3jsfH6Q5CZmsOsxTK18230WJhPNeuKHTD-GSHCnqcvDAJmd0r5w-aZLD4b6QXrNcYa2Q0c6CzlLpbrfyn8TLt_A_McnOeG5-Ko5vG1pUNAMlzQrn3zdLOI_4cvP5AGMfArY/s1600/Juice065.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="624" data-original-width="818" height="488" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOPWTXxtLZg3jsfH6Q5CZmsOsxTK18230WJhPNeuKHTD-GSHCnqcvDAJmd0r5w-aZLD4b6QXrNcYa2Q0c6CzlLpbrfyn8TLt_A_McnOeG5-Ko5vG1pUNAMlzQrn3zdLOI_4cvP5AGMfArY/s640/Juice065.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scroll to the top and click on the OWASP Juice Shop logo</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the cart sign for "Apple Juice" to add this to our cart<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyqaqndKu0wwQomGvQ_7eNHn5k7Ol-cMf7ssPvkMcJhXhDY5cymAmpcCKNCR7Qe_lNq83pJTo3OfGXTWCP76lr3cw3GSxcSgJ7S8HX5WzI4Ip0Ri5C7-yHauQiA5guG3q48i70Qu43I-cf/s1600/Juice066.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="155" data-original-width="676" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyqaqndKu0wwQomGvQ_7eNHn5k7Ol-cMf7ssPvkMcJhXhDY5cymAmpcCKNCR7Qe_lNq83pJTo3OfGXTWCP76lr3cw3GSxcSgJ7S8HX5WzI4Ip0Ri5C7-yHauQiA5guG3q48i70Qu43I-cf/s640/Juice066.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Your basket" at the top<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUrXFIcAFss2NxONtouPMp7AuXqe9MuEF5XX-_E7P1_RIhZGXooV6mEoQxV3092y6o-ONTOWGp71Upe0XxttR3Cn4zdUeRHld622z-lD7929hEqplp0Xp_V1LGtFAiwqPV222j2zK_ftM1/s1600/Juice067.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="497" data-original-width="982" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUrXFIcAFss2NxONtouPMp7AuXqe9MuEF5XX-_E7P1_RIhZGXooV6mEoQxV3092y6o-ONTOWGp71Upe0XxttR3Cn4zdUeRHld622z-lD7929hEqplp0Xp_V1LGtFAiwqPV222j2zK_ftM1/s640/Juice067.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the "x" for the solved notification message and then click "Checkout"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVV-LxeGtSqVhsclC5g9P01pwAmCGJQ1km9b4sHPCQTr65yNaKT5Jt0hbMqWEsrvtukm5k8zQZRHISOj8AIKwnWHHGzh9byETxx-6cEbGRwDDRx_79NfJ2AlLgO0I9An5Bt4QA4nRdV5WT/s1600/Juice068.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="526" data-original-width="960" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVV-LxeGtSqVhsclC5g9P01pwAmCGJQ1km9b4sHPCQTr65yNaKT5Jt0hbMqWEsrvtukm5k8zQZRHISOj8AIKwnWHHGzh9byETxx-6cEbGRwDDRx_79NfJ2AlLgO0I9An5Bt4QA4nRdV5WT/s640/Juice068.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">All done! No, not really<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlmtAkqcgGp23viKK312Id_-rb911VCsq5aZAO3Nukb_8fVhWnvg_j4tf_yur3vYqRaWshnEK2G2yQqGiBaNcT7VOj6bQeXIlzEqS-SwZ1gERU06Mb8TjwddmSJgFwN1Va3kEkONRvU_1z/s1600/Juice069.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="614" data-original-width="586" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlmtAkqcgGp23viKK312Id_-rb911VCsq5aZAO3Nukb_8fVhWnvg_j4tf_yur3vYqRaWshnEK2G2yQqGiBaNcT7VOj6bQeXIlzEqS-SwZ1gERU06Mb8TjwddmSJgFwN1Va3kEkONRvU_1z/s640/Juice069.png" width="610" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the back button in Firefox to return to the Juice Shop</span></li>
</ol>
<span style="font-family: "arial" , "helvetica" , sans-serif;"></span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
Well, now we're going to have to get to work and bust out some tools to help us. We can use the Firefox (ideally Chrome) Developer Tools to help us solve some challenges, but we're going to need a bigger boat.</span><br />
<br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open a new tab in Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Browse to <a href="https://www.getpostman.com/">https://www.getpostman.com</a><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAdGQg8h4PO6LRBm1kJJjXzPe-YG6d1W9aaz_lQEbfLED27M-mB8k5DjW-QSLjeHDGBautv9qVLcRt-jv3gTJx6GfU7k7SZqjicp2zbwVPMMunJ6jDnilFp-Hrhl4soisOrpjOiRr8Hr76/s1600/Juice070.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="354" data-original-width="730" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAdGQg8h4PO6LRBm1kJJjXzPe-YG6d1W9aaz_lQEbfLED27M-mB8k5DjW-QSLjeHDGBautv9qVLcRt-jv3gTJx6GfU7k7SZqjicp2zbwVPMMunJ6jDnilFp-Hrhl4soisOrpjOiRr8Hr76/s640/Juice070.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Linux" and choose "x64"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgftp-OosyEVE9-7ghsCpYCMUusZGtVu_dR2kuMK2CsmUhiKyHhLHk0_jXSU2pqgT9pHhgvOkLOSNKDIDzCLpbQdrbmTqPcf_g3euG3M44P6ZR2DNZQY514-6M2Ny1IgnrvlLPM54S6_SIw/s1600/Juice071.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="694" data-original-width="706" height="628" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgftp-OosyEVE9-7ghsCpYCMUusZGtVu_dR2kuMK2CsmUhiKyHhLHk0_jXSU2pqgT9pHhgvOkLOSNKDIDzCLpbQdrbmTqPcf_g3euG3M44P6ZR2DNZQY514-6M2Ny1IgnrvlLPM54S6_SIw/s640/Juice071.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Save file" and click "Ok"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open a new tab in Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Browse to <a href="https://github.com/zaproxy/zaproxy">https://github.com/zaproxy/zaproxy</a><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjS185RooTguAuBZlF5LuQlOWysbi8XOKpvEZnNuIVXrZYizhURMGTONhRQAOprr6ktZu3IphmJhfqD13cgM3_3VEHnBYjyGekb1mHw1JCs7RFAizFehnNPnyg_QxS0Lt7p9rNJa4XBu3D1/s1600/Juice072.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="549" data-original-width="819" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjS185RooTguAuBZlF5LuQlOWysbi8XOKpvEZnNuIVXrZYizhURMGTONhRQAOprr6ktZu3IphmJhfqD13cgM3_3VEHnBYjyGekb1mHw1JCs7RFAizFehnNPnyg_QxS0Lt7p9rNJa4XBu3D1/s640/Juice072.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scroll down and click "Download ZAP"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje7A41N_aSn03ADNi6nOTAQkFARQMRgiRGyO3K1jaL3vqy07NIe6yr7FkYgFDmBV4d5FsTFhXbFISeYPur8w8GBwNMsNd2heJ0OHd_DIn2c2BmpYttUSnbtOIUKUAWs_rTrYL3Q63VfNLc/s1600/Juice073.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="327" data-original-width="410" height="510" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje7A41N_aSn03ADNi6nOTAQkFARQMRgiRGyO3K1jaL3vqy07NIe6yr7FkYgFDmBV4d5FsTFhXbFISeYPur8w8GBwNMsNd2heJ0OHd_DIn2c2BmpYttUSnbtOIUKUAWs_rTrYL3Q63VfNLc/s640/Juice073.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In the wiki Downloads page, scroll down a little and click "Download now" for the "Linux Installer" option<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitJUiz5oiVIUzx0CFP3RSY-ZB6sY_SIcVo_rgdECY3QNd8z_GTX5Kc5kc5hvI6o03ybOB4LPbxDdNmbIULYaAnLs6Iy3XVRUTAK_VEwcnVjIoMRr611cNHO1qC5W80pk9PN3l_Wfc2uuWX/s1600/Juice074.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="587" data-original-width="677" height="554" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitJUiz5oiVIUzx0CFP3RSY-ZB6sY_SIcVo_rgdECY3QNd8z_GTX5Kc5kc5hvI6o03ybOB4LPbxDdNmbIULYaAnLs6Iy3XVRUTAK_VEwcnVjIoMRr611cNHO1qC5W80pk9PN3l_Wfc2uuWX/s640/Juice074.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Save file" and click "Ok"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go to your Downloads folder to see the ZAP and Postman downloads<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtY5TvCp3ESUZinRiVOA-gSaJByuBWQJW11VPi4Jz7NStavetit-5B3nnKgM26gf-eZQEj2AZI3B3GPl4Alqk5gprigHNc7-e5rfOhc-Sg5DVhrPPXav2HFhrTI1yfakGFtMpIFIQGVIUd/s1600/Juice075.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="837" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtY5TvCp3ESUZinRiVOA-gSaJByuBWQJW11VPi4Jz7NStavetit-5B3nnKgM26gf-eZQEj2AZI3B3GPl4Alqk5gprigHNc7-e5rfOhc-Sg5DVhrPPXav2HFhrTI1yfakGFtMpIFIQGVIUd/s640/Juice075.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Right click on "Postman..." and click "Open with Archive Manager"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Extract"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU3w8XIxnS4Asviy4x4Yl8JZOg_onSgqQ9Pbg6z8xQwHj4UNtKg5kWhZurQn60Y67Gd5sD-J_y9Sx_6m8YVSpXkFTYV88sbHxLYO6PFTboKf6pP4KzZ9dzJ20sozTWudVPR4nkaqUEuRNb/s1600/Juice076.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="145" data-original-width="446" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU3w8XIxnS4Asviy4x4Yl8JZOg_onSgqQ9Pbg6z8xQwHj4UNtKg5kWhZurQn60Y67Gd5sD-J_y9Sx_6m8YVSpXkFTYV88sbHxLYO6PFTboKf6pP4KzZ9dzJ20sozTWudVPR4nkaqUEuRNb/s640/Juice076.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Extract"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuMe2DChINuxq6j1LowJQWG-r49QwogTwLVkmXzuxcbMS_h7AxlMil5nvvG3rY1DAta11jSysojwd5056cUFYXe3a6Veu9zJPEyaRhvWWhrRNUfkYiWMk9CkMR9O9VCJ5_kjjbDl3-OAiI/s1600/Juice077.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="865" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuMe2DChINuxq6j1LowJQWG-r49QwogTwLVkmXzuxcbMS_h7AxlMil5nvvG3rY1DAta11jSysojwd5056cUFYXe3a6Veu9zJPEyaRhvWWhrRNUfkYiWMk9CkMR9O9VCJ5_kjjbDl3-OAiI/s640/Juice077.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Close" when the extraction finishes</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Close Archive Manager</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Move the tar.gz of Postman into the Postman folder</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open a new Terminal application (since our first one is running Juice Shop)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "cd Downloads" and press Enter<div class="separator" style="clear: both; text-align: center;">
</div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's see our contents; In Terminal, type in "ls -l" and press Enter<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj23LhLltlGAVH5ifvUePSeaAKoZuKXF94WzKSpTwrk0JQgUqJN-lUniVrZS6pnSagqbxQdhoF19_tJfZ4gvkryVvf2rVg-Zm_2Vlw_NgIri5uhzMcX8qVqGRFOxz3s6hyi5v05roN9K_FG/s1600/Juice078.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="189" data-original-width="726" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj23LhLltlGAVH5ifvUePSeaAKoZuKXF94WzKSpTwrk0JQgUqJN-lUniVrZS6pnSagqbxQdhoF19_tJfZ4gvkryVvf2rVg-Zm_2Vlw_NgIri5uhzMcX8qVqGRFOxz3s6hyi5v05roN9K_FG/s640/Juice078.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We don't have execute permissions to run the ZAP installer. Let's give ourselves permissions.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "<a href="https://en.wikipedia.org/wiki/Chmod" target="_blank">chmod</a> 577 ZAP_2_7_0_unix.sh"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuUEgdptPVZRXEG7yzfao2SBj4WiVP3Vo-RrF1KDeBhEebWC1noL_TMe_duV9Kd7LMF3v3Vm7K8RRQQT6fVnXqMNQGjhAeIszjrYGT03yh_FYptUOuczZjnVhlsnKxX-u-6k7y86q9hOkX/s1600/Juice079.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="223" data-original-width="722" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuUEgdptPVZRXEG7yzfao2SBj4WiVP3Vo-RrF1KDeBhEebWC1noL_TMe_duV9Kd7LMF3v3Vm7K8RRQQT6fVnXqMNQGjhAeIszjrYGT03yh_FYptUOuczZjnVhlsnKxX-u-6k7y86q9hOkX/s640/Juice079.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "ls -l"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfkrL8iTQcaGEMrUjFCRmooppEWY0wmEnplYAJJ_xqtNiBE9IKFg-mWdCvAV1zvhOdEyTrjYXAuKndB54cbw9qtmiKYml_IaKzosUAfxlP2ZXZa20ikpeBHfWBoL0X9x0VWqG1EHKy88In/s1600/Juice080.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="347" data-original-width="766" height="288" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfkrL8iTQcaGEMrUjFCRmooppEWY0wmEnplYAJJ_xqtNiBE9IKFg-mWdCvAV1zvhOdEyTrjYXAuKndB54cbw9qtmiKYml_IaKzosUAfxlP2ZXZa20ikpeBHfWBoL0X9x0VWqG1EHKy88In/s640/Juice080.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's run the ZAP installer; In Terminal, type in "./ZAP_2_7_0_unix.sh"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We get an error when we run it as our user account saying that we need to be root. In Terminal, type in "sudo ./ZAP_2_7_0_unix.sh" and enter root's password<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjfFZxJsy9-y_7r2qR35vR9RKsFwBc_S6E6Ff7gGE6G5N2xLrUdFZZ4XvsYbQ596xfNQBTKGB3x95ABP5iVq3cEppPzLMQ8rXCtbnitPbEyJcMmOR7d2uXOZ_rXz2PykCDgSszqHpdVG4_/s1600/Juice081.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="723" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjfFZxJsy9-y_7r2qR35vR9RKsFwBc_S6E6Ff7gGE6G5N2xLrUdFZZ4XvsYbQ596xfNQBTKGB3x95ABP5iVq3cEppPzLMQ8rXCtbnitPbEyJcMmOR7d2uXOZ_rXz2PykCDgSszqHpdVG4_/s640/Juice081.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Next" in the installer<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3hXnyI80surwV6_OCNFawOL8CsokLR2kBeLZMudL32w531ft06FmXJnp-fT8LDR0Qg2Rz0qfN3EHfeNI0R2bCS_QA_bNdgyIyly9OrAw9IWDVPWbZ_dbSKQ0TmI0iKivTSage_g_f9yhm/s1600/Juice082.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="408" data-original-width="422" height="618" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3hXnyI80surwV6_OCNFawOL8CsokLR2kBeLZMudL32w531ft06FmXJnp-fT8LDR0Qg2Rz0qfN3EHfeNI0R2bCS_QA_bNdgyIyly9OrAw9IWDVPWbZ_dbSKQ0TmI0iKivTSage_g_f9yhm/s640/Juice082.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review, accept the license, and click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaQGJts8arI4NZY1AkgvsHGOS5zPuKgINOgnSpz3nqZJRKNPhcIu5aJUz-8gj436cfO1zudWPwaEbdLEFNmiav465HUnRl8-WFcrDjMrychn67rSHDs4lEfmIqV8W5VdxMu-p919xtfGwd/s1600/Juice083.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="405" data-original-width="500" height="518" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaQGJts8arI4NZY1AkgvsHGOS5zPuKgINOgnSpz3nqZJRKNPhcIu5aJUz-8gj436cfO1zudWPwaEbdLEFNmiav465HUnRl8-WFcrDjMrychn67rSHDs4lEfmIqV8W5VdxMu-p919xtfGwd/s640/Juice083.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's go "Custom" to see what options we have and click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmtrjLyifM1XzOc4CUwcudRxN3BvRaZkR0zBv4-zaO5a6D4NemBis-bmQdGY8HCWQ01v6pFy5232gEZFpArcDvyOwPuUTugSpILGslP_nC4NMI3WttYI7QRjYQomREQEyjkchawdJTkzF9/s1600/Juice084.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="408" data-original-width="489" height="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmtrjLyifM1XzOc4CUwcudRxN3BvRaZkR0zBv4-zaO5a6D4NemBis-bmQdGY8HCWQ01v6pFy5232gEZFpArcDvyOwPuUTugSpILGslP_nC4NMI3WttYI7QRjYQomREQEyjkchawdJTkzF9/s640/Juice084.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Leave the path as default and click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt9nSB5ry99T3kLscCQg-43oGfdeYlm4_ewm9VqNCk0q4dHZfzsprstKPs1RRwxGjx8DZI_iudyFxYBC08zPT2QKe4ZhzCtRcVaUa6-Uqa5INHh2Dz0BlFq4sVU61bEsbnlNVQk1wrixv6/s1600/Juice085.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="460" height="566" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt9nSB5ry99T3kLscCQg-43oGfdeYlm4_ewm9VqNCk0q4dHZfzsprstKPs1RRwxGjx8DZI_iudyFxYBC08zPT2QKe4ZhzCtRcVaUa6-Uqa5INHh2Dz0BlFq4sVU61bEsbnlNVQk1wrixv6/s640/Juice085.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Leave the symlinks path as default and click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixalqSFLjw7l8pgFnmyqD85FBUT1BrL_ahdJBGDzY6Rttt00hbu4bV4m2PL4-aVk5TNQDBpFsHONQOuZ8wCy4TtmPMAICnmhl4JmkPsGsnALmjFBeKKnS90J6UN0mLQKvN4Pu9NhO9hUpi/s1600/Juice086.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="404" data-original-width="479" height="538" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixalqSFLjw7l8pgFnmyqD85FBUT1BrL_ahdJBGDzY6Rttt00hbu4bV4m2PL4-aVk5TNQDBpFsHONQOuZ8wCy4TtmPMAICnmhl4JmkPsGsnALmjFBeKKnS90J6UN0mLQKvN4Pu9NhO9hUpi/s640/Juice086.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Desktop icons are fun, click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGR7sqOExBTWOwJehBcNsGOvWo8kN5fe6LnxXlIjsmaUhl9ymogyVHDP3l2i2tCDT-rLZ1Es3J5_q4Tt3GU-Al_8VG38cUhl59jbuQFEYqeBGUtV-mVbTn7N9rlw8edYU93jZuRjB4i3JZ/s1600/Juice087.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="405" data-original-width="498" height="520" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGR7sqOExBTWOwJehBcNsGOvWo8kN5fe6LnxXlIjsmaUhl9ymogyVHDP3l2i2tCDT-rLZ1Es3J5_q4Tt3GU-Al_8VG38cUhl59jbuQFEYqeBGUtV-mVbTn7N9rlw8edYU93jZuRjB4i3JZ/s640/Juice087.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">I checked the option for "Automatically download new ZAP releases" and left everything else checked. Click "Next"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJru8sjfNB-yiOiJPNFfBfLJQRuR9PQuSp00TkY0XJqHePWj_CwLxyWORDlmRAHXX0ucjq0cREweHTk7K5F1kSlDmn1g8P2pYOfh_TQHmUG4eBhiMzlxgpYPMm-BQcyXNi9W9dw_q92QSs/s1600/Juice088.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="439" data-original-width="490" height="572" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJru8sjfNB-yiOiJPNFfBfLJQRuR9PQuSp00TkY0XJqHePWj_CwLxyWORDlmRAHXX0ucjq0cREweHTk7K5F1kSlDmn1g8P2pYOfh_TQHmUG4eBhiMzlxgpYPMm-BQcyXNi9W9dw_q92QSs/s640/Juice088.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Install!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIEpooRBSsPcVF7zcNej_sKOwsBRru-h-mHultL3FN6mbWo7ozVzYsnXk63EgffZHMcjZ2466ZSsWnMKWawujFRD4cCY6ZRwCpZ7YzydTTfPGpApvOEsn1I7pPNSikjgZeFTRiJoS5MTez/s1600/Juice089.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="444" data-original-width="494" height="574" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIEpooRBSsPcVF7zcNej_sKOwsBRru-h-mHultL3FN6mbWo7ozVzYsnXk63EgffZHMcjZ2466ZSsWnMKWawujFRD4cCY6ZRwCpZ7YzydTTfPGpApvOEsn1I7pPNSikjgZeFTRiJoS5MTez/s640/Juice089.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Finish"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1WgXYZPwx-VVk7qdr7MPapXR1I84_asTIgYrb8oITHLiJ-U4XhZTlcDBcCAbkRNQlywK92Nrdfqubi4AqEIsZ7PRTrX_J4uo3tsdAQnDZLw9oXBTP1WvkOBQ59RpGZWZg4lxZXtRw17rH/s1600/Juice090.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="446" data-original-width="416" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1WgXYZPwx-VVk7qdr7MPapXR1I84_asTIgYrb8oITHLiJ-U4XhZTlcDBcCAbkRNQlywK92Nrdfqubi4AqEIsZ7PRTrX_J4uo3tsdAQnDZLw9oXBTP1WvkOBQ59RpGZWZg4lxZXtRw17rH/s640/Juice090.png" width="596" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to the second Terminal window that is in our Downloads directory</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">"cd" into the "Postman" directory<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhlQkoLh0J8Fypt8bgOAwe_3vBl4KJevbNTUocL47v1-CMMcHetEMV7pKXCA80KMDv07BW7ogLtMKjtaNlp_5nazlYQmceQgrd7tFmQe0MNpC-bq7kUYbvNOEJNltwc3eafs_vpOLREOEx/s1600/Juice091.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="100" data-original-width="495" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhlQkoLh0J8Fypt8bgOAwe_3vBl4KJevbNTUocL47v1-CMMcHetEMV7pKXCA80KMDv07BW7ogLtMKjtaNlp_5nazlYQmceQgrd7tFmQe0MNpC-bq7kUYbvNOEJNltwc3eafs_vpOLREOEx/s640/Juice091.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If we do "ls -l" in the Postman directory, we can see the Postman binary. Let's launch it.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZAEp-tIz8adIzBkbnIjhqIJ_jj2x9tI-c5e_lJ0yYue6W09Yhvzyj0QHAgalfwL49y7zETUq7e9rKjwRbZ2o0AQUSHvDtVXN4CZk2KOzwhmzjAu81_1GoSiwDmVozOWz7Ml5783Ci_QyW/s1600/Juice092.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="722" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZAEp-tIz8adIzBkbnIjhqIJ_jj2x9tI-c5e_lJ0yYue6W09Yhvzyj0QHAgalfwL49y7zETUq7e9rKjwRbZ2o0AQUSHvDtVXN4CZk2KOzwhmzjAu81_1GoSiwDmVozOWz7Ml5783Ci_QyW/s640/Juice092.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "./Postman"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuwNDx8kkqBcD8WleNjlctnRGm1QsWbfTUCoUCkCnb8X2QB2v9VbDk5DnLR_e4atkZe7qErbiqcqc9roESg8BH7BbcrSHOQICRYoeU_qad1xF8f143-MA5nCr64rjH63jWvAiaRiU_ezzC/s1600/Juice093.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="73" data-original-width="727" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuwNDx8kkqBcD8WleNjlctnRGm1QsWbfTUCoUCkCnb8X2QB2v9VbDk5DnLR_e4atkZe7qErbiqcqc9roESg8BH7BbcrSHOQICRYoeU_qad1xF8f143-MA5nCr64rjH63jWvAiaRiU_ezzC/s640/Juice093.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">PC Load Letter?</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's find out what can provide this missing shared object. In Terminal, type in "yum whatprovides libXss.so.1".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAVNrTw-5c1SDBQ2I9twgmGo0ZrFW9lTJpygMZ9c-wC5OyTfoHrZl-_xvFyFoWWiyb5TZfthUFue0exBrNRcKgUVp-JwCnLhlV9uwQUvtmyJTA3vP3Cw6NmhR149iJDYLo1T0NJqarOKMg/s1600/Juice095.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="308" data-original-width="723" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAVNrTw-5c1SDBQ2I9twgmGo0ZrFW9lTJpygMZ9c-wC5OyTfoHrZl-_xvFyFoWWiyb5TZfthUFue0exBrNRcKgUVp-JwCnLhlV9uwQUvtmyJTA3vP3Cw6NmhR149iJDYLo1T0NJqarOKMg/s640/Juice095.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We can see that libXScrnSaver will provide this shared object. In Terminal, type in "yum install libXScrnSaver". NOPE. In Terminal, type in, "sudo yum install libXScrnSaver".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhORm5mw9BzBd4rRVirkmcm13VLKMRJpUKsaV03gE8-XDPvgUWPod_F0VBfBWWRWnka2gNqnhDNUs42uOA35X-GsX-USt_1PZNGRJHBrdauIya6PpPRJdqIiYd8Oae7j0TrY4wfJEHRLIiC/s1600/Juice096.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="364" data-original-width="723" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhORm5mw9BzBd4rRVirkmcm13VLKMRJpUKsaV03gE8-XDPvgUWPod_F0VBfBWWRWnka2gNqnhDNUs42uOA35X-GsX-USt_1PZNGRJHBrdauIya6PpPRJdqIiYd8Oae7j0TrY4wfJEHRLIiC/s640/Juice096.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go through the prompts of the install</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's try this again, in Terminal, type in, "./Postman" and press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Yay! Postman works!</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">To go further, you can sign in with a Postman account if you have one, sign up for one, or just skip this step for now. I'm going to skip this for now.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlLfEDdJVi2-odD2SvEf74IOifJAmtEUjc6SOPPXQQwE8Gi708hMqJT3fED_joKX_agvvdXJ5PNNEn1JeJv4T_b-SdUq9L2xj114ZK8d2pcGHfFwbLksmvOCTQRoE3M8edZwhiJxe-vKzd/s1600/Juice097.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="676" data-original-width="1019" height="424" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlLfEDdJVi2-odD2SvEf74IOifJAmtEUjc6SOPPXQQwE8Gi708hMqJT3fED_joKX_agvvdXJ5PNNEn1JeJv4T_b-SdUq9L2xj114ZK8d2pcGHfFwbLksmvOCTQRoE3M8edZwhiJxe-vKzd/s640/Juice097.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You can choose to keep this helpful window on each launch; Go ahead and click the "x" in the upper right hand corner.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioc2_vwbSRxcnM5jEKwfCEACZLv3q-ocexPO-fAcdnZF3EufujGRgdclZG4fRhuzcKHZzlpbPRDASznfGq_IRN5J0pzSymkpbJjpcAyfmE-QJMEH40wOPRKP2FDvlQGwXHMYL7Ien2impN/s1600/Juice098.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="1015" height="442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioc2_vwbSRxcnM5jEKwfCEACZLv3q-ocexPO-fAcdnZF3EufujGRgdclZG4fRhuzcKHZzlpbPRDASznfGq_IRN5J0pzSymkpbJjpcAyfmE-QJMEH40wOPRKP2FDvlQGwXHMYL7Ien2impN/s640/Juice098.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Postman works, you can close this for now<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKH9ou4mjxrby3PuKGSNt3q-yiCLmHqZGRPgmrMkZJuAR1rO_FcLgFvNp5B9LuCfbBaSat1lQi0GH4hh6f1AlVzr8FysBwZxBVK0Zs-PtiTvy7KdKUw36FplsLsRYIPDZPhctsaitQ1hc6/s1600/Juice099.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="702" data-original-width="1015" height="442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKH9ou4mjxrby3PuKGSNt3q-yiCLmHqZGRPgmrMkZJuAR1rO_FcLgFvNp5B9LuCfbBaSat1lQi0GH4hh6f1AlVzr8FysBwZxBVK0Zs-PtiTvy7KdKUw36FplsLsRYIPDZPhctsaitQ1hc6/s640/Juice099.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go to Applications > Other and you should see "OWASP ZAP" in here<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijLd4ryIkaUWGatf2VzFRXP8m4am87mPrI6oJBzAxp7G35hfj_Ir1SiXwjzwxHY6-rmiJ_Z4By17U-zu40tdwA5iHOWB_xMHdQUPhydxPzgHfg2O8eAjKBJuCFun2zKSh7Jc9G3vpyODEo/s1600/Juice100.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="428" data-original-width="493" height="554" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijLd4ryIkaUWGatf2VzFRXP8m4am87mPrI6oJBzAxp7G35hfj_Ir1SiXwjzwxHY6-rmiJ_Z4By17U-zu40tdwA5iHOWB_xMHdQUPhydxPzgHfg2O8eAjKBJuCFun2zKSh7Jc9G3vpyODEo/s640/Juice100.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "OWASP ZAP" to launch it</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">ZAP will load up and give you options of how you want to persist your sessions. Since this was just a test run to make sure the app runs, choose "No" and click "Start"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6DsMF1AueLk4O1Eq9Efbe42ksVNFN1vRFY1IPCkZ_0XTQS1eBz6j5Em69HiVwPPzeGL0LTg730LDyqJbhTctBggVh59EpF40J6AODS9HNGT09_kKBUPnTLhB3At2x9Qsl-91IgSwm1Io8/s1600/Juice101.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="597" data-original-width="795" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6DsMF1AueLk4O1Eq9Efbe42ksVNFN1vRFY1IPCkZ_0XTQS1eBz6j5Em69HiVwPPzeGL0LTg730LDyqJbhTctBggVh59EpF40J6AODS9HNGT09_kKBUPnTLhB3At2x9Qsl-91IgSwm1Io8/s640/Juice101.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Close ZAP</span></li>
<br />
</ol>
<span style="font-family: "arial" , "helvetica" , sans-serif;">That's all I have planned for this post! The next post will actually do something! :)</span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-60746366151261667462018-02-12T17:00:00.000-06:002018-02-12T17:00:44.763-06:00OWASP Omaha Feb 2018 - 001 - Deserialization with the JS for the lulz<span style="font-family: "arial" , "helvetica" , sans-serif;">On Feb 16th, I'm going to present a discussion of deserialization attacks in a JavaScript based web application at the OWASP Omaha chapter meeting. My slides will cover a lot of the material below, but I won't spend too much time per slide. The purpose of these blog entries will be to show each step of the way as a reference for the upcoming talk.</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">We will start with preparing the environment. We're going to use <a href="https://www.centos.org/" target="_blank">CentOS</a> 7 for the OS and the <a href="https://github.com/bkimminich/juice-shop" target="_blank">OWASP Juice Shop</a> project for the web app to exploit. This series assumes you already have <a href="https://www.virtualbox.org/" target="_blank">VirtualBox</a> installed, but I would imagine that VMware would also work fine as well.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go to the downloads page for CentOS <a href="https://www.centos.org/download/" target="_blank">here</a></span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "DVD ISO" and download the ISO which should automatically pick a download mirror closest to you. At the time of this writing, CentOS 7, x86_64 1708 was used.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Start VirtualBox and click "New"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Type in "JuiceShop" as the name, change the type to "Linux", and select "Red Hat (64-bit)" as the Version.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifSAsqq3sx8dvCc8x0U11JxDvFcs0ftDboX_pocIRnQGByio35-MMjClDOJFuCDTz50Xnf5f0qjkoKkfbYeqIfs8epecYXMZUIiZGOpWeM2QeH8nJ9Fo2YD1IMwpCBXwmTG0oded-wE6nG/s1600/Juice001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="888" data-original-width="1248" height="454" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifSAsqq3sx8dvCc8x0U11JxDvFcs0ftDboX_pocIRnQGByio35-MMjClDOJFuCDTz50Xnf5f0qjkoKkfbYeqIfs8epecYXMZUIiZGOpWeM2QeH8nJ9Fo2YD1IMwpCBXwmTG0oded-wE6nG/s640/Juice001.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Continue"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Change the RAM to 2048 (or higher if you can) and click "Continue"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhqdPAE5O9JDLLuJ8xSFyp4biD6JnksxE7oSImsGFbPu0-TIYAU24Hu2iPgOhWWKY5zAC0abqvsYkgsMSaxiWFhQMiDNaTEkS0UZWjBUgDkIpAHQphNFKYghXCrddQPKnU1LpnKQeVfbav/s1600/Juice002.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="882" data-original-width="1244" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhqdPAE5O9JDLLuJ8xSFyp4biD6JnksxE7oSImsGFbPu0-TIYAU24Hu2iPgOhWWKY5zAC0abqvsYkgsMSaxiWFhQMiDNaTEkS0UZWjBUgDkIpAHQphNFKYghXCrddQPKnU1LpnKQeVfbav/s640/Juice002.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Leave the default option of "Create ..." and click "Continue"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwuAVHftubeVhzwJwOFqD5MTf5oBDm-KXTYPtqSv7IsgY4bBUxzDKhmowIsZndoxXL7ovXHj2DOKCZ2EbBdNOgreTefVWJDfA9Cm0m10ftZJ35OqmQ6CgCv840uGdFN8lFRqi895kSKP2C/s1600/Juice003.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="704" data-original-width="874" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwuAVHftubeVhzwJwOFqD5MTf5oBDm-KXTYPtqSv7IsgY4bBUxzDKhmowIsZndoxXL7ovXHj2DOKCZ2EbBdNOgreTefVWJDfA9Cm0m10ftZJ35OqmQ6CgCv840uGdFN8lFRqi895kSKP2C/s640/Juice003.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Leave the default option of "VDI" and click "Continue"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkvfg9D0LfiFW671gC3ft057gzt4vmcGZk_v2MyLd5xNlwwYmIcmIpMObj2Mc1FxOAo5_x27I4wRMEmzQBZqG6jxT1AXR59v_N62fnau1FlKy2wicN-9gQ6qoI0-lFuUGou_Xl7jp8WHSe/s1600/Juice004.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="858" data-original-width="1026" height="534" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkvfg9D0LfiFW671gC3ft057gzt4vmcGZk_v2MyLd5xNlwwYmIcmIpMObj2Mc1FxOAo5_x27I4wRMEmzQBZqG6jxT1AXR59v_N62fnau1FlKy2wicN-9gQ6qoI0-lFuUGou_Xl7jp8WHSe/s640/Juice004.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Leave the default option of "Dynamic" and click "Continue"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9BOU0BkpsApvQzBeC1IGJX5fWkYnFExy8Cmll7s3L9kS4y-rPD3wa1nKU623aorDbTo2I2cU3uUpHMI1DiDlpzdwUQWGKJrW2hTbVbI6lAYmG52pnAKxwx8KL_g1ShBT-FJswvf7HYX2T/s1600/Juice005.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="852" data-original-width="1018" height="534" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9BOU0BkpsApvQzBeC1IGJX5fWkYnFExy8Cmll7s3L9kS4y-rPD3wa1nKU623aorDbTo2I2cU3uUpHMI1DiDlpzdwUQWGKJrW2hTbVbI6lAYmG52pnAKxwx8KL_g1ShBT-FJswvf7HYX2T/s640/Juice005.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Change the hard drive size to 30GB and click "Create"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY57yubjHbNNpT6tl56r0-rpNQQRdSjmmm5zHAt0DPKC4dtpnH-RwtnmmpJWcqswXE1Ey5C1hfkMDn-eAX96YN-UTtdc17rkTq_WhaihYhjdl_uOb5H53h7GeYfTqSyYZ8xflnLKzpWabS/s1600/Juice006.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="850" data-original-width="1016" height="534" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY57yubjHbNNpT6tl56r0-rpNQQRdSjmmm5zHAt0DPKC4dtpnH-RwtnmmpJWcqswXE1Ey5C1hfkMDn-eAX96YN-UTtdc17rkTq_WhaihYhjdl_uOb5H53h7GeYfTqSyYZ8xflnLKzpWabS/s640/Juice006.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Settings" for JuiceShop</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the "General" tab, click "Advanced", and change both "Shared Clipboard" and "Drag n drop" to "Bidirectional"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO3YVrKgCNqdgG3_BGd0uJwqVufFA4deWH8kBTqnUBjgeLfn59sxdkF20okgNGd7NmZHJMlOMLHGX3JLEImCAxIhRw0ZcWHsG_1zwmJIVKK49DVAklhzNhrOCjfScqOdUju3_x7izMxW1r/s1600/Juice007.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="470" data-original-width="1124" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO3YVrKgCNqdgG3_BGd0uJwqVufFA4deWH8kBTqnUBjgeLfn59sxdkF20okgNGd7NmZHJMlOMLHGX3JLEImCAxIhRw0ZcWHsG_1zwmJIVKK49DVAklhzNhrOCjfScqOdUju3_x7izMxW1r/s640/Juice007.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the "System" tab, click "Processor", and increase the number of CPUs up to 2 if possible<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoOzH13RvEQtPh3KjWOftw3pupmNtBq-8D2WxzQHqMO6EQ9sZE7kGiqeqlxyYDeNB6DVnSwNbB-ESajN1IhuVrsWG8lm8P41TCHeCMNdpsDM_FhswTMU-2ZAtkUqssT_ChlOOXrbHLGJu9/s1600/Juice008.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="686" data-original-width="1254" height="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoOzH13RvEQtPh3KjWOftw3pupmNtBq-8D2WxzQHqMO6EQ9sZE7kGiqeqlxyYDeNB6DVnSwNbB-ESajN1IhuVrsWG8lm8P41TCHeCMNdpsDM_FhswTMU-2ZAtkUqssT_ChlOOXrbHLGJu9/s640/Juice008.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the "Storage" tab, click "Empty" under "Controller: IDE", and click the CD icon<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTexQ6Ow869-wMA0jz8ugH88qHFZNIfPiLS1Jo08GXOX2Q2oixECGRVU647VAgK0UMqpnfFj61fL5z_qv-VSV7l5qj_P1E-5iCQPCHaEu_jsLl00VjOpfrCc6kdYWqJM4fyvNj4F8wDl8m/s1600/Juice055.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="342" data-original-width="1262" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTexQ6Ow869-wMA0jz8ugH88qHFZNIfPiLS1Jo08GXOX2Q2oixECGRVU647VAgK0UMqpnfFj61fL5z_qv-VSV7l5qj_P1E-5iCQPCHaEu_jsLl00VjOpfrCc6kdYWqJM4fyvNj4F8wDl8m/s640/Juice055.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Choose Virtual Optical Disk File"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Select the ISO from step 2</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click Ok</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Start" on the JuiceShop VM</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Press the up arrow to select "Install CentOS 7" and press Enter<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXGoNG1bEAYD7IFN_5nyJrZI1FMslTbkD_LRfDcjyN06wSwBpjNHPNxePU9Uy0IfE-TrrA1sWv5ZuGOKtxp2VoGzK14Ac0SgkzyjKRDymgF11JltLGO_si_WRYh1cah4_safx9ks_Oogzn/s1600/Juice009.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="702" data-original-width="1044" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXGoNG1bEAYD7IFN_5nyJrZI1FMslTbkD_LRfDcjyN06wSwBpjNHPNxePU9Uy0IfE-TrrA1sWv5ZuGOKtxp2VoGzK14Ac0SgkzyjKRDymgF11JltLGO_si_WRYh1cah4_safx9ks_Oogzn/s640/Juice009.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Once the GUI install screen appears, select the appropriate language and click "Continue"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6saDllJHasnVHNiAl6bJXUJs9SDUj4McpRCrpUmzKitrIyZKS7ImxqP-HKcqW6bHuKLGXgWfvA7U7E-sWXpaF4TvF6eTtS2AavR_BMT5yI8WH6N5Fr_Blj8jg51rK7RXbXek5Fm_Dc9d-/s1600/Juice010.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1334" data-original-width="1600" height="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6saDllJHasnVHNiAl6bJXUJs9SDUj4McpRCrpUmzKitrIyZKS7ImxqP-HKcqW6bHuKLGXgWfvA7U7E-sWXpaF4TvF6eTtS2AavR_BMT5yI8WH6N5Fr_Blj8jg51rK7RXbXek5Fm_Dc9d-/s640/Juice010.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's start with configuring the system from the top. Click "Date & Time".</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Change the timezone as appropriate and click "Done"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Software Selection"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Choose "GNOME Desktop", check "Development Tools", and click "Done"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJMgjCh_9j61bHXBMgyZxyF4foYlgYTi9hYaSxg49Heps2GWCONMhF5Ru7A5qtXbRzZLdTFEWRmDJd-LOmWCX7u06j2TntzsxNpUaFNYnwymoDcZB4ify5f4_wASHaq7Tp7HzagT9JtJEb/s1600/Juice011.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="870" data-original-width="1600" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJMgjCh_9j61bHXBMgyZxyF4foYlgYTi9hYaSxg49Heps2GWCONMhF5Ru7A5qtXbRzZLdTFEWRmDJd-LOmWCX7u06j2TntzsxNpUaFNYnwymoDcZB4ify5f4_wASHaq7Tp7HzagT9JtJEb/s640/Juice011.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Installation Destination"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh16TT4AOjnsORu3AwPPn_t5uDq601pmI8_Np138684ocTG0PMIOeAIpZ3B98ccwhS8nQ6HLxyUvFodrK6DdA9sI7f03k5omJykhEcQ-OiZXJYg00CPiFXd7y-bkhda2Yur-fxlONLSzi-/s1600/Juice012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1318" data-original-width="1600" height="526" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjh16TT4AOjnsORu3AwPPn_t5uDq601pmI8_Np138684ocTG0PMIOeAIpZ3B98ccwhS8nQ6HLxyUvFodrK6DdA9sI7f03k5omJykhEcQ-OiZXJYg00CPiFXd7y-bkhda2Yur-fxlONLSzi-/s640/Juice012.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review the disk options and click "Done" when complete<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI3ythJgxehCIDWQT40DCJZcQTqgh5Z5K2NRIhJIvwabiizy-5KnXcM8Ppkl0-_24tS0v64fME0vVEcC6rTfqx89aK54vzF9oz8dh9otC1qY8lAaAbNPm7XmcacY7FrtB1QNSb4IZMP5WY/s1600/Juice013.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="928" data-original-width="1600" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI3ythJgxehCIDWQT40DCJZcQTqgh5Z5K2NRIhJIvwabiizy-5KnXcM8Ppkl0-_24tS0v64fME0vVEcC6rTfqx89aK54vzF9oz8dh9otC1qY8lAaAbNPm7XmcacY7FrtB1QNSb4IZMP5WY/s640/Juice013.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Network & Host Name"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0WYVRwpYZM8Wg7ohO7uhLCoOkfsIOU1Tj5AEmEX4WEUV2pv3FQQ-QaUZRuzMzHoJiPL0OqusB2RvbaDvPyIH3wqus5ORMOJQrI4c8FjniYlFtY8-spta7NZ6IK4yAtVxrDNfsBj7boKI0/s1600/Juice014.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1056" data-original-width="1452" height="464" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0WYVRwpYZM8Wg7ohO7uhLCoOkfsIOU1Tj5AEmEX4WEUV2pv3FQQ-QaUZRuzMzHoJiPL0OqusB2RvbaDvPyIH3wqus5ORMOJQrI4c8FjniYlFtY8-spta7NZ6IK4yAtVxrDNfsBj7boKI0/s640/Juice014.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Configure"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF7Q-Rx3jRnvhJ7BVKv0aH4A3mUgVHsfJT_AOBE5cCG66lKv6UZ07upFadY7A7HDVQ56aHirMOby3HkFmkGArOFl2xvDsBWuWaNQ0C5akpdAf1I4L93bCexn-T9gcKXmQFuZfxXE2by6_k/s1600/Juice015.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1142" data-original-width="1600" height="456" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF7Q-Rx3jRnvhJ7BVKv0aH4A3mUgVHsfJT_AOBE5cCG66lKv6UZ07upFadY7A7HDVQ56aHirMOby3HkFmkGArOFl2xvDsBWuWaNQ0C5akpdAf1I4L93bCexn-T9gcKXmQFuZfxXE2by6_k/s640/Juice015.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "General"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Check "Automatically connect..."</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Save"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The ethernet adapter should now have automatically flipped to "On"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3EaizggA3jw6G_SHx7wi7g5H6JoP9-INZHL6t6ZZb5_fLcYgloLbEJAm8tOJs6bfGRV0yC6hW4GeEqiSDrXkFG9FALDdDERrNt2gdheLk2KJKg1uYhYQzMVrt38IBFF7Fe1FKSKP4yGNz/s1600/Juice016.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="566" data-original-width="1600" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3EaizggA3jw6G_SHx7wi7g5H6JoP9-INZHL6t6ZZb5_fLcYgloLbEJAm8tOJs6bfGRV0yC6hW4GeEqiSDrXkFG9FALDdDERrNt2gdheLk2KJKg1uYhYQzMVrt38IBFF7Fe1FKSKP4yGNz/s640/Juice016.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Done"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Begin Installation"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2pRFkc_CSNdJv_QpsXBIuSPsROsFZhBCNNDwvYzOkbyVvr60kglPF3p4HwjiU08GSfpPzxlJnuL5KLMPcnDpqwE2FS_0-o_oY6zKgf142CQ1k6TuXp7VRxGGSDihjyF7RYSbbk0-Ri_23/s1600/Juice017.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1310" data-original-width="1600" height="524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2pRFkc_CSNdJv_QpsXBIuSPsROsFZhBCNNDwvYzOkbyVvr60kglPF3p4HwjiU08GSfpPzxlJnuL5KLMPcnDpqwE2FS_0-o_oY6zKgf142CQ1k6TuXp7VRxGGSDihjyF7RYSbbk0-Ri_23/s640/Juice017.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">While the system begins installation, you get the option to set a root password and a user. Click "Root password".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDomf6_rA-cqf8rShtnm8kkhClumFOKjdR5o24WRldU0YzWJb4UOOvWnFpm5E-8C0Rnu_cVOcovAsfRw6HUvlJcmr5EGwRUOyIqeFJT03gKFEKSxLCJUiAgh72gtpMwA39501T3JcJe_sO/s1600/Juice018.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="282" data-original-width="1402" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDomf6_rA-cqf8rShtnm8kkhClumFOKjdR5o24WRldU0YzWJb4UOOvWnFpm5E-8C0Rnu_cVOcovAsfRw6HUvlJcmr5EGwRUOyIqeFJT03gKFEKSxLCJUiAgh72gtpMwA39501T3JcJe_sO/s640/Juice018.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Set a root password and click "Done"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "User creation"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFceUYU36r-IcTAceW767RHqSlVszxvlvOiDl0qb8coQRqTn7aEXQcnolhK2ELv4D0yOfpObaVR3K8HVoPV_LqDlCMTDJRLFtRS3pbws6IyXhZwbadG4Dhk20MEK7970edySCUXzdz54BQ/s1600/Juice019.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="258" data-original-width="1452" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFceUYU36r-IcTAceW767RHqSlVszxvlvOiDl0qb8coQRqTn7aEXQcnolhK2ELv4D0yOfpObaVR3K8HVoPV_LqDlCMTDJRLFtRS3pbws6IyXhZwbadG4Dhk20MEK7970edySCUXzdz54BQ/s640/Juice019.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Set the full name, user name (should automatically populate), check the box for "Make this user administrator", and matching passwords. When done, click "Done".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxZVItJwIX1NIh51ucroE2Y8Pk7F-zTEhF-gX9D8PheOHNMX5e5cX9-7CGc0ZRj1xFh66aOGq3rRhSc3K3N_RTkUMvRaVf_LESlOIcylYtr5xADygqFtKF4Q6oXL8bSFkH1avzOa-jnFk0/s1600/Juice020.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="795" data-original-width="1600" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxZVItJwIX1NIh51ucroE2Y8Pk7F-zTEhF-gX9D8PheOHNMX5e5cX9-7CGc0ZRj1xFh66aOGq3rRhSc3K3N_RTkUMvRaVf_LESlOIcylYtr5xADygqFtKF4Q6oXL8bSFkH1avzOa-jnFk0/s640/Juice020.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Wait for the installation process to finish</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Reboot"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdQXvPmapil6ZgF4T8pziz2NzBupC88WEqoA55qy4IVLpbbsu0tjiE57TOEmMiEr4OfLVmuQP4ZBugbHS_Moa5evW3ztZlpKxpZctxKNk46djUKhmaPNqTeyjF35fXOB5PZKzaSiM0j2Q3/s1600/Juice021.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="301" data-original-width="1600" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdQXvPmapil6ZgF4T8pziz2NzBupC88WEqoA55qy4IVLpbbsu0tjiE57TOEmMiEr4OfLVmuQP4ZBugbHS_Moa5evW3ztZlpKxpZctxKNk46djUKhmaPNqTeyjF35fXOB5PZKzaSiM0j2Q3/s640/Juice021.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Once you're back into the GUI configuration screen, click "License information"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilFL4wL2umeBBZVV133epsibv7qSxKNq6zM0OiUPFJLHeJWm1NjiJwEXbkTGGCCugnFZp193ECKNsq-Rx-tBFOE_yN-ISgDgz8VaZQGx8FuQfmkDJu6NuOmaAb0qNAsD8-qj9mjYKqJSZT/s1600/Juice022.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="672" data-original-width="854" height="502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilFL4wL2umeBBZVV133epsibv7qSxKNq6zM0OiUPFJLHeJWm1NjiJwEXbkTGGCCugnFZp193ECKNsq-Rx-tBFOE_yN-ISgDgz8VaZQGx8FuQfmkDJu6NuOmaAb0qNAsD8-qj9mjYKqJSZT/s640/Juice022.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review the EULA, check the box to accept the terms, and click "Done"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhgDmspD9_zqZEMltKA-LYCrMt-RSPlvWAb-bFDkE1__J2K7w1ar9qzrk2F5ugEyJ7staDUT7I1QOoreP3w-appndrcPSbnorVmWelT5Z46YH6qLvHcZmWMdR9UOM9iUgUGSDPWKsZQc9K/s1600/Juice023.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1196" data-original-width="1600" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhgDmspD9_zqZEMltKA-LYCrMt-RSPlvWAb-bFDkE1__J2K7w1ar9qzrk2F5ugEyJ7staDUT7I1QOoreP3w-appndrcPSbnorVmWelT5Z46YH6qLvHcZmWMdR9UOM9iUgUGSDPWKsZQc9K/s640/Juice023.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Finish configuration"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKJ0mhbFHD8gIIolfRlKMPuDQNz7ciRYpYYpe8L_S1UAQ5oRwo7gXz8S-a55Bb9J_kxHQ7wvRl8vBABFjjt3q1UnW4OVUtlswnna_9wY5hYtQv7JXYpaYFv59QPt_ZwOSoaQq26waXgFtq/s1600/Juice024.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1341" data-original-width="1600" height="536" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKJ0mhbFHD8gIIolfRlKMPuDQNz7ciRYpYYpe8L_S1UAQ5oRwo7gXz8S-a55Bb9J_kxHQ7wvRl8vBABFjjt3q1UnW4OVUtlswnna_9wY5hYtQv7JXYpaYFv59QPt_ZwOSoaQq26waXgFtq/s640/Juice024.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log into the system!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjISYRzHwqRTI17Pi4dTZ7MQeTBpY3WpeqCGhThywE4BiCyBGYF8KU37SJ6M-Y53x-cy8OKBxeCoBsoFfj5cY6zbdlsFl5SBqGgtaCYWMEtB2ZvTGpSxShrrvzOCoSqZrgVIJwpgey2d75g/s1600/Juice025.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="812" data-original-width="792" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjISYRzHwqRTI17Pi4dTZ7MQeTBpY3WpeqCGhThywE4BiCyBGYF8KU37SJ6M-Y53x-cy8OKBxeCoBsoFfj5cY6zbdlsFl5SBqGgtaCYWMEtB2ZvTGpSxShrrvzOCoSqZrgVIJwpgey2d75g/s640/Juice025.png" width="624" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In the gnome-initial-setup screen, choose your language and click "Next" in the upper right</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review the keyboard selection and click "Next"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review the privacy option and click "Next"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Connect accounts that'd you like and click "Skip" if you choose none of them</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Start using CentOS Linux"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgssER8bZXtnxDAlHKgUJ5_mPmrAh8rW_JnYsIJZzIF1C1LjXT07TEPsWrJ4DgaYZ17N1zNxULveAuOx7GzS1IYFCfy-UQ8tRk39-Tr2eztGGV_eM46TE_x8cZQlf20VZsiqI9QUXofuiOg/s1600/Juice026.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="754" data-original-width="788" height="612" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgssER8bZXtnxDAlHKgUJ5_mPmrAh8rW_JnYsIJZzIF1C1LjXT07TEPsWrJ4DgaYZ17N1zNxULveAuOx7GzS1IYFCfy-UQ8tRk39-Tr2eztGGV_eM46TE_x8cZQlf20VZsiqI9QUXofuiOg/s640/Juice026.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Review the help information and close when finished</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Move the mouse cursor to the top left of the screen to "Applications"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Applications" and click on "Terminal"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheqz_XJDdXySwDEAStblj1geMeGcs5Oy_59p66e8gfg4PWGNckMmIZmWn_DxZdw0MiiJ8Y5ylaws-KAt6e3x6pN3g25vpcxF-eEjAsVM-i3afa7Fc4SUuuS__MviR8bQXPpBpJo-HfvXDm/s1600/Juice027.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="772" data-original-width="926" height="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheqz_XJDdXySwDEAStblj1geMeGcs5Oy_59p66e8gfg4PWGNckMmIZmWn_DxZdw0MiiJ8Y5ylaws-KAt6e3x6pN3g25vpcxF-eEjAsVM-i3afa7Fc4SUuuS__MviR8bQXPpBpJo-HfvXDm/s640/Juice027.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "sudo yum update" and press Enter. Review the warning, enter your password, and press Enter.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd4apncxeDbfLXnp00-oe7TqKbDszbeb_bpCsMR4n0ggFi7L0AWmrVzfv3ulFwhJvae2JHxTYDlc6gHYqZuyNHy_A7YZh-9qIqLYluazxgCsIuZGX7Hi0CmTKKpa3A7JDaUiwhetyAIUlJ/s1600/Juice028.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="578" data-original-width="1246" height="296" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd4apncxeDbfLXnp00-oe7TqKbDszbeb_bpCsMR4n0ggFi7L0AWmrVzfv3ulFwhJvae2JHxTYDlc6gHYqZuyNHy_A7YZh-9qIqLYluazxgCsIuZGX7Hi0CmTKKpa3A7JDaUiwhetyAIUlJ/s640/Juice028.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">I had an issue with PackageKit locking yum in two different instances. Move the cursor to the top right of the screen, click the power icon, and click on the "Power button" </span><span style="font-family: "arial" , "helvetica" , sans-serif;">icon.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Restart"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Enter the password and click "Authenticate". The system will be rebooted.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log back in!</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open up a Terminal client (Applications > Favorites > Terminal)</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Type in, "sudo yum update", press Enter, enter in your password, and press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">A bunch of text will scroll by, eventually it'll stop asking if you want to download updates. Type in, "y" and press Enter.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFfaJuSvbwHaHGaJzdKPLbKUSsrKHYfQXGRhr9PZ8fShHsrCq97U_g_02Cvdlm_fW24YixuCkn7plSUyr_8YvSGhD6d338_kbQHAu9tjslTPMpSp_Rlee6HqirYEnAjFHMD_WoFs6g1ofd/s1600/Juice029.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="983" data-original-width="1436" height="436" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFfaJuSvbwHaHGaJzdKPLbKUSsrKHYfQXGRhr9PZ8fShHsrCq97U_g_02Cvdlm_fW24YixuCkn7plSUyr_8YvSGhD6d338_kbQHAu9tjslTPMpSp_Rlee6HqirYEnAjFHMD_WoFs6g1ofd/s640/Juice029.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Next you may get a prompt to update a key. Type in "y" at the prompt and press Enter.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9ZotReOVTx5ATdkdIn-10HRE2oc08xFV0TWj2TzzlngDnBi86aamrXrN69piMRTLxYMb2KR-_eNxSSmJ_4V24zExW72LuBMcbI-noxJaV5ytknECobBLNoxjIjzQeOTLVJb5SK6Lh2GRF/s1600/Juice030.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1016" data-original-width="1462" height="444" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9ZotReOVTx5ATdkdIn-10HRE2oc08xFV0TWj2TzzlngDnBi86aamrXrN69piMRTLxYMb2KR-_eNxSSmJ_4V24zExW72LuBMcbI-noxJaV5ytknECobBLNoxjIjzQeOTLVJb5SK6Lh2GRF/s640/Juice030.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Once that completes, move the mouse to the upper right, click on the power icon, and click the wrenches<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx2_Y7s7KrL0snyvKTAm7SQ4DF_bDxnb3Z1fC1ArtCcxqeshJx37kova6o-wjo_zGyoBrLB-5tRhyL6_LLyPorVMTm0u8qWh92kghgdOEK_OEZryLIVIeWeEyhmJuNDSqCQkV6bF5fxXth/s1600/Juice031.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="620" data-original-width="574" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx2_Y7s7KrL0snyvKTAm7SQ4DF_bDxnb3Z1fC1ArtCcxqeshJx37kova6o-wjo_zGyoBrLB-5tRhyL6_LLyPorVMTm0u8qWh92kghgdOEK_OEZryLIVIeWeEyhmJuNDSqCQkV6bF5fxXth/s640/Juice031.png" width="592" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Power"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the dropdown for "Power Saving" and change it to "Never"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMFcj8sXP7kQhBaWoYGC9-bzURWLpXmtpNJOJhWNX-y7V8UJQ3rNdavWZkLooc-Z4QXF0zQ-quB8X-rMyLp3ZUiZ7hDp0yftDFLrEbCtgjFTn6GG3Z1wLRqJ6to_okHnM8C3NaEfuftd4t/s1600/Juice032.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="782" data-original-width="1466" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMFcj8sXP7kQhBaWoYGC9-bzURWLpXmtpNJOJhWNX-y7V8UJQ3rNdavWZkLooc-Z4QXF0zQ-quB8X-rMyLp3ZUiZ7hDp0yftDFLrEbCtgjFTn6GG3Z1wLRqJ6to_okHnM8C3NaEfuftd4t/s640/Juice032.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the back button to go to the previous screen</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Privacy"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsMpRneoHF1oF5s2h0VZRauIdfGPtSWOrm_yCrzoN9iy2iTYVAIdtgrIZGDlwB9Djf52t1EFFnLO03-vn92MNFKiZxHaSKgtnfSkRTvGW-JNUlL01KFr4lNaWU9pixZQZXbwIJ0zeinnqS/s1600/Juice033.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="1186" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsMpRneoHF1oF5s2h0VZRauIdfGPtSWOrm_yCrzoN9iy2iTYVAIdtgrIZGDlwB9Djf52t1EFFnLO03-vn92MNFKiZxHaSKgtnfSkRTvGW-JNUlL01KFr4lNaWU9pixZQZXbwIJ0zeinnqS/s640/Juice033.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Screen Lock"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQBsZDDVaB2aZDbKvFpSTq5L6AWZf35YhBE1ITSmWuC1sgX77aw75Zb8EnuHEVUwBfMUjS2UnQYSJ9X-1ZdduNO35Lxqy2WbiUw7IjXs82sWz4SWfvRUpjdVZpr8eikq0UeUrh7xiZmJ0C/s1600/Juice034.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="511" data-original-width="940" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQBsZDDVaB2aZDbKvFpSTq5L6AWZf35YhBE1ITSmWuC1sgX77aw75Zb8EnuHEVUwBfMUjS2UnQYSJ9X-1ZdduNO35Lxqy2WbiUw7IjXs82sWz4SWfvRUpjdVZpr8eikq0UeUrh7xiZmJ0C/s640/Juice034.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "On" to turn it off<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF-r5gY_WrqKEXbL4pXkkjhG3GtBpToMDRvYbTqtk4fuSG6BwRFUpJVAjdZyCPVcIFrTYvceJQY8vUbu8g7O-ZEJhl-sGhk_8J58fCoUSfORzTXrgMM7z-jlBNVzVvTCioRrHqXGB_XyGs/s1600/Juice035.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="504" data-original-width="820" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF-r5gY_WrqKEXbL4pXkkjhG3GtBpToMDRvYbTqtk4fuSG6BwRFUpJVAjdZyCPVcIFrTYvceJQY8vUbu8g7O-ZEJhl-sGhk_8J58fCoUSfORzTXrgMM7z-jlBNVzVvTCioRrHqXGB_XyGs/s640/Juice035.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the "x" to close out</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the "x" to close out of Privacy</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We now want to install the VirtualBox Guest Additions. If you click out of the VM (pressing Right Control in Windows or Left Command in macOS), you get options for the VM if you click the title bar of the VM window. These instructions are based on Mac, so click on "Devices" at the top and select, "Insert Guest Additions CD image".</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In your VM, you should see a CD icon automatically popup and an auto-run box asking if you want to run the software. Click "Run".<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRRF2jQEgIaeL41XOJUqCyhSSDfDCSbKmE-izQyCyk4fdDOd986sn_Oremcx5_6X74p5DZ1zbqSACQupTJIaPSq1r8t_JBZBIGoJ1e9bv4a5B6L1U2_hHdG3r3ZQ9OPpuyc1aBmR5LHf_j/s1600/Juice036.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="384" data-original-width="1338" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRRF2jQEgIaeL41XOJUqCyhSSDfDCSbKmE-izQyCyk4fdDOd986sn_Oremcx5_6X74p5DZ1zbqSACQupTJIaPSq1r8t_JBZBIGoJ1e9bv4a5B6L1U2_hHdG3r3ZQ9OPpuyc1aBmR5LHf_j/s640/Juice036.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Enter in your password and click "Authenticate" or press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If all goes well, you'll be able to freely move your mouse in and out of the VM. Yay! Press the Enter key.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwrNO0hSmx4Yn1VPVHKRUDH-VJwG2EzYVC2dHFuyI81qSe27_PlTz-KmTOPII4f6VXtc4OKSXYxxvxWCr3Bbu79A2wjaOu2yWJDCgW6v_ZVmuNgOaPGyogArBwyi0_4VZ8EpuNtCnluV0O/s1600/Juice037.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="614" data-original-width="1452" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwrNO0hSmx4Yn1VPVHKRUDH-VJwG2EzYVC2dHFuyI81qSe27_PlTz-KmTOPII4f6VXtc4OKSXYxxvxWCr3Bbu79A2wjaOu2yWJDCgW6v_ZVmuNgOaPGyogArBwyi0_4VZ8EpuNtCnluV0O/s640/Juice037.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We now need the <a href="https://docs.npmjs.com/getting-started/what-is-npm" target="_blank">Node.js package manager</a> to run the Juice Shop. If we type in "npm" at the prompt, we see that it's not installed.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixZOi_RXzZmSbAU3j6zZ0G6loGLKcG5r6oKxy94mAZRcU6cmwyPwRzdPm0Jo0OFYmhXFjJMXDi9Xsjcz7g_LYYpowtnWy5_IyCUlnm-ADzvU5hdvk4sK6A2VK2vbTJuAALygUbyg_egozz/s1600/Juice038.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="210" data-original-width="644" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixZOi_RXzZmSbAU3j6zZ0G6loGLKcG5r6oKxy94mAZRcU6cmwyPwRzdPm0Jo0OFYmhXFjJMXDi9Xsjcz7g_LYYpowtnWy5_IyCUlnm-ADzvU5hdvk4sK6A2VK2vbTJuAALygUbyg_egozz/s640/Juice038.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We will refer to <a href="https://nodejs.org/en/download/package-manager/#enterprise-linux-and-fedora" target="_blank">these official instructions</a> from Node to install what we need</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "curl --silent --location https://rpm.nodesource.com/setup_9.x | sudo bash -" and press Enter<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPzxFuR5xiMBrOMYXdccPtKrM29iliWyx85BgmYwqe-eX1kBdFYAZ4aaf9KyNEmC-Bq330JN1Wt_0V1ezSrIesQCbrjWF_kPGZEb1PRJH6XodRs791JiPeLOuQeztZficbDrRyMexyRb1f/s1600/Juice039.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="114" data-original-width="1600" height="44" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPzxFuR5xiMBrOMYXdccPtKrM29iliWyx85BgmYwqe-eX1kBdFYAZ4aaf9KyNEmC-Bq330JN1Wt_0V1ezSrIesQCbrjWF_kPGZEb1PRJH6XodRs791JiPeLOuQeztZficbDrRyMexyRb1f/s640/Juice039.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Enter in your password and it should do it's magic</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Like the instructions on the website and in the window, we need to now install node v9. We are using v9 since that is what is officially recommended by Juice Shop as the preferred version.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh21OIN1u4EsumEykUn1Ow_xbmW9qYFQmA9rf7Yv1y1_TsfB_dZ1DHtdiC89z2v0yhBtsjrxjK4lvUT5q_9LJBI8og2qdAhMyVvYbGkn1jGE07J1XLA55JT6Q7Ay53l0d4dl3AbIvm3h7FZ/s1600/Juice040.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="230" data-original-width="1362" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh21OIN1u4EsumEykUn1Ow_xbmW9qYFQmA9rf7Yv1y1_TsfB_dZ1DHtdiC89z2v0yhBtsjrxjK4lvUT5q_9LJBI8og2qdAhMyVvYbGkn1jGE07J1XLA55JT6Q7Ay53l0d4dl3AbIvm3h7FZ/s640/Juice040.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in, "sudo yum install -y nodejs" and press Enter<div class="separator" style="clear: both; text-align: center;">
</div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">It should complete pretty fast! We now have nodejs v9.5 installed at the time of this writing.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM5GS8pvFI5Jv6PpyzWAiqM7jO5b-t8AwNMnrOvVmZ23a8FdzCNEEF_DTxkIG3xSSBfQptsicmIUEN6J8H1v6Qv38NvgZZZ4J3BIzByklcR4R0r27iMVV2gnpkZfdaIXfnKQ-ojrmySbOy/s1600/Juice042.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="228" data-original-width="710" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM5GS8pvFI5Jv6PpyzWAiqM7jO5b-t8AwNMnrOvVmZ23a8FdzCNEEF_DTxkIG3xSSBfQptsicmIUEN6J8H1v6Qv38NvgZZZ4J3BIzByklcR4R0r27iMVV2gnpkZfdaIXfnKQ-ojrmySbOy/s640/Juice042.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Now we need to get the latest version of the OWASP Juice Shop. In our VM, go to Applications and open up Firefox.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, browse to <a href="https://github.com/bkimminich/juice-shop">https://github.com/bkimminich/juice-shop</a></span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You should see a "releases" link. At the time of this writing, there are 106 releases. Click on that.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisH32DZKnCGN4EksZbMjlxmTZ6V4TE_bTUYnyqqetuNtbsx1mLCG5SHLZZnhmxzKVoCqVJgo2cl_pqLUZbYwmlUvy__epO1hdfx2H7iLb5JR0a21C0OMt_e5HrMu8cZ9Wug9sFSlWTkRcM/s1600/Juice043.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1268" data-original-width="1546" height="524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisH32DZKnCGN4EksZbMjlxmTZ6V4TE_bTUYnyqqetuNtbsx1mLCG5SHLZZnhmxzKVoCqVJgo2cl_pqLUZbYwmlUvy__epO1hdfx2H7iLb5JR0a21C0OMt_e5HrMu8cZ9Wug9sFSlWTkRcM/s640/Juice043.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We want the latest linux, x64, node9 package. In this case, its juice-shop-6.4.2_node9_linux_x64.tgz. Click on that.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibhh3mzl-vj3FIU2bVqsTRfZiPkOxZA_2AezyS-C98guI0Ut4NTrdPktGhFmffwHw6pAKfURSse-9abydHpepJLgNc3EKnWoymvSJ_nYt7aBoFYGhrQ0LXkvT9SdjfZ4IjPQ5UdAeDW5T7/s1600/Juice044.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="883" data-original-width="1600" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibhh3mzl-vj3FIU2bVqsTRfZiPkOxZA_2AezyS-C98guI0Ut4NTrdPktGhFmffwHw6pAKfURSse-9abydHpepJLgNc3EKnWoymvSJ_nYt7aBoFYGhrQ0LXkvT9SdjfZ4IjPQ5UdAeDW5T7/s640/Juice044.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Save File" and click "Ok"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5AHPbtSo6RqMlxe-94b4w0C3ftDQ78wOrh50v-XMv3h1xYY0_BhXOoSB-Z2rTTuW_lm4tlKHYJqekqhyphenhyphenw22Jlxcd6fd_C3ecgnuQQDOCU3dsu0N-gBkGb76Ch0mBWkTCG3Zj1eRMEjRDx/s1600/Juice045.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="736" data-original-width="970" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5AHPbtSo6RqMlxe-94b4w0C3ftDQ78wOrh50v-XMv3h1xYY0_BhXOoSB-Z2rTTuW_lm4tlKHYJqekqhyphenhyphenw22Jlxcd6fd_C3ecgnuQQDOCU3dsu0N-gBkGb76Ch0mBWkTCG3Zj1eRMEjRDx/s640/Juice045.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Once it's done, Firefox should show you a helpful mini-window and a folder icon so you can browse to where the file was saved. Click on the folder icon.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq-9F_RdQ43gWtS2qEgtZkyvytblJvP3oudnlpNPA3g2xFMHHKs5tKFP3ymqkXpeKSs2cLjEpQYpzaY7r3R97wYze1bPyqFsD-wANgV-q5ItpLdcsjp5oodROHILaVplPIOoVaRkNuL1Oq/s1600/Juice046.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="334" data-original-width="1056" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq-9F_RdQ43gWtS2qEgtZkyvytblJvP3oudnlpNPA3g2xFMHHKs5tKFP3ymqkXpeKSs2cLjEpQYpzaY7r3R97wYze1bPyqFsD-wANgV-q5ItpLdcsjp5oodROHILaVplPIOoVaRkNuL1Oq/s640/Juice046.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Right click on the archived file and click "Open With Archive Manager"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmoujoYs4S9bvJ-RIlpFUotMbkaVS1NMJlZJxCX2da83dHfoqS-Hgc2X-60_SKJ0r3atbLkKmOmgpaG5TOBL4iU5IfBzjjGJ-21nQsErZcQHCt6sXmYzUE3t3BJhUx9cclRJIUaNb436-U/s1600/Juice047.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="588" data-original-width="852" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmoujoYs4S9bvJ-RIlpFUotMbkaVS1NMJlZJxCX2da83dHfoqS-Hgc2X-60_SKJ0r3atbLkKmOmgpaG5TOBL4iU5IfBzjjGJ-21nQsErZcQHCt6sXmYzUE3t3BJhUx9cclRJIUaNb436-U/s640/Juice047.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Extract"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1F5j5awpLGBaXWXcCZgcoLhcF-8LAqpKWL_GFI-sxCb2hjxIju3NN02sGNeKXadKRWWWllJRRDbAbwmDEgGvupDtigORdopJ_v4OVE_Z0ud_YePdHwxhWijGKIHV9isCvqxvXUrNpcCht/s1600/Juice048.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="586" data-original-width="922" height="406" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1F5j5awpLGBaXWXcCZgcoLhcF-8LAqpKWL_GFI-sxCb2hjxIju3NN02sGNeKXadKRWWWllJRRDbAbwmDEgGvupDtigORdopJ_v4OVE_Z0ud_YePdHwxhWijGKIHV9isCvqxvXUrNpcCht/s640/Juice048.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on the new folder icon<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipKcRM6MUbB0VRZTnER1nFHZUemD8Vtw4pevP_031RjU9Kn1MJI5gGDzilVxwHgSRq-jK9abkm50I6cr3uQNnsGrH6zMdROyuf5TdE2p6J0oOsoNcx2npoaYN618OocL45yH8cbd-9TEfx/s1600/Juice049.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="306" data-original-width="1128" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipKcRM6MUbB0VRZTnER1nFHZUemD8Vtw4pevP_031RjU9Kn1MJI5gGDzilVxwHgSRq-jK9abkm50I6cr3uQNnsGrH6zMdROyuf5TdE2p6J0oOsoNcx2npoaYN618OocL45yH8cbd-9TEfx/s640/Juice049.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Give the new folder some kind of meaningful name. I chose, "js642". After you enter in a name, click "Create"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW9e1jIt_PSg9TvBy-AdokQ0EwBKF__V-13zFQh3yq1nwxK5dyPtl22qn-UJhOSSCN5dqXa3_zosKdSWV9NflDQAoh5NQq60_5W7FQ1YZaz4ph1FgCnxw1d4RGNLI2WVM2C0eKMRD-odaS/s1600/Juice050.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="420" data-original-width="720" height="372" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW9e1jIt_PSg9TvBy-AdokQ0EwBKF__V-13zFQh3yq1nwxK5dyPtl22qn-UJhOSSCN5dqXa3_zosKdSWV9NflDQAoh5NQq60_5W7FQ1YZaz4ph1FgCnxw1d4RGNLI2WVM2C0eKMRD-odaS/s640/Juice050.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Extract"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCVhhJmMCuGeT_Jun61eFHboYZcbZ4owYKRNcU5LfpTedidpKRNV1nXVmnGdpreSv_7ZQp0zMhz1K3JxwcippoVok2N0IuCp3hnz_5fdm8Pqpa2Pe-uBL_qtyZIx5MNo6DyJ4CtFBinuZj/s1600/Juice051.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="256" data-original-width="1600" height="102" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCVhhJmMCuGeT_Jun61eFHboYZcbZ4owYKRNcU5LfpTedidpKRNV1nXVmnGdpreSv_7ZQp0zMhz1K3JxwcippoVok2N0IuCp3hnz_5fdm8Pqpa2Pe-uBL_qtyZIx5MNo6DyJ4CtFBinuZj/s640/Juice051.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Close"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">"X" out of the Archive Manager</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You can close the file browser window now too along with Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Go back to the Terminal window</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Browse to the folder we extracted the Juice Shop contents into<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm0gDZ5Ha4v7Ot1Rt0gH6RYuKzGLGUgzUk_tSSCJ_1gLFC8D-iTAQpaiSbsY4rir_Au1AHxrS7l2P-l1ZBX2OKyhK2NpKswz3pCC4PAC-jmpR6vtqetPtFQWikLSLAw_WUrU0-SPXk56Ol/s1600/Juice052.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="150" data-original-width="770" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm0gDZ5Ha4v7Ot1Rt0gH6RYuKzGLGUgzUk_tSSCJ_1gLFC8D-iTAQpaiSbsY4rir_Au1AHxrS7l2P-l1ZBX2OKyhK2NpKswz3pCC4PAC-jmpR6vtqetPtFQWikLSLAw_WUrU0-SPXk56Ol/s640/Juice052.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Type in, "npm start" and press Enter. If all goes well, we should have the Juice Shop listening on port 3000!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGMo2t-HI_GYkClQlqy9rdW5EfD0Vrh3qg6rX01E5dAhaQEBasFk4mHVRO2JTW_iEcaYvcPhF3FOZkZvRZ2UTwvIP11KpYhad0hOZpJnQ99IkPO-Sli90xwevGLaEMz8P-a7BTi3Jlu3DF/s1600/Juice053.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="1600" height="162" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGMo2t-HI_GYkClQlqy9rdW5EfD0Vrh3qg6rX01E5dAhaQEBasFk4mHVRO2JTW_iEcaYvcPhF3FOZkZvRZ2UTwvIP11KpYhad0hOZpJnQ99IkPO-Sli90xwevGLaEMz8P-a7BTi3Jlu3DF/s640/Juice053.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open up Firefox, and browse to http://127.0.0.1:3000<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiloxcx-9-6L3HKR1Yz9ABPkybAwQnGJO2i5gBy5Cdd5ejLYyn5LdaTNuXM-GIaNB1znjkEIIqPnBHZFNtUHmQgyvoeMfv8fZo3qmofJDbZLV8MTbwF2b_oKxtoj9UW8n-crJMNpsWw1ah-/s1600/Juice054.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="677" data-original-width="1600" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiloxcx-9-6L3HKR1Yz9ABPkybAwQnGJO2i5gBy5Cdd5ejLYyn5LdaTNuXM-GIaNB1znjkEIIqPnBHZFNtUHmQgyvoeMfv8fZo3qmofJDbZLV8MTbwF2b_oKxtoj9UW8n-crJMNpsWw1ah-/s640/Juice054.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Welcome to the OWASP Juice Shop!</span></li>
</ol>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-33076062287618471942018-02-06T17:15:00.000-06:002018-02-06T17:15:17.680-06:00OSCP Journey 002 - Assessing Kioptrix Level 1<span style="font-family: "arial" , "helvetica" , sans-serif;">Now that we have the Kioptrix Level 1 VM up and ready, let's see what we have! Ensure that both the Kali VM and Kioptrix Level 1 VM are up and running. I first booted up the Kali VM and then booted up the Kioptrix VM. That order has helped me with the IP address distribution below and in future posts.</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment go!</span></div>
<div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Log into the Kali VM</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open a terminal window and let's verify that we cannot connect to the internet</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "ping www.msn.com" and press the Enter key<br /><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitL0qRqUYYkK4d8RXrSvCRXy0pHzDpCKR-OwDgENZ6ym4AT-5n5KuysdP66dOwS7kT1igvvUXNVdJnsBSJ6Pfc6WTMUFA_c4V3CYZDDnYBs1L6N6N5WC4Uyu8EPYf0tK6pzpaUbcK0CZvm/s1600/kiopL1_007.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="238" data-original-width="866" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitL0qRqUYYkK4d8RXrSvCRXy0pHzDpCKR-OwDgENZ6ym4AT-5n5KuysdP66dOwS7kT1igvvUXNVdJnsBSJ6Pfc6WTMUFA_c4V3CYZDDnYBs1L6N6N5WC4Uyu8EPYf0tK6pzpaUbcK0CZvm/s640/kiopL1_007.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">That should be good enough to verify we can't get out. Let's see our IP configuration.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "ifconfig" and press the Enter key<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb1WvFdOdFodPQFFMvjAB0ytlyHeh-MdHekHVNGUPRvmGNK63gD_5IYxIMQ8cRHGLNbIOjPwLWNggmcGz081n80S9h6UcWmygc2beVC1pD9uFHByzNts5uee2zQ7jiYcUCMZA-ZfqAijIM/s1600/kiopL1_008+v1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="900" data-original-width="1424" height="404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb1WvFdOdFodPQFFMvjAB0ytlyHeh-MdHekHVNGUPRvmGNK63gD_5IYxIMQ8cRHGLNbIOjPwLWNggmcGz081n80S9h6UcWmygc2beVC1pD9uFHByzNts5uee2zQ7jiYcUCMZA-ZfqAijIM/s640/kiopL1_008+v1.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">When we set up the host-only network configuration in VirtualBox, we could see that the IP addresses would automatically start at .3. It appears that our Kali box has the first IP address from the DHCP pool for the "eth0" adapter.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's use <a href="https://github.com/alexxy/netdiscover" target="_blank">netdiscover</a> to see if that can pick up any hosts in our network. Note: Your results may vary depending on what else you've configured to run in the host-only network.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Terminal, type in "netdiscover" and press the Enter key<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipqICiglFUXkxHjR1ZiXovAbFuIYFOtuxAiQ7MozP9ZUBupmx2R59ChFMsru1HtLHUDSv-gkUMIjoHGMEMMCdNuEpyVH4LEwZLogEN2qJnEoo_KWJYziCRtSodLfRYO7yT5hu26DwWfE3z/s1600/kiopL1_008+v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="180" data-original-width="632" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipqICiglFUXkxHjR1ZiXovAbFuIYFOtuxAiQ7MozP9ZUBupmx2R59ChFMsru1HtLHUDSv-gkUMIjoHGMEMMCdNuEpyVH4LEwZLogEN2qJnEoo_KWJYziCRtSodLfRYO7yT5hu26DwWfE3z/s640/kiopL1_008+v2.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The command will enumerate IP ranges and eventually we should find the Kioptrix Level 1 VM!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwAvpYeC9DJTnblrqkRQBcvXR72ZTbvfTulfxszLYQT2FNilfZ2nvaeKj_eDe-KBh5535SBSSwf8OCUTk30Fg5l1Dl1lKR37rFf0Kjz0zYW8X4hiNEmn4SDEnCSHmeW8iad3Qf2YfG7Ouz/s1600/kiopL1_009.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="546" data-original-width="1396" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwAvpYeC9DJTnblrqkRQBcvXR72ZTbvfTulfxszLYQT2FNilfZ2nvaeKj_eDe-KBh5535SBSSwf8OCUTk30Fg5l1Dl1lKR37rFf0Kjz0zYW8X4hiNEmn4SDEnCSHmeW8iad3Qf2YfG7Ouz/s640/kiopL1_009.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We can correlate the Kioptrix VM with the IP address based on the MAC address. This is why we needed to note that MAC address from the previous post!</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's use another tool to further investigate Kioptrix. We're going to use <a href="https://nmap.org/zenmap/" target="_blank">Zenmap</a>.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In terminal, type in "zenmap" and press the Enter key<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIH3tp2zBsQ76zZ15SyVo2Kf-OG7zCOy232lInB5_2P5t1URXMjlflLzvM13_t1fzs4NxnPJKj1GOTiK5UM5zHT2zQUSK1eliQIpy62CNYP6-vXpeEXmNfI4NNgSLTjFnBZ_E-xnf9Ql-l/s1600/kiopL1_010.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="562" data-original-width="1360" height="264" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIH3tp2zBsQ76zZ15SyVo2Kf-OG7zCOy232lInB5_2P5t1URXMjlflLzvM13_t1fzs4NxnPJKj1GOTiK5UM5zHT2zQUSK1eliQIpy62CNYP6-vXpeEXmNfI4NNgSLTjFnBZ_E-xnf9Ql-l/s640/kiopL1_010.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">This will launch the GUI front-end for the nmap tool.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb8eh9g7VkFKo-U-anxtcBPXTq2HbVFecOp4ufWGTEnVFMxJf_nOlwi2UWE3jKF6C82xiQTGIyekGcZfNwkc23GpRBYRwyCZpudQsUChZuIFRaXtIcBfZUWJIDT1rsqkn5x-kYSeHaKhx6/s1600/kiopL1_011.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="671" data-original-width="1600" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb8eh9g7VkFKo-U-anxtcBPXTq2HbVFecOp4ufWGTEnVFMxJf_nOlwi2UWE3jKF6C82xiQTGIyekGcZfNwkc23GpRBYRwyCZpudQsUChZuIFRaXtIcBfZUWJIDT1rsqkn5x-kYSeHaKhx6/s640/kiopL1_011.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We can see default options are already set for us. Let's configure Zenmap to scan Kioptrix.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Zenmap, enter in "192.168.56.5" for the Target, and change the Profile to "Intense scan, all TCP"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXdJWkLzXpmIhPm69KKYX0HA7GT36MMTHOq-bQucbIzAFlJdiE_oFa8xF8EJ4K0Exxca9ol4UcFN2wL1zLUB949cmgDoMAtGF6cpno9T4TwpO6iCE-LwwThKhzmImD2CGIiQYmCkJd_Fjc/s1600/kiopL1_012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="728" data-original-width="1600" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXdJWkLzXpmIhPm69KKYX0HA7GT36MMTHOq-bQucbIzAFlJdiE_oFa8xF8EJ4K0Exxca9ol4UcFN2wL1zLUB949cmgDoMAtGF6cpno9T4TwpO6iCE-LwwThKhzmImD2CGIiQYmCkJd_Fjc/s640/kiopL1_012.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click the "Scan" button<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Y51-CrDtTu8VYbLah5hh869mfAFzUFak76iJIeJpLmWp6cSXthaIJ3Bp5yPk0qoWE9EDbnjQ7FD2gK5QANSiVFO69kyv7yG-lX7hormXzZhNJbIrGhVeeu-B78ATsRZFsTDgIo6rX54n/s1600/kiopL1_013.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="430" data-original-width="1448" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5Y51-CrDtTu8VYbLah5hh869mfAFzUFak76iJIeJpLmWp6cSXthaIJ3Bp5yPk0qoWE9EDbnjQ7FD2gK5QANSiVFO69kyv7yG-lX7hormXzZhNJbIrGhVeeu-B78ATsRZFsTDgIo6rX54n/s640/kiopL1_013.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Depending on a few factors, your entire scan of the host could take 1 or up to a few minutes. The scan I performed took about 5 minutes for the entire scan to finish. However, you'll quickly see preliminary results based on the different phases of the scan.</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Once the scan finishes, you'll see various points of interest from the scan results. In the first part of the scan results we can see open ports on the Kioptrix VM.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTk5IkmE1PCHOcx-YkEePeOeqzsMrVe8q_1fHZweJ6_Umiii8zk4zNoEaDZLUC57TipKIAWZsVqod5ZySZ37PQX7I_bLkrgSCpBxMiTFASmIkqqdBDruKAYKg3hJSQaLpWS2uGpVQaPnMf/s1600/kiopL1_014.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1384" data-original-width="1534" height="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTk5IkmE1PCHOcx-YkEePeOeqzsMrVe8q_1fHZweJ6_Umiii8zk4zNoEaDZLUC57TipKIAWZsVqod5ZySZ37PQX7I_bLkrgSCpBxMiTFASmIkqqdBDruKAYKg3hJSQaLpWS2uGpVQaPnMf/s640/kiopL1_014.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Here's a quick breakdown of the results and why we care:</span></li>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 22 - Could identify a vulnerable SSH implementation</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 80 - Could identify a vulnerable web server and OS</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 111 - Could identify a vulnerable RPC implementation</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 139 - Could identify a vulnerable file sharing/SMB implementation</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 443 - Could identify a vulnerable web server and OS</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Port 32768 - Could identify some kind of vulnerable network thing</span></li>
</ol>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's keep scrolling<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqBEYzXi-GsSyCHlfcz2zhRxKogFWVbEVsie8FxgieGZ8UXNahel7UcoUGK88EjA26ATB_Eiq-DB7qE3LLJwD4Oxbgo6UtdmbC8Fs_jaB2QUN_tmFyYvWcBLtKRXKNtgdycUSxZ_xvbDzX/s1600/kiopL1_015.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1382" data-original-width="1522" height="580" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqBEYzXi-GsSyCHlfcz2zhRxKogFWVbEVsie8FxgieGZ8UXNahel7UcoUGK88EjA26ATB_Eiq-DB7qE3LLJwD4Oxbgo6UtdmbC8Fs_jaB2QUN_tmFyYvWcBLtKRXKNtgdycUSxZ_xvbDzX/s640/kiopL1_015.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgkeR8wPmrwSPEsnr8IBEOq3Y3LdCW5Ix71g_9WPTRyswLH_Tq2GKWKyUT12suOBrT_C_j2Rsj1AQ7U2R8E0nlLqYQED1ACM7TweP_qsnos1XfnZs1GFQuvYFBxhymuZ3ibIKGboH0eJNf/s1600/kiopL1_016.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1368" data-original-width="1520" height="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgkeR8wPmrwSPEsnr8IBEOq3Y3LdCW5Ix71g_9WPTRyswLH_Tq2GKWKyUT12suOBrT_C_j2Rsj1AQ7U2R8E0nlLqYQED1ACM7TweP_qsnos1XfnZs1GFQuvYFBxhymuZ3ibIKGboH0eJNf/s640/kiopL1_016.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKCliIy_x8NIIdUWAM_RnLmLoiYzAxRAbLUeKWEQcXzXOxJnULSz6JidZ0CnKRP_WLFqQ7I6E5j5LudeBP0O5CSoV95CCNbA91KIkiCCpWqI1fCNMIJ9_PwnTp9C8EllW5RjBf7N1qywZu/s1600/kiopL1_017.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1380" data-original-width="1516" height="582" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKCliIy_x8NIIdUWAM_RnLmLoiYzAxRAbLUeKWEQcXzXOxJnULSz6JidZ0CnKRP_WLFqQ7I6E5j5LudeBP0O5CSoV95CCNbA91KIkiCCpWqI1fCNMIJ9_PwnTp9C8EllW5RjBf7N1qywZu/s640/kiopL1_017.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3cYhJq_6HBqKHoppHavm6QrIrehuFZwBlQ83REKDRZVh-W-FWNYjwyLKd91C9FhKy6SSBrWA6NyBl0GSB1Bg-pIba4YSGJIct7DSnbBfFTz78omnDQdc3zE1wVqMtV-QPT6sRceH5UPcT/s1600/kiopL1_018.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1381" data-original-width="1528" height="578" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3cYhJq_6HBqKHoppHavm6QrIrehuFZwBlQ83REKDRZVh-W-FWNYjwyLKd91C9FhKy6SSBrWA6NyBl0GSB1Bg-pIba4YSGJIct7DSnbBfFTz78omnDQdc3zE1wVqMtV-QPT6sRceH5UPcT/s640/kiopL1_018.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">This scan helped further identify services behind the ports and interesting tidbits of information</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">On the left, click "Services"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSsO5eQXUQKkRPHwECG3Loc8lxVrA3bq-qDfiALOuWfHI4nhFmyVHsOgGQ9XxHHaqlkc4_sgMr95t5r4LKjyclR7ASc3Hu716EqYdhTSlKCmVVQ6AF-XcjlERRHoqw4I_uCt1nWUgbHs7Z/s1600/kiopL1_019.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="796" data-original-width="1050" height="484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSsO5eQXUQKkRPHwECG3Loc8lxVrA3bq-qDfiALOuWfHI4nhFmyVHsOgGQ9XxHHaqlkc4_sgMr95t5r4LKjyclR7ASc3Hu716EqYdhTSlKCmVVQ6AF-XcjlERRHoqw4I_uCt1nWUgbHs7Z/s640/kiopL1_019.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">This view provides a quick interface to each service and further information</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "http" to see more information about the version of Apache and identification of Red Hat<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho54P6qneaYVCoJ659ee-6oFfU_JL-3KeeO-qUnRAtsMHQgT_5b_4U0v1kdZEYd9GTJ4-IU_mhyYP343rJ-8bSAk6R85RCSucIqK_RkE-9OZPQz7TrLNRhIvfLx0eLHUwEiXeyLfrMQuKN/s1600/kiopL1_020.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="752" data-original-width="1530" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho54P6qneaYVCoJ659ee-6oFfU_JL-3KeeO-qUnRAtsMHQgT_5b_4U0v1kdZEYd9GTJ4-IU_mhyYP343rJ-8bSAk6R85RCSucIqK_RkE-9OZPQz7TrLNRhIvfLx0eLHUwEiXeyLfrMQuKN/s640/kiopL1_020.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Scrolling to the right reveals more info<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiql4JXGvo9NaFHpaOWle3SDgcnWLMmXvB7R6qAer0gqQc5OCHt_O67wVaR_6Kwu1vh6R1IPCiZmWRc5992wZ2CtfZm3UQyF9i91PxovyEhLGTirbe9FDOm-nfyWzUXRrtw7Q4nF8dgQbKR/s1600/kiopL1_021.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="703" data-original-width="1530" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiql4JXGvo9NaFHpaOWle3SDgcnWLMmXvB7R6qAer0gqQc5OCHt_O67wVaR_6Kwu1vh6R1IPCiZmWRc5992wZ2CtfZm3UQyF9i91PxovyEhLGTirbe9FDOm-nfyWzUXRrtw7Q4nF8dgQbKR/s640/kiopL1_021.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "netbios-ssn" to reveal Samba is being used for SMB<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB8DGDOS8SQ7mPBxfNPrpkq5tib0HM3o7sh_-WDL0PW2CDkApW0htWrh9pqDwL6y9jgdCS6vgoL7mHPE65VseIT0Xb8TqPhhNwnw9KeixHpoU02miifz_-2lLlcUi6vO6TELn-nYXBBKMX/s1600/kiopL1_021+v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="742" data-original-width="1502" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB8DGDOS8SQ7mPBxfNPrpkq5tib0HM3o7sh_-WDL0PW2CDkApW0htWrh9pqDwL6y9jgdCS6vgoL7mHPE65VseIT0Xb8TqPhhNwnw9KeixHpoU02miifz_-2lLlcUi6vO6TELn-nYXBBKMX/s640/kiopL1_021+v2.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "ssh" to show information about OpenSSH<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1pGp2hd0jHd9aPm-OipitXbti0lQExqSvbgW4E8U2jh-VlF0ctzSLPoPwmeVOWDh6W0H4elA_YJlCbmWCx7apnejppf-MDtVUtQ5aS5znEh-TeumsglDxaHJvlA2LKPHzxqwy2uDlJ7vn/s1600/kiopL1_022.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1420" height="338" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1pGp2hd0jHd9aPm-OipitXbti0lQExqSvbgW4E8U2jh-VlF0ctzSLPoPwmeVOWDh6W0H4elA_YJlCbmWCx7apnejppf-MDtVUtQ5aS5znEh-TeumsglDxaHJvlA2LKPHzxqwy2uDlJ7vn/s640/kiopL1_022.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's save our scan results for future reference</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Scan" at the top and click "Save Scan"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW2TS343LTskoCliADWa0yXhH6skGbn17R2Jt19XWuTkRUFRniIPD61kgKdCJoqvVLWAlfKQf-EZ4If-ccgLxpuNRhwRQ5EoiCOBylwdxfAvKJ4ykWSw3BzijqwzRG6LAquXnH4IaouX3F/s1600/kiopL1_023.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="716" data-original-width="1364" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW2TS343LTskoCliADWa0yXhH6skGbn17R2Jt19XWuTkRUFRniIPD61kgKdCJoqvVLWAlfKQf-EZ4If-ccgLxpuNRhwRQ5EoiCOBylwdxfAvKJ4ykWSw3BzijqwzRG6LAquXnH4IaouX3F/s640/kiopL1_023.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's name the results "Kioptrix Level 1" and save it in the Documents folder. But, you can save it wherever you want!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXcY9Wus4ws3C-PscBntAuFv7oTEMg6rApoQKMMomj_keYkHx_nyu-_tsYrxDcuF4TtSVTAwLhtlULCTeyBNpfRioGyXX_1aiXNQpQrRDUZCrTPzdxmfhOpw434mr1XW2pOih0uezhRIRY/s1600/kiopL1_024.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1334" data-original-width="1600" height="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXcY9Wus4ws3C-PscBntAuFv7oTEMg6rApoQKMMomj_keYkHx_nyu-_tsYrxDcuF4TtSVTAwLhtlULCTeyBNpfRioGyXX_1aiXNQpQrRDUZCrTPzdxmfhOpw434mr1XW2pOih0uezhRIRY/s640/kiopL1_024.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Let's take a quick peek at what's running!</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Open Firefox</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">In Firefox, open a new tab/window, type in 192.168.56.5, and press Enter</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">You should see the default page for an Apache install (albeit pretty old) on port 80<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpcP5lRedoiiiPFKD3Gk-3J1cvl1R_pOj80X-dZ-S4Jw93_KiPT2A8H6s6638RebDvrGJP454KDn8Z2YvUS4asgYqIs76Rzi2bVjvNw8ntv0-PEAVjffbNfrnubfKHpztJt65GxwsZ0WKT/s1600/kiopL1_025.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="606" data-original-width="1600" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpcP5lRedoiiiPFKD3Gk-3J1cvl1R_pOj80X-dZ-S4Jw93_KiPT2A8H6s6638RebDvrGJP454KDn8Z2YvUS4asgYqIs76Rzi2bVjvNw8ntv0-PEAVjffbNfrnubfKHpztJt65GxwsZ0WKT/s640/kiopL1_025.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If we type in https://192.168.56.5 in Firefox, we'll get a warning about insecure SSL settings (e.g. an expired self-signed certificate).</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click "Advanced"</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Add in the exception by clicking on "Add Exception"<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSiC3fagXaV1aPdGaocjKyXj2iHHerjaz0mZ9uav1jTNQ4Nbg7tcKJQqBBkCycb7FdTBCdyhEFKkuAVM24-Cj5085i2d8c8uJSHRQKKoaDc2BNftt9upsDA-M-2KgYCwJAeYpI4GPnYhdY/s1600/kiopL1_026.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1183" data-original-width="1600" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSiC3fagXaV1aPdGaocjKyXj2iHHerjaz0mZ9uav1jTNQ4Nbg7tcKJQqBBkCycb7FdTBCdyhEFKkuAVM24-Cj5085i2d8c8uJSHRQKKoaDc2BNftt9upsDA-M-2KgYCwJAeYpI4GPnYhdY/s640/kiopL1_026.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Click on "Confirm Security Exception"<br /><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLlzi_m97hriOp182g_sb2TzSZ9MM6M5360ST05kVOpgdmrrREVgoH7z4n272vaPNoqT-kbBWoA5_AJr-etTkvyTlrqj7RoodJDc1Nj0SMpIuTf1YxCS0nCMZrHI8Lz1ikmJbJIWjHQXKX/s1600/kiopL1_027.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1154" data-original-width="1324" height="556" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLlzi_m97hriOp182g_sb2TzSZ9MM6M5360ST05kVOpgdmrrREVgoH7z4n272vaPNoqT-kbBWoA5_AJr-etTkvyTlrqj7RoodJDc1Nj0SMpIuTf1YxCS0nCMZrHI8Lz1ikmJbJIWjHQXKX/s640/kiopL1_027.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">We see the same default install page for Apache, but on port 443</span></li>
</ol>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
</div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Now that we have a basic enumeration of the system done, the next post will use more tools to identify more information about each service and we will exploit it.</span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com1tag:blogger.com,1999:blog-6692635973462574922.post-12402961968749275012018-01-31T07:42:00.000-06:002018-01-31T07:45:33.109-06:00OSCP Journey 001 - VM prep for Kioptrix Level 1<span style="font-family: Arial, Helvetica, sans-serif;">One of my goals for 2018 is to get the <a href="https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/">OSCP</a> and <a href="https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/">OSCE</a> certifications. I have been looking at OSCP study guides and getting a feel of what to review before signing up for the certification. WIth that, I’ve seen these multiple guides (<a href="http://www.jaspher.com/blog/oscp-like-vulnhub-vms">Jaspher</a>, <a href="http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms.html">abatchy</a>, and <a href="https://medium.com/@a.hilton83/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1">Andrew Hilton</a>) with suggestions for vulnerable virtual machines that are similar to the OSCP labs. I’ll be going through the list like <a href="http://www.jaspher.com/blog/oscp-like-vulnhub-vms">the guide from Jaspher</a> and honing the skills I need for the PWK/OSCP starting with Kioptrix Level 1.</span><b id="docs-internal-guid-ff7cdaa1-4854-0a39-4d86-8e0d358a5b71" style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">Here’s what we’ll need for this post:</span></div>
<ol style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">
<li style="font-family: arial; font-size: 11pt; white-space: pre-wrap;"><a href="https://www.virtualbox.org/" style="font-size: 11pt;" target="_blank">VirtualBox</a><span style="font-size: 11pt;"> installed (I'm using 5.2.6)</span></li>
<li style="font-family: arial; font-size: 11pt; white-space: pre-wrap;"><a href="https://www.kali.org/" style="font-size: 11pt;" target="_blank">Kali</a><span style="font-size: 11pt;"> (or another machine with similar tools)</span></li>
<li style="font-family: arial; font-size: 11pt; white-space: pre-wrap;"><a href="https://www.vulnhub.com/entry/kioptrix-level-1-1,22/" style="font-size: 11pt;" target="_blank">Kioptrix Level 1</a><span style="font-size: 11pt;"> VM</span></li>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span></ol>
<span style="font-family: Arial, Helvetica, sans-serif;">For Kali, I’m going to assume you’ve already got that <a href="https://docs.kali.org/category/installation">set up</a> and it’s fully up to date (e.g. sudo apt-get update; sudo apt-get upgrade). Next we will set up our internal network that only our virtual machines can use.</span><b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">VirtualBox internal network setup:</span></div>
<ol><span style="font-family: "arial";"><span style="font-size: 14.666666984558105px; white-space: pre-wrap;">
<li><span style="font-size: 11pt;">In VirtualBox, click “File” and select “Host Network Manager”.</span></li>
<li><span style="font-size: 11pt;">Click “Create”</span></li>
<li><span style="font-size: 11pt;">Click the checkbox next to “Enable” for DHCP Server</span></li>
<li><span style="font-size: 11pt;">Click “Close”</span></li>
</span></span></ol>
<span style="font-family: "arial";"><span style="font-size: 14.666666984558105px; white-space: pre-wrap;">
</span></span>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">Kali VM prep:</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">After you’ve updated the VM with all of the updates and made sure it’s ready to go, change the network adapter to “</span><span style="font-family: "arial"; font-size: 11pt; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Host-only Network</span><span style="font-family: "arial"; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;">” and click “Ok”</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 11pt; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre;">Kioptrix VM prep:</span></div>
<ol><span style="font-family: "arial";">
<li style="font-size: 14.666666984558105px; white-space: pre-wrap;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-ligatures: normal; font-variant-position: normal; vertical-align: baseline;">Download the Kioptrix Level 1 virtual machine from <a href="https://www.vulnhub.com/entry/kioptrix-level-1-1,22/" target="_blank">here</a></span></li>
<br />
<li style="font-size: 14.666666984558105px; white-space: pre-wrap;"><span style="font-size: 11pt; font-variant-east-asian: normal; font-variant-ligatures: normal; font-variant-position: normal; vertical-align: baseline;">Extract the VM contents to produce<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0yB_awWnmjxhx7Bl_oEsRUNBDvOEBD1GeTvJQQeabwAknn6IX_QuPc2F3pihwK7fMeU5Zu9Ga7pqQPTGjrZulv2WzYvX6nZJiMxv-v0TZK2H_ZwspP1BXryYUhVe_eYSI2OezBPkIBzuB/s1600/kiopL1_001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="192" data-original-width="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0yB_awWnmjxhx7Bl_oEsRUNBDvOEBD1GeTvJQQeabwAknn6IX_QuPc2F3pihwK7fMeU5Zu9Ga7pqQPTGjrZulv2WzYvX6nZJiMxv-v0TZK2H_ZwspP1BXryYUhVe_eYSI2OezBPkIBzuB/s1600/kiopL1_001.png" /></a></div>
</span></li>
<br />
<li style="font-size: 14.666666984558105px; white-space: pre-wrap;"><span style="font-size: 11pt;">In VirtualBox, click “New”</span></li>
<br />
<li><span style="font-size: 14.666666984558105px; white-space: pre-wrap;">Type</span><span style="font-size: 11pt; white-space: pre-wrap;"> in the name of the VM to "Kioptrix Level 1", change the type to “Linux”, change the version to “Other Linux (32-bit)”, and click “Continue”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Change the memory to 1024 (if possible with your system constraints) and click “Continue”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Choose “Do not add a virtual hard disk” and click “Create”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Continue” at the warning. We’re going to add the hard disk very soon.</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Settings” with the “Kioptrix Level 1” VM selected</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Storage” at the top.</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">You should only see “Controller: IDE” in here. We need to add the hard drive on the IDE controller and not </span><a href="http://www.chokepoint.net/2017/04/kioptrix-1-vulnhub-walkthrough-sslmod.html" style="font-size: 11pt; white-space: pre-wrap;" target="_blank">SATA</a><span style="font-size: 11pt; white-space: pre-wrap;">. This VM won’t work (at least didn’t for me) when it was attached to SATA.</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click the hard drive with a plus sign icon<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEdcxidpxSjpeceDXStUqq5prDnG2oWfe0ChDXpz90_ELxW1vEY2zq8802TvCQ2MB5YP3urezn55FaVWYivJkWrqwORgdknZavQESOvQVUtZs8yHfbcvErqhGv7wES-H3X4slqzC9f8QBF/s1600/kiopL1_002.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="454" data-original-width="1280" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEdcxidpxSjpeceDXStUqq5prDnG2oWfe0ChDXpz90_ELxW1vEY2zq8802TvCQ2MB5YP3urezn55FaVWYivJkWrqwORgdknZavQESOvQVUtZs8yHfbcvErqhGv7wES-H3X4slqzC9f8QBF/s640/kiopL1_002.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Choose existing disk</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">”</span><span style="font-size: 11pt; white-space: pre-wrap;">Click “Kioptrix Level 1.vmdk” and click “Open”<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcI62PqyyH_oFciNVTccEXxWivxR7VFhftUkYCpUcRQ9_K6R9DubvbEtC_sAYM35KJ2po2TC-7hobQOBROFLYx0MOeAZ3yFvLLqqVF8Bh1z8YsRTc96BvDkIZ8KO_XTnM0T-DoRUlRRPQP/s1600/kiopL1_003.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="866" data-original-width="1120" height="492" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcI62PqyyH_oFciNVTccEXxWivxR7VFhftUkYCpUcRQ9_K6R9DubvbEtC_sAYM35KJ2po2TC-7hobQOBROFLYx0MOeAZ3yFvLLqqVF8Bh1z8YsRTc96BvDkIZ8KO_XTnM0T-DoRUlRRPQP/s640/kiopL1_003.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Network”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Uncheck the network adapter<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_24x3oizL3VjlNHcXQRRW4tXrkGTFNKGZgx1Lc1CGhMg8ruY0zO-jDou9_nZg4VI06FAOBJjBjJtB2n17h7KmmGHIKy7RMTMJHA11YUMN-GO_o2VzwO2oRmJ92YXqc8OkF6VOjEzhAJag/s1600/kiopL1_004+v1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="652" data-original-width="1302" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_24x3oizL3VjlNHcXQRRW4tXrkGTFNKGZgx1Lc1CGhMg8ruY0zO-jDou9_nZg4VI06FAOBJjBjJtB2n17h7KmmGHIKy7RMTMJHA11YUMN-GO_o2VzwO2oRmJ92YXqc8OkF6VOjEzhAJag/s640/kiopL1_004+v1.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">It should now look like this<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigosT_a9FIbIfcO1i88YAVRYn8NNmllzIdRffv2OCRYxQNHBC82GC-bIQftq4WzLBk5HjvKwoetoK1XG0I0Fu2AgaMjncDigImIqFSvjyC3BxJ808sbRxM_m8qlo8WJUCuyxeWrCqHfu9g/s1600/kiopL1_004+v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="652" data-original-width="1302" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigosT_a9FIbIfcO1i88YAVRYn8NNmllzIdRffv2OCRYxQNHBC82GC-bIQftq4WzLBk5HjvKwoetoK1XG0I0Fu2AgaMjncDigImIqFSvjyC3BxJ808sbRxM_m8qlo8WJUCuyxeWrCqHfu9g/s640/kiopL1_004+v2.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Audio”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Uncheck the sound card<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYN4wUb45L3QXtAFSnuPyKkJmKrh2ZvMwB12AhYZmAS3XI6DUcVv5TLWyaXWQGy1aCXyZMHzu5suWOLBKzmehIxjs5BA1__N_Ez44gt70HWO7Nl_gmLYJT0lnK_1GdaK1WQACBIN9ndw7R/s1600/kiopL1_004+v3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="550" data-original-width="1302" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYN4wUb45L3QXtAFSnuPyKkJmKrh2ZvMwB12AhYZmAS3XI6DUcVv5TLWyaXWQGy1aCXyZMHzu5suWOLBKzmehIxjs5BA1__N_Ez44gt70HWO7Nl_gmLYJT0lnK_1GdaK1WQACBIN9ndw7R/s640/kiopL1_004+v3.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">It should now look like this<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBO_Qv4OxpqVHABuuEv4MTgO60BkyFsrsZSlBxp3XNuC1KEvh13yL8wTMoF9o9CE7TcMMZYK4nh0XqXq23TpQmIWyO3cKLrTci_Sl-N24oQXfKYpyGnUl-qJ0YwU99MB6sCcuLinL_xWQf/s1600/kiopL1_004+v4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="550" data-original-width="1302" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBO_Qv4OxpqVHABuuEv4MTgO60BkyFsrsZSlBxp3XNuC1KEvh13yL8wTMoF9o9CE7TcMMZYK4nh0XqXq23TpQmIWyO3cKLrTci_Sl-N24oQXfKYpyGnUl-qJ0YwU99MB6sCcuLinL_xWQf/s640/kiopL1_004+v4.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Ok” to save all of the changes</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Start” on the Kioptrix Level 1 VM</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">You should see the boot loader screen show a bunch of text. Next you should see the configuration screen, “Kudzu”.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR3XEwzG-w7ujtAl2k6I2rLSjMZtR32Nt1f0tINk8G2uRcv3npXujzunm17EPG7z4NxoHVhKY-Xgi0MGHExA7V9C_Bd_IaFcIuusBBboLSIzevaWx5pxhBpgq7dE9mYzoL2m0ISh1bcLok/s1600/kiopL1_005+v1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="874" data-original-width="1428" height="390" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR3XEwzG-w7ujtAl2k6I2rLSjMZtR32Nt1f0tINk8G2uRcv3npXujzunm17EPG7z4NxoHVhKY-Xgi0MGHExA7V9C_Bd_IaFcIuusBBboLSIzevaWx5pxhBpgq7dE9mYzoL2m0ISh1bcLok/s640/kiopL1_005+v1.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Press any key to enter the configuration wizard</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Your next options may be different, but in my scenario, the network card was the first option. We want to remove the network card from the virtual machine (the VM didn't automatically pick up network settings and work out of the box, this is my workaround).</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">In the “Hardware Removed” screen for the network card, select “Remove configuration” and press the Enter key.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnSE73y-CwtrLFW6ANTfNXeDq5-zIcCPvuzXuvfmnE2z0vNysFg1YIeZ9UzLr6EZulWirLicB1dhDCmA67bCd-R7zI4omukuwan7xsui9S6kOrNh2a2mthGcNIvvJLvhLnfFk7f_PtuBzK/s1600/kiopL1_005+v2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnSE73y-CwtrLFW6ANTfNXeDq5-zIcCPvuzXuvfmnE2z0vNysFg1YIeZ9UzLr6EZulWirLicB1dhDCmA67bCd-R7zI4omukuwan7xsui9S6kOrNh2a2mthGcNIvvJLvhLnfFk7f_PtuBzK/s640/kiopL1_005+v2.png" width="640" /></a></div>
</span></li>
<li><span style="font-size: 11pt; white-space: pre-wrap;">The next option may be for the USB controller.</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Make sure “Do nothing” is selected and press the Enter key.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioatRLSmVEiJg7LcYzBzIWMkS6ejy-VqYtgEeUFbFgixKWV-pGVLXWoyDKdBdnKxjZ1XluEuRXfIycRLR8hNQdX_CdS-TOtilLZVQxiUMhXFhqP9tUdKiJNQsXY2a7C9uRqCRLoJRrwyjX/s1600/kiopL1_005+v3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioatRLSmVEiJg7LcYzBzIWMkS6ejy-VqYtgEeUFbFgixKWV-pGVLXWoyDKdBdnKxjZ1XluEuRXfIycRLR8hNQdX_CdS-TOtilLZVQxiUMhXFhqP9tUdKiJNQsXY2a7C9uRqCRLoJRrwyjX/s640/kiopL1_005+v3.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">If you have additional options for hardware, choose “Do nothing” and proceed out of this configuration wizard</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">After everything continues to load and start, you should now be at the text login window for Kioptrix! We are not done yet with our prep though!</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">You need to either:</span></li>
<br />
<ol>
<li><span style="font-size: 11pt; white-space: pre-wrap;">Shutdown the virtual machine by closing the virtual machine window<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFJfRA59GgfhlFlYb-FRhWHy-akMrkNrT7bh4wMEoljIgiM0kXw-s9JAOKiV6EfszkuFHFq-NBDmCSisKnTltPI65thpC9EzTNUYgvUNd52WUjiXhpwX6QsFpFg5o6Nr7JQfWa_jo_prVA/s1600/kiopL1_005+v4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1002" data-original-width="1494" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFJfRA59GgfhlFlYb-FRhWHy-akMrkNrT7bh4wMEoljIgiM0kXw-s9JAOKiV6EfszkuFHFq-NBDmCSisKnTltPI65thpC9EzTNUYgvUNd52WUjiXhpwX6QsFpFg5o6Nr7JQfWa_jo_prVA/s640/kiopL1_005+v4.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Start a reboot sequence (Input > Keyboard > Insert Control+Alt+Delete), watch the system gracefully shut down the system, and then close the window before the VM starts up again<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8i9M4RDLj3IDaeYPJfGVWT5nIWtibz2TbEPTadE-nSnApkmYRf_b6_wIYuB_epElGUw-hs8D7xyw9SzFzrkZJvY6kXMoj9jh9a-KB5kj1BGxl2ISGLfoZxf_qstkXTKXUagGTTSTWGJbE/s1600/kiopL1_005+v5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="350" data-original-width="694" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8i9M4RDLj3IDaeYPJfGVWT5nIWtibz2TbEPTadE-nSnApkmYRf_b6_wIYuB_epElGUw-hs8D7xyw9SzFzrkZJvY6kXMoj9jh9a-KB5kj1BGxl2ISGLfoZxf_qstkXTKXUagGTTSTWGJbE/s640/kiopL1_005+v5.png" width="640" /></a></div>
</span></li>
<br />
</ol>
<li><span style="font-size: 11pt; white-space: pre-wrap;">With the VM powered off, go into “Settings” for the Kioptrix Level 1 VM</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Go to “Network”</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Check the box to enable the network adapter<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE3_kmqThVM1OkiTEqkiZxGhzOlLV6t5JwdUTGqOf6caSvBVRIPDhxtd_F7qJp5ygA4t9-PBxMBKw40J4wUOhw5Y6hmFlziLfkojzxrgBDNrOPn-0kUNNO-YsqFeeHXrqv1ul5U1oyZ1CS/s1600/kiopL1_005+v6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="652" data-original-width="1302" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE3_kmqThVM1OkiTEqkiZxGhzOlLV6t5JwdUTGqOf6caSvBVRIPDhxtd_F7qJp5ygA4t9-PBxMBKw40J4wUOhw5Y6hmFlziLfkojzxrgBDNrOPn-0kUNNO-YsqFeeHXrqv1ul5U1oyZ1CS/s640/kiopL1_005+v6.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Choose “Host-only Adapter” with a “PCnet-PCI II Adapter” type</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Optionally, you can click the “refresh” button to generate a new MAC address</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Take note of the MAC address for future reference</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Ok”<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7AcQ9eYpBfm9zH0HvEkPOfqrGJkMG-iWUVCu8sGjoBGmfg1CdHQ26TQCLF7E5cOZD7d2fcPuL65IGP4PTMouAfFkc3GUUfUcgY0Q4gsJIEPlXoHECTXLVXHy3omo0r_MHTbBMaznTWS5b/s1600/kiopL1_005+v7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="958" data-original-width="1302" height="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7AcQ9eYpBfm9zH0HvEkPOfqrGJkMG-iWUVCu8sGjoBGmfg1CdHQ26TQCLF7E5cOZD7d2fcPuL65IGP4PTMouAfFkc3GUUfUcgY0Q4gsJIEPlXoHECTXLVXHy3omo0r_MHTbBMaznTWS5b/s640/kiopL1_005+v7.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Start the Kioptrix Level 1 VM</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Press any key on the Kudzu configuration wizard screen to enter the wizard<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZpek_122IKuwoYZsF3iaNQy7ScYPC2JPyIsc_0T8W7w8fM_6zrXG2aH9GZUrPGPe50v0f1_nk3ENSt1UeX-wCo8188uFlRX6BZWoV_xm7P3O6dk9UCB1B1zTCQckKpNzFDNTKu5Ng5WNZ/s1600/kiopL1_005+v8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZpek_122IKuwoYZsF3iaNQy7ScYPC2JPyIsc_0T8W7w8fM_6zrXG2aH9GZUrPGPe50v0f1_nk3ENSt1UeX-wCo8188uFlRX6BZWoV_xm7P3O6dk9UCB1B1zTCQckKpNzFDNTKu5Ng5WNZ/s640/kiopL1_005+v8.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">The first screen for you should hopefully be the network card configuration wizard. You can click the X for the two VirtualBox messages at the top of the screen to make it easier to see.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifZIT7qbooxO4dTAAQQMqFIoBbHOV7Mn0-DXt8DvranaX_D5jpgS24_HBnT2f0OfbL-H6C_MRQMejDKO_fRUAkJAl2oG3YHe9WE-YFbZOtkflK2988QZBX-VL6Ky0d9-y02z2g4GfRRM1L/s1600/kiopL1_005+v9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifZIT7qbooxO4dTAAQQMqFIoBbHOV7Mn0-DXt8DvranaX_D5jpgS24_HBnT2f0OfbL-H6C_MRQMejDKO_fRUAkJAl2oG3YHe9WE-YFbZOtkflK2988QZBX-VL6Ky0d9-y02z2g4GfRRM1L/s640/kiopL1_005+v9.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">On the network card configuration screen, make sure “Configure” is selected and press the Enter key<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOkm-RzifETRu-UOf8s2AtVUFTIMrNMce9FnCzuej0-Z8YLmdGNYicIzwRASDsY79OrJI7btq8v_4ZVPQ-IutrE5XLn6rZb6o4Jfs5PyRrwgu9_VP0hIAwCqZb_0M_kg8YlJLa1_yPga_q/s1600/kiopL1_005+v10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOkm-RzifETRu-UOf8s2AtVUFTIMrNMce9FnCzuej0-Z8YLmdGNYicIzwRASDsY79OrJI7btq8v_4ZVPQ-IutrE5XLn6rZb6o4Jfs5PyRrwgu9_VP0hIAwCqZb_0M_kg8YlJLa1_yPga_q/s640/kiopL1_005+v10.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Click “Yes” to the “Migrate existing network configuration” question and press the Enter key<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjatekOC978QxBCcEn9O-2tqlxOJezMq-x58wlRYvUy6XLZO9XvmQeOnlvkqe7bGpGw0PJSHGAACs6yNGdkTq2j02FpO-AMnaVhUEvEyMCECeBV__zGkpbKHeOTkb6lt93DUvH358W9w1k8/s1600/kiopL1_005+v11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjatekOC978QxBCcEn9O-2tqlxOJezMq-x58wlRYvUy6XLZO9XvmQeOnlvkqe7bGpGw0PJSHGAACs6yNGdkTq2j02FpO-AMnaVhUEvEyMCECeBV__zGkpbKHeOTkb6lt93DUvH358W9w1k8/s640/kiopL1_005+v11.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Select “Do nothing” for the USB controller option and press the Enter key. You should now be done with the Kudzu configuration wizard and back to the black screen.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZT73n0-D4TeDWbeFrPQsLt4FC-oRXRYiLs948tarF-7DaVkivyQH8alInjLR7sNNEQ824fMCpBSDRv7aFt1Kw3gNoJepTJgBQTZnKUYUtw2T2dl22DM5Mbqz2wegzTvYiH3i-wVTAeWWa/s1600/kiopL1_005+v12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZT73n0-D4TeDWbeFrPQsLt4FC-oRXRYiLs948tarF-7DaVkivyQH8alInjLR7sNNEQ824fMCpBSDRv7aFt1Kw3gNoJepTJgBQTZnKUYUtw2T2dl22DM5Mbqz2wegzTvYiH3i-wVTAeWWa/s640/kiopL1_005+v12.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">We’ll need to verify we are able to successfully get the network card enabled and “Ok</span><span style="font-size: 11pt; white-space: pre-wrap;">”.</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">Keep an eye for the third line for “eth0” and make sure it says, “Ok”. That should be enough to make sure the network card was successfully attached to the virtual machine and was provided an IP address from the VirtualBox DHCP server.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcB6gVetedzEw2NZYz3TLhQXMl1sZMZ7AyB1PKEj2_8lspoJiWgsnI-kaLAhON6TksdFAAYvW8Owcpbf3Y18_KcKAPUJPu0Q5HUJQnPP30LA20ynUTSEW2Zip2mXdhQCxC9PXoiKQTSLB5/s1600/kiopL1_005+v13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="392" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcB6gVetedzEw2NZYz3TLhQXMl1sZMZ7AyB1PKEj2_8lspoJiWgsnI-kaLAhON6TksdFAAYvW8Owcpbf3Y18_KcKAPUJPu0Q5HUJQnPP30LA20ynUTSEW2Zip2mXdhQCxC9PXoiKQTSLB5/s640/kiopL1_005+v13.png" width="640" /></a></div>
</span></li>
<br />
<li><span style="font-size: 11pt; white-space: pre-wrap;">If all is well, you should be back at the Kioptrix login screen!<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVT9ZmPx0h5N0l83kesf65t4QoyOMAhmcV3VHgoAFGCUxOsqgA09M1kPwl99qNLiIBDVJYsHfWNQ8jiw4N5mNSxMD8q7pLmUnuxohF-9jGxBAlkQj-Ve44LKeAdl8_2RUKWWzDfIOHf6nW/s1600/kiopL1_006.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="886" data-original-width="1440" height="393" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVT9ZmPx0h5N0l83kesf65t4QoyOMAhmcV3VHgoAFGCUxOsqgA09M1kPwl99qNLiIBDVJYsHfWNQ8jiw4N5mNSxMD8q7pLmUnuxohF-9jGxBAlkQj-Ve44LKeAdl8_2RUKWWzDfIOHf6nW/s640/kiopL1_006.png" width="640" /></a></div>
</span></li>
</span></ol>
<span style="font-family: "arial";">
</span>
<br />
<div dir="ltr" style="font-family: Arial; font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; white-space: pre;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 11pt;"><br /></span></div>
<div dir="ltr" style="font-family: Arial; font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; white-space: pre;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 11pt;"><br /></span></div>
<div dir="ltr" style="font-family: Arial; font-size: 11pt; line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; white-space: pre;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 11pt;">In the next post, we will go about assessing the virtual machine to see what we have.</span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com11tag:blogger.com,1999:blog-6692635973462574922.post-2885616633875900482017-10-03T16:00:00.000-05:002017-10-03T16:00:22.705-05:002017 NE Cyber - Windows COM - Research<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In September, I presented at the 2017 Nebraska Cyber Security Conference about Windows COM. Below are some of the many links of research relating to Windows COM that I used to prepare for my talk as well as research mentioned in the talk.</span></div>
<b id="docs-internal-guid-b9091c41-e05a-f41b-741b-bdc67870ad25" style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Microsoft bulletins</span></div>
<ul style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://support.microsoft.com/en-us/help/4019216" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">May 9, 2017—KB4019216 (Monthly Rollup)</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://support.microsoft.com/en-us/help/4019264/windows-7-update-kb4019264" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">May 9, 2017—KB4019264 (Monthly Rollup)</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/en-us/library/security/MS16-141" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Bulletin MS16-141</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/library/security/906267" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Advisory 906267</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/library/security/911052" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Advisory 911052</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/library/security/903144" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Advisory 903144</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/en-us/library/security/ms05-012.aspx" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Bulletin MS05-012</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: disc; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://technet.microsoft.com/en-us/library/security/ms04-012.aspx" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft Security Bulletin MS04-012</span></a></div>
</li>
</ul>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ee663262(v=vs.85).aspx" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Microsoft COM</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://msdn.microsoft.com/en-us/library/ms809971.aspx?f=255&MSPPError=-2147217396" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Understanding and Using COM Threading Models</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://support.microsoft.com/en-us/help/150777/info-descriptions-and-workings-of-ole-threading-models" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">INFO: Descriptions and Workings of OLE Threading Models</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://www.codeproject.com/Articles/13601/COM-in-plain-C" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">COM in plain C</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://tyranidslair.blogspot.com/2017/08/the-art-of-becoming-trustedinstaller.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">The Art of Becoming TrustedInstaller</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://github.com/subTee/RegistrationFreeCOM" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">RegistrationFreeCOM</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://tyranidslair.blogspot.com/2014/05/impersonation-and-ms14-027.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Impersonation and MS14-027</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://msdn.microsoft.com/en-us/library/windows/desktop/ms690343%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">COM Objects and Interfaces</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Lateral Movement using Excel.Application and DCOM</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Bypassing VirtualBox Process Hardening on Windows</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://github.com/FuzzySecurity/DefCon25" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">UAC 0Day, All Day</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="http://subt0x10.blogspot.com/2017/04/bypass-application-whitelisting-script.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files)</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="http://www.drdobbs.com/scriptlets/199101569" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">COM Scriptlets</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="http://justhaifei1.blogspot.com/2017/07/bypassing-microsofts-cve-2017-0199-patch.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">"Bypassing" Microsoft's Patch for CVE-2017-0199</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="https://www.youtube.com/watch?v=UoU4cA09AmM" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">HIRBSecConf 2009 - Mark Dowd - Attacking Interoperability</span></a></div>
<b style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="http://www.irongeek.com/i.php?page=videos/derbycon7/s13-the-net-inter-operability-operation-james-forshawThe%20.NET%20Inter-Operability%20Operation" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 10.5pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">The .NET Inter-Operability Operation</span></a></div>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-14749189194121138222017-10-02T21:06:00.000-05:002017-10-02T21:06:26.135-05:002017 Nebraska Cyber Security Conference<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Last week I presented at the </span><a href="http://www.cio.nebraska.gov/cyber-sec/events/index.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">2017 Nebraska Cyber Security Conference</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> which was a lot of fun! I presented an “Intro to Windows COM” to discuss the world of Windows COM and to bridge the gap of current talks and research. There was a lot of info thrown around, but the basics of COM were hopefully established! I will continue to aggregate all of my COM research/links and post that shortly here to my blog.</span></div>
<b id="docs-internal-guid-76b7b358-dffb-0802-998f-ad71b33241d2" style="font-weight: normal;"><br /></b>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 11pt; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The slides for my talk are hosted at my GitHub here:</span></div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-ligatures: normal; font-variant-position: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://github.com/afreeborn/presentations/blob/master/Windows%20COM%20NE%20Cyber%202017.pdf" style="text-decoration: none;">https://github.com/afreeborn/presentations/blob/master/Windows%20COM%20NE%20Cyber%202017.pdf</a></span></div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-28503599757910008792017-04-24T21:57:00.001-05:002017-04-24T21:58:37.818-05:00BSides Iowa 2017: Wanna break JavaScript and APIs in web apps?Thank you to everyone who attended my talk at BSides Iowa 2017, "Wanna break JavaScript and API's in web apps?" It was a fun topic to research and prepare for along with presenting! Below is a link to the slides as well as the YouTube link of the talk.<br />
<br />
Slides:<br />
<a href="https://www.slideshare.net/AndrewFreeborn/bsides-iowa-2017-wanna-break-javascript-and-apis-in-web-apps">https://www.slideshare.net/AndrewFreeborn/bsides-iowa-2017-wanna-break-javascript-and-apis-in-web-apps</a><br />
<br />
YouTube:<br />
<a href="https://www.youtube.com/watch?v=MHnT7gcfJec">https://www.youtube.com/watch?v=MHnT7gcfJec</a>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-20257730083421863472016-12-14T17:00:00.000-06:002016-12-14T17:00:19.763-06:00Skills to build upon<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"></b><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">There’s fun things to check out this holiday season! The </span><a href="https://holidayhackchallenge.com/2016/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">SANS Holiday Hack Challenge</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> just came out a few days ago. That’s a fun challenge that is accessible in a variety of ways to people with different skills and levels. Additionally, the previous year challenges and answers are also available which is pretty nice.</span></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><br /></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A skill I am increasingly spending more of my free time on involves manual code review and assessment. I use free tools (like those used in the SWAMP), but they seem to only find a handful of the issues in the code I’ve been checking out. I will be starting a new blog series exploring this and assessing code from different perspectives.</span></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><br /></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the meantime, check out these resources from the </span><a href="http://trailofbits.github.io/ctf/vulnerabilities/source.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Trail of Bits CTF Field Guide</span></a><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">:</span></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">-- </span><a href="http://trailofbits.github.io/ctf/vulnerabilities/references/EssentialC.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Essential C</span></a></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">-- </span><a href="http://trailofbits.github.io/ctf/vulnerabilities/references/Dowd_ch06.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">The Art of Software Security Assessment - Chapter 6</span></a></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><br /></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Not from the ToB site:</span></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">-- Chris Rohlf’s </span><a href="https://github.com/struct/mms" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Modern Memory Safety: C/C++ Vulnerability Discovery, Exploitation, Hardening</span></a></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><br /></b></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<b id="docs-internal-guid-f0136b05-fe97-9ed9-0995-10e08c2bd9d2" style="font-weight: normal;"><span style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">When this blog series starts, having reviewed those resources will be helpful!</span></b></div>
<br class="Apple-interchange-newline" />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-32106493540859191042016-12-13T17:00:00.000-06:002016-12-13T17:00:00.141-06:00Omaha OWASP Dec 2016 presentation<span id="docs-internal-guid-2f410660-eec7-4bc5-d659-15d36048f95e" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Last week I presented at the local Omaha OWASP chapter an overview of the <a href="https://www.mir-swamp.org/" target="_blank">SWAMP</a>. It was a lot of fun to talk about the SWAMP, both in the cloud and the new on-prem (<a href="https://continuousassurance.org/swamp-in-a-box/" target="_blank">SWAMP-in-a-box</a>) version. I've uploaded my presentation up at SlideShare and linked it here below.</span><br />
<br />
<a href="http://www.slideshare.net/AndrewFreeborn/omaha-owasp-dec-2016"><span id="docs-internal-guid-2f410660-eec7-4bc5-d659-15d36048f95e" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">http://www.slideshare.net/AndrewFreeborn/omaha-owasp-dec-2016</span></a><br />
<br />
<span id="docs-internal-guid-2f410660-eec7-4bc5-d659-15d36048f95e" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Thanks!</span>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-1567753413392450762016-12-06T17:00:00.000-06:002016-12-06T17:00:04.985-06:00Fuzzy Assessment: Part 7 - Threadfix in the SWAMP<div dir="ltr" id="docs-internal-guid-7ba3bafd-d294-5c60-0f71-761d37acf90a" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">In the previous post, we viewed the results of the assessment with <a href="https://codedx.com/" target="_blank">Code Dx</a>. Another tool available in the SWAMP is </span><a href="https://www.threadfix.it/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline;">ThreadFix</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">. Different views of the same data may provide the other perspective needed to better remediate a vulnerability finding.</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Let’s get back into the SWAMP!</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Log into the </span><a href="https://www.mir-swamp.org/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline;">SWAMP</span></a></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">We already have the package ready and assessed, so let’s click on “Results”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="184" src="https://lh5.googleusercontent.com/b5Um1iirJ2HHvJNyriqdAGV_F3KH7VYPN1b8atjwb9UtMR-1ejUPv6WAcsevAnvQ99s2AZ93sMoZBy9K9lo10lQ0obDKwllXovlqOeVu1oA3hTBq_m7c5sPTB8yuLbGPh2Z2KxCM" style="border: medium none; transform: rotate(0rad);" width="550" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Change the viewer from “Code Dx” to “Threadfix”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="352" src="https://lh5.googleusercontent.com/79VdIC3JztK0zO3FmXyj0xY3Voldk4k6sWy1Wt8AEyiH-5hQKtDC__ejn7LdCWYZT0DDXpT83tdQLL7stukAWL-78P7LzZ_WkwzCicEHgsBKiECskIvocfcg7omg5oZJWyMBBoMU" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="549" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Scroll down to the package results (in our case OpenSSH 4.3 blog2) and check the far left checkbox. After I did this step, the viewer changed back to “Code Dx”. Make sure your viewer is still set to “Threadfix”.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="89" src="https://lh4.googleusercontent.com/9YVDjWpNg-mhk_JGPCbaKkiY0ssLlBQakccb45gCaWPanF0ag-k98KYgQyBVBFOXID21-YJHXpOQwOkp9NSUYbkJ0MR_qnSEBsTxFT9S2GxKet_6NytO7dPYNLcQYqF3pBICe9JX" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="550" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">If you scroll back down, at the time of this writing, only Clang is compatible with Threadfix and the only one that can be checked</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Scroll back to the top and click on “View Assessment Results” ensuring that Threadfix is still selected</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">A new window should open up with a viewer to the results of the scan that’ll use Threadfix</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Click on “Latest Analysis Run” for the correct package</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="233" src="https://lh3.googleusercontent.com/PKXEB-GpMkA0EAa-hwFBSVOkrE2KN4LaBr54ETBxvbP4qC_USqLqgbsA-1Tvojkz2fUFwEekWYaOeCMNiCMNHWdpcSXQCZacN2shkRU3poKLyzd-odfhBSGylg-mj2J5GQeRwI_l" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="549" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">After the viewer loads, click on “Scans” at the top</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="443" src="https://lh4.googleusercontent.com/JqTK5jSxIwLRXTlWWk39guMm94mQr6nCO45Z_lXpq53dosVDb-wgNDGWJQaHnVyWAYPKUjUO0qskUGVpWsM7idlmKCmKL5U0zFYQpcjAYRxdCxBloeEMVUS4NO4_waZOR_2oIuIi" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="549" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">This screen below shows some interesting results. Let’s review the first option with 16 results and click the “View Scan” link.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="324" src="https://lh5.googleusercontent.com/k1_SQLDICPPipRqo_duPIwm61qWTdjX6DVAnsQosJyqMVo3i5z-YBdhHmIbO4keyesdyKPHNWyy_6VEnG7ABLFtpDI3Z2b8YSkWsrMS47c3DgUd3HlQu2P5HAzjwbNoOExRgOR3-" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="549" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">In the “Mapped Findings” screen, we see all of the vulnerabilities from the scan:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="328" src="https://lh5.googleusercontent.com/JTKLDpprkfwy8EScITXdQpYH7Alumq4fZ3o4WXvQ2vm-ne3ZuJC1f-NbC_rXj3D4ZYtwxas6xiGarAw-f9h2CBuzXQBButFmob7XtO6SDOp3o3yq8TFXnwV6TOZiLhfntqRjZPb5" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="550" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Let’s see more detail in the “packet.c” vulnerability finding. Click “View Finding” on this line:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="329" src="https://lh3.googleusercontent.com/fvPpK-XuVb_kyqu20bR0XIee6cFP88KLG5ttWjpWUbIr6m37tgC2HtFubgvdY1VIDE5W-vXs5z-O6mpN0Eni4_jFfVcbNjWA2XfpNtxbJwDssEWYMWh90tWUFLkb2gmH7VwH7Dqy" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="551" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">Here we can see additional detail for this finding:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="373" src="https://lh5.googleusercontent.com/6DPV9qr8L4yGdR262U60DUdhoH3gQeKyHiwKyvpAmqKLFojhi4bCqYouH7lkUe2Darxmy01SbAfZR4utxccNrZreA_Oqqf11I5EFDQqHoi7mN3rBdo83FvsG8fzriXUGdezF8HPJ" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="551" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><img height="416" src="https://lh3.googleusercontent.com/uEm9U8IsK7x1QRqsa6bwlMUt-awApH95Sg7QHDTYDB_l0Hk3VipeYioL6X1KTp3Sen5ZJTuiHaJ_JTA4YwPPgrjmYykWZueItytAJfZ2DZ6j1c8MV2Xp9GTALN32sEfxvhe0q9xD" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="551" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;"><br class="kix-line-break" /></span></div>
</li>
</ol>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline;">There is not much more to say about this tool and the way we can look at vulnerabilities. Clicking on “Dashboard” at the top will return you to the main Threadfix screen that allows you to drill into vulnerability findings in a variety of ways that can help you track down specific issues.</span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-29575176209820304962016-11-03T17:00:00.000-05:002016-11-03T17:00:12.059-05:00Fuzzy Assessment: Part 6 - Positives results from the SWAMP<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the previous post, we performed the right steps for a successful assessment of OpenSSH 4.3 in the SWAMP. As we learned, those results were hard won! Now we have a lot of results!</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s take a deeper look at what we have available to us:</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Log into the SWAMP
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Results”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “any package”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="145" src="https://lh6.googleusercontent.com/x4iROz-O7ttzKJN4o8ej6wm4Qsr6FfygfwQK1aMBpnreJR-mxWDkxnWpuimuSk1fz3HMKqKGF0tFWYHNoazuo8ZajQ1tyD1CnUYQyNMIxuOXoCbOfBd0GgDCbi9pEgUYgKAUG-PS" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="529" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the dropdown for the package to the appropriate version (in our case “OpenSSH 4.3 blog2”)
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now we can see results to this specific package with our successful results!</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="212" src="https://lh3.googleusercontent.com/1dZgv2NRu9JosvjQT_dzMPGgyDA0GRNikXvpNA6DpAwqtqGOBtCLpMVYOzTeRFtTXJtaMt5DQOXoi3k7oZh9wpS22m7XJPZDu6Yxh3IOZkT8gR2WMkJ_xl7AlZsoxn3MoE4sJ2tV" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="532" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the top, we see “Viewer” with three radio buttons of “Code Dx”, “Threadfix”, and “Native”. The default option is “</span><a href="https://codedx.com/what-is-code-dx/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Code Dx</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">” which is one of two options to coalesce results from analysis tools into a single pane of glass. The second option is “</span><a href="https://www.threadfix.it/benefits/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Threadfix</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">” which is another option to view results from multiple tools into a single pane of glass. The third option of “Native” displays the result of the tool from the standard output of the tool and may or may not be pretty.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">To view the results of an assessment is a little bit confusing as there are a lot of things to click on. Let’s leave the default viewer of “Code Dx” selected.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the checkbox for GCC (but there’s two!). Click on the right-most GCC checkbox.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="220" src="https://lh3.googleusercontent.com/jKNK-ccpnCPO2giN0ZHIsO1-mHvV6ZA9VPRQtBISSA4LRIJ_hjbM3aN4GOQoYx37IUI717UIyw9uW9Byre-iOKcDvrx2D2pgbaSQU9FbHYbPm_1cv43z--OuNWLyPA02VlPIOBFH" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="529" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Navigating the checkboxes becomes easier to understand. For instance, in the screenshot above, we see 5 checkboxes. The topmost checkbox would select all results on the page to view. The leftmost checkbox would select all of the results from that particular run. The second, third, and fourth rightmost checkboxes would select the results from the individual tools.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We are going to see the results from GCC from this particular assessment.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="109" src="https://lh3.googleusercontent.com/nwlI9Ieytxqo6Tls3qd5dhSPS2955yzYiy4RylfS0n4wrt6dP6MXtnRYsTFuc8sDAtjJIkyvEY0OM9LKnLz0OLycxobAQaNYyEMauosdVBUevjndDLzPQQxJzt53iYg7qX7iybxY" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="529" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">You may be tempted to click on “finished” for the GCC line expecting to see the 3,145 bugs from GCC. However, these are not the droids you’re looking for. If you were to click on “finished”, you would get the details of the GCC assessment itself, not the results of the assessment. Below are the details of the GCC assessment:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="410" src="https://lh4.googleusercontent.com/iS9JIMRPLaEmF1shMfMGyEoRmAkYMFA4VO2hseIjGJzZv0IsKvkhCKaBwsZAojVCWnmEdC73_l5Vs8STUUyV8Ro2eEI8f4IZonUjtNQ7J-lGYaUsTqqUz3O3JiMb8ggiRcEAQeF2" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="530" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If you clicked on “finished” click and see these results above, click on the “Ok” button at the bottom of the screen. Back in the main results screen, click the second, rightmost checkbox for GCC results as in step 10.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">To see the results from the tool, we need to make sure we have the lines we wanted selected and click “View Assessment Results”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="132" src="https://lh5.googleusercontent.com/jezl2L8RrTTW1NDCwcHjZXqIjGrYmoRQPemDrxS5FzKAP21PW3FtaEZvv8qZmYVAtFG9Atq7W8ciym8v2xChwdHpM6anSKITKhVAwza9pvmx6HxDJ2SL5gXa2qJlPSzHMi9KzjHw" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="529" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A new window will pop open and a viewer for our tool will be instantiated with our data.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="183" src="https://lh3.googleusercontent.com/p_wMZLorB5fLjwN99huycG499JwGtlcSdrP_CzMBzUDl_xYiEf76jphrypD9k2wvY_sSC5h9eOxsNA6pY44uNeBIrPji0JOLOuhZ546UGZkcGKs1xJZlcgDYXfdStZbW0Oqm9e4f" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="517" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Once the viewer for Code Dx is ready, you may see results from other packages or just this one depending on what you’ve done in the SWAMP. In our case, we see this:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="163" src="https://lh4.googleusercontent.com/VlU3fvinpGTuUlAeOQI1RMl5--PJxwzGEskX6a-ZWh9JqsKM_29SSLL1I6mMsa2mqKFvxVC2BMzGrudshbiUh_AN6nnzxfW6dVbJ-Eghb1ZwRiOHYWu0pDciRsuG8FprILjYPxB6" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="426" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Latest Analysis Run” to see the results from this assessment
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Here we can see all of the data that GCC found with OpenSSH 4.3</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="232" src="https://lh3.googleusercontent.com/mVs4tPKIYPszdmlic1KHyqOFB91z6nyA1JwhS4cNiSAGrOOOq0recYEfDGoO6loFEQ9rRB5_PVrVPdW3X0yykLGwcqaXgs6xU80wFwJp8ygka16dN-zn3pKWMLJbuUJGmUDQbLfK" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="532" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">With Code Dx, we have a lot of different ways to play with this data and do so much. We can filter data on the left by severity, flaws, or any number of ways. If we filter the data by “Tool”, “Type Conversion”, and then “signed to unsigned conversion”, we can see the data filtered as below.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="234" src="https://lh4.googleusercontent.com/1V3odHl0s1C8Lh-FgJfPMDFK1fH10a4iBjAFYJm-PjDvOTQpwRU3qnsjFmBk85Gua4_bvZwOzbYtkvnPOKvNTsONOqB01NTx1pDo_65_3uQS7ldZqd_At3H7lnmsHQOpUjtuRugr" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="532" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">There’s a lot of things we can do further from here. We could filter the data to even more narrow results and then assign those issues to someone to fix with exact location. Let’s take a look at what kind of details we get.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “6261”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="163" src="https://lh5.googleusercontent.com/RIXA6dLdE2-cBQlYMasyXAM6rMEz1yIuF-9_lQlRQytuTBOTZM5rQu4xRtr_2Jhxq9FkTTdwTYjdoWYRr82z66jq4l0ZYGOUZc6Pn2To5Vp88p6bw4ss1yC3jgMT_b9PlMJJhg2x" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="532" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A new window will pop open with all of this juicy detail below:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="192" src="https://lh3.googleusercontent.com/MxJnFhPHsjbFnfT3-ASriUu7QHLfjpbJWU7TP2niHOYwradYXsZHOIVLOLuNSJQxHRY9LVl7HpNyk2gW9w0-H4BgFzV8oDJrquGNXUUkz1EeYHN5ZgFzS5vOLN7m1Wb4NQ63jmBA" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="532" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Oh no, “goto” statements are used (line 1123). At least it’s not “<a href="https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/" target="_blank">goto fail</a>”. But, we see things like the type conversion issue at line 1130, links to all kinds of sources, the ability to make notes, and more!</span></div>
</li>
</ol>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<br /></div>
<span id="docs-internal-guid-9bec0b6d-233a-4d19-2943-55df90c8370f"></span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We briefly reviewed the results from the GCC tool within Code Dx. As we can see there is a lot of capability for teams to use the SWAMP to help secure their software! In the next post, we’ll go over Threadfix and continue to examine the results.</span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-53997984328329602122016-11-01T17:00:00.000-05:002016-11-01T17:00:01.165-05:00Fuzzy Assessment: Part 5 - New discoveries in the SWAMP<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We are getting pretty close to setting up a package that can be assessed successfully in the SWAMP! Things we may take for granted in a virtual machine are not things we can always assume will work in an automated online platform. For example, if we need additional tools in our virtual machine, we can easily download/install/compile/etc whatever we want. However, in highly controlled environments like the SWAMP, we have to play in the sandbox they provide.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Going back to the error, the error at the bottom in the previous post is pretty helpful. Let’s take a look at the error again:</span><br />
<span style="font-family: "verdana"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "verdana"; font-size: 14.6667px; white-space: pre-wrap;">make[1]: *** No rule to make target `Ssh.bin', needed by `install'. Stop.</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "verdana"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">make: *** [scard-install] Error 2</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">We see the make command referencing “scard-install” which is helpful, but not obvious at this point. If we look at the start of the “Standard Error” section in the failure report, we see these lines:</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">FILE: build/configure_stderr.out from out/build.tar.gz</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">config.status: WARNING: 'Makefile.in' seems to ignore the --datarootdir setting</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">config.status: WARNING: 'scard/Makefile.in' seems to ignore the --datarootdir setting</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">If we look at the top of the failure report, we see two “build” lines and should examine both lines.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="340" src="https://lh6.googleusercontent.com/K1jNzZmp5it23sYMFVshp3M66IfwqyLFEKMPj390FdyLewm3ijtWsA72oKA9dV4Zgqa0bCBsCRujvbQGOgf68mwratRKt4isnhk-8ab1o9cmp2j2Z-I7uUjfUS_a8RDFcb0QSWFk" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="514" /></span></div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
Toward the end of either build line, we see this:
<br />
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="36" src="https://lh3.googleusercontent.com/t0I8Qcbd6ms3e-SZr7d57WDC6AiVsGDg3TKjCgnpoQI1nvWcOW43LHDLfhCWlGkYJKB9XZBauV41AIh1T3HB3krovkzFOQdAyDFHnoeHdujZPwfuT0oKdwxnuhpF4I7CAcqs3HnT" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="398" /></span></div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">With all of this information, we have better clues to help us figure out what’s going on.</span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 1: Where do we start</span>
<br />
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s take a look at the files we have. Browse to the directory holding the expanded contents of OpenSSH with our custom “configure.ac” from earlier.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browsing through the folder contents of our custom OpenSSH 4.3 we can see a folder named “scard”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="156" src="https://lh6.googleusercontent.com/IpR5P3w8aJvNeMKBcwNdzKIwBs3gOGUwxSHn66QQ495X5iBGyNawyWIcx3PPmsNQV6mV-20td9D8ZfnrstIGvTkI9rC1vLhTicX-4rlTR3Ld-qln64M2lu8MdwWkFbdV0Db3fIUU" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="162" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Open up the “scard” folder
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Interesting, there’s a “Makefile.in” file in here along with “Ssh.bin.uu”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="69" src="https://lh3.googleusercontent.com/q4cOaZ73Hi4nxSuBA_In8B3d3wqL9lgh8ujRWV5xllEWJd9h9aVwYEO5FQe5vuf8zv7NWLGVMFgxTtc1aBm6zDThUiQQLQOA7FMMTkCLSCiEr4dwJhfNhwtvxvOCWMppeAO0xOQP" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="138" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the top of this post, the error references “Ssh.bin”. However, we can see that in this folder we see a very similar file ending in “.uu”. It was the 80s, all files ended in “.uu”. What? No.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we search on the internet to what kind of files end in “uu” you may find this Wiki article:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://en.wikipedia.org/wiki/Uuencoding">https://en.wikipedia.org/wiki/Uuencoding</a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Basically it’s a compressed file that was compressed with “uuencode”. To make the file not end in “.uu” we need to use “uudecode”. The “uuencode” and “uudecode” programs are in the RPM package “<a href="https://access.redhat.com/solutions/48627" target="_blank">sharutils</a>” you can read more about here.</span></div>
</li>
</ol>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 2: Make it not compressed
</span>
<br />
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s take a look at that “Makefile.in” file. Open it up in a text editor.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Thankfully this file isn’t too long and is straightforward</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="317" src="https://lh5.googleusercontent.com/gTqml7jalhutgYoP2726hWA51Aqc2yzRYXY-VJzognzvKPKlaTA8r7BH80C6eqPQ744KeuVEJssOp5_xdko02GGwH_0u4Bx20E60QLQ54iYi4IoRjpRbeD42DCJjoTioYpe5DlJl" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As we can see, there are different sections. In a nutshell, we could use “make” to run different parts of this file. We saw in the “build” lines at the top of the failure report:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">“make ; make install”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">These were the “make” instructions where this process failed
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The process specifically failed during the “make install” part because:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "verdana"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">make[1]: *** No rule to make target `Ssh.bin', needed by `install'. Stop.
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As we saw earlier, there is no “Ssh.bin” file unless we use uudecode. However, we see in this “makefile” that we if we do “make distprep” it will run uudecode on the “Ssh.bin.uu” file.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Adding sharutils to the VM would help us out (which by default in the SWAMP, RHEL 6.4 does not have it installed). But, we can add it! Quick, back to the SWAMP!</span></div>
</li>
</ol>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 3: Is this going to work now?
</span>
<br />
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Log into the SWAMP
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Packages”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the modified package, in our case, it’s OpenSSH blog2
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click on the version number. In our case, it’s “4.3”.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="259" src="https://lh4.googleusercontent.com/VphUpxGkAlCj0ODOKw1bBqdlVUoYIgt9QRrserjtTtM4FtVUB_5EUAbVI7rWqNkQpcBC9r7l6OCioT8iqonzz2JY_0i2uu4GhFRafktx_17x6TsYwOFWVocosG5pj3FDPsiSrhRM" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="365" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Build”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="189" src="https://lh4.googleusercontent.com/NBTCgdm1Sx3PMTo1nCsUUk7I3hfhaKVEs241CZImiVsjy16tqH2qdNid65k6zfppTKSGxFAooTdO3wWJQk069mySEiIv1KquI0LlptcTCq_HK-aUbCRdDm6rIsqs5TEIz5CSoZWY" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="510" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click “Edit Build Info”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the “Build settings” section</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="294" src="https://lh3.googleusercontent.com/1c-l-2PNlAHcNzrl90df4GqD475pfl-VVgLJuFgYiuxesNyGvrrqatzdaU_xo39SHiPk93pzWvr2ofumWIRGTLZc9H1nISy257S9kYueOZ0fZcN_Q6jbvjuiCiyIijXoDO0Pw6Dj" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="504" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add “make distprep; ” before “make install” as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="290" src="https://lh3.googleusercontent.com/BVBUmAvZthZ20Km1cxvlvYYYrQySlaa7CQb2xci0bqk03Op_FYvgH78bhIxNR5yof7JjjsBUiYF5QwnaVEaKsJL3t7R2bU46gPP0tniLslbuCQ340iWC3llid_k0xGUuM2XvlZR6" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="599" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to “Package dependencies” and click “Add New Dependency”. You may need to click this button twice to get this new window to pop up.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="88" src="https://lh6.googleusercontent.com/csVbrzo0at2uGsi5iG26nwM4PAZ5WjeA4BtDgL-4GWQ2xH8BhjZ76-TsU3Ax0imvShkYOVOJfcuebzEWmrzlLVOLpuZ_OBJXMH713a1krrqFi-FTqZwhEpxxKYnHMmYiQUqeVWJe" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the window, change the platform to “Red Hat Enterprise Linux 32-bit” and enter in “sharutils” for the dependency as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="319" src="https://lh6.googleusercontent.com/h0wrbdU8xdnsWhDt4lki4lc1cvJSPK264GLw1udx8YjZFV9EgPsUiCV7dIqCEYtMMccT6GkEkMYxojh0oPZ7YDN_BHR3O1_doccZAQ2bsavMi2xfi1RnTmjt_0b5jkLhM8kj0JG0" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This will tell the VM to add in this package so we can use uudecode in the “make distprep” part of the build process
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see the updated build script process as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="407" src="https://lh6.googleusercontent.com/Dhne-vJmQTsHEqUvP6bbsIl-BCF2J7QtjgndM_5QKum3m_D0hCSHOmv4o3uGoK0kcrl3X-AtKM9RZPq6V5qZXH-paoUjd9G5Zur4nUEFnIHVvJ0S_IQ999y0JXYLY9w95tbdsZ4V" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="409" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save Build Info”. You may need to click this button twice.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Details”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Run New Assessment”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the platform to “Red Hat Enterprise Linux 32-bit”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save and Run”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Check the box if you want email notifications and click “Run Now”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The assessment process may take a little bit more time as we’re asking the VM to do more work, but we’re getting closer to a successful build! Wait, this won’t work?
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Unfortunately, there’s one last error to deal with
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the “!” for the Clang line to open up the failure report
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom of the failure report</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="415" src="https://lh6.googleusercontent.com/EyAgSdL5vJTF6ZatfvKNtJ4ZLk1JjMKXxJOBjWENgxmkV9TwchW4FMWlBz8VScTX_r0N98CYZY02mT8GvXnH53ymMRyg_pDA88roi6TB5CCT3NJw963DAeiyutOQClOuq6DX-rGu" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The error above is a permission problem. Since we’re in a VM and don’t know what kind of capabilities there are, let’s install this in /tmp instead to see if that alleviates permission problems.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we look at the “INSTALL” file from the OpenSSH directory, we see the following information</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="284" src="https://lh3.googleusercontent.com/Nx27elNcLLFREW1YpqXE9yJh-QNx-_-BUn2rvZkULvt9PscFScEXT-ae1WTYBQLGvne0x999np11KLP6wEJ-xAdn3zpvvLKh0XcOzlXHNnaNeWoOwI0z5g-JhrVxv9SsjpbqubHY" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we want to install OpenSSH into an alternate directory, we need to specify configure with the “prefix” argument and a path such as “/tmp”. Let’s do that!</span></div>
</li>
</ol>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 4: One last thing to change
</span>
<br />
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Go back to the packages screen in the SWAMP
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on our modified package, in this case is “OpenSSH 4.3 blog2”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the version, in this case is “4.3”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Build”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click on “Edit Build Info”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Go to the “Configure settings” section</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="190" src="https://lh5.googleusercontent.com/ExDhG04k7Z9MV7sM-7vSHd3PsnoUWgDfM3StHZU7qZDRouhvmTtb6G7capFUtaUMl17oRtXjeO1_xbpqm3R_fkT-bpTZSsIxqOHxicw_8qz154-GeB6TCfBXYGo8SDAGoGPSQW-Z" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add in “ --prefix=/tmp” after “./configure” as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="161" src="https://lh3.googleusercontent.com/wLeBP4E2mYvkbGLzlg6K3zM2LGDclP4i-EoTtG9oI_a1Rlj2VVhkKAewaJvPK16UGI_-NZkwtuF6kTD2WUQlszJ_evBbhPN9AkYIucGAFx_qN-K3hayTNfwRVwS44iyyKYUhF9Ly" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Our new build process should look like this</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="485" src="https://lh5.googleusercontent.com/7wZXQmyvIoiG0ch6bakXbP4tz5jyvzRIRloc7B2VUdIHDiFLVSCebYwqaF9wMQjPhUKxiYvpz6OcG2T87Vf85wtJtKcPk8eWgjuEmTSAIg8l7a0sFpvbbVFoYPtR4lFUJRLltxgQ" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save Build Info”. You may need to click this button twice.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Details”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click “Run New Assessment”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the platform to “Red Hat Enterprise Linux 32-bit”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save and Run”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Check the box if you want email notifications and click “Run Now”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: arial; font-size: 14.6667px; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s wait for our </span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>SUCCESSFUL</b></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> assessment to complete!</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="310" src="https://lh6.googleusercontent.com/6XBU0e5ZzoB4T-n0tOr2rI_ljl81H6S9fjDgLhoDFaZdu1cWy1XTdiJ_5TMqcortzan05_6mgkhvpwnvdh4o8-4mYzok5GxdzllgV6AsTGxv12gUZj-7NtlRq7CgEmmICtJDka-b" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="146" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">You can click on the “finished” links to see the results of each tool. We will cover the data from this assessment in another post and go over the findings from each tool and bug viewer.</span></div>
</li>
</ol>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-23455362168054969742016-10-27T17:00:00.000-05:002016-10-27T17:00:00.146-05:00Fuzzy Assessment: Part 4 - SWAMP auto changes<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The previous post left us with an error from the “./configure” process stating “config.h.in” was missing. You may have remembered an autotool that can help us with “config.in.h”. If we refer to the site below we see that “autoheader” helps us with this problem.</span><br />
<br />
<a href="http://www.ifnamemain.com/posts/2014/Mar/13/autoconf_automake/" style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">http://www.ifnamemain.com/posts/2014/Mar/13/autoconf_automake/</a></div>
<br />
<img height="141" src="https://lh5.googleusercontent.com/uh977nMZjbwdU3iM_dT7BgPJ7qeaxSa-b9mXJaXmsRHneAvkp2SZN8q3ziueSArgc1fwC8bJKmfhKbq1tl-FKitc3PKq4gr6UQGv1zmtt8275F976TL7CixQpuHgeuIjPOam7mKT" style="border: none; font-family: arial; font-size: 14.6667px; transform: rotate(0rad); white-space: pre-wrap;" width="584" /><br />
<span style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">Let’s add that to our build process in the package.</span><br />
<b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>Section 1: Auto all the things</b></span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b><br /></b></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Log into the SWAMP
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Packages”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on our package, which in our case is “OpenSSH 4.3 blog2”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click on the “Version” number</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="281" src="https://lh3.googleusercontent.com/Mv_gNoRulGdeRwfxb4F8Oh0FqwCz2-47e0GfPc5d49YVN2SyHI0QhNzRxe_c--VXwDuZ9x4EHa25RsL1NRieJ7mQH5xYn6CuID1iixJIhpYUWEyY0N21t8dYBeurqDA7gbn6y2e1" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="325" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Build”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="200" src="https://lh6.googleusercontent.com/QQv21EDGz6lHoPeBviCGFbr9Gzgl0wd6kRIHngUbhnD-DewO1XS9GD_CyXRfNsHT7W69DRdkVYV30tVE5u0_ej_uV_tZYYYCEZOJ3wXF0PQenNrpkuuZpcA8tdtiAydcBJ8oDbIW" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click “Edit Build Info”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="427" src="https://lh6.googleusercontent.com/cFqQur4XurLZW76qfrPiH83KS0sWJu9_UOaBK8IiQpKFlUW4Gklc-rKJjpk6Ixd8fgENzeD3YZ1MYXQmW1o1dOIqatsBvuXQ0jCDtdVebo1mXO7WcGBa7NEYpmvoUpS4k3JSOrtU" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="409" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We need to edit the “Configure command” section</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="232" src="https://lh6.googleusercontent.com/rM2NLycaiBL5uD8Z3BVy8OPXq9OLLfvjE-GSk73ENlWPUCmQa8n5vKCwW-JD0rRG-511b39LoqTm5COJthmat9_xyTgmjuYKTHRTB8xhshfHCeE-SjVKf4RXaGaEOZec4erz_WcE" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="504" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Right before “autoconf” we need to add in “autoheader; ” as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="252" src="https://lh3.googleusercontent.com/NNAUl3QXIvA0Igw4licDYyALPn_kD_lP5TEwhNTRsPOOztSK583hlXGkI_0IPQn3TuaqOOc11JZYi1DdXi5x2GzcSMFvdpNnsmF6s1Tsv30wdkUSGfhIBGnAsLb1-h700w9R-xmv" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click “Save Build Info”. You may need to click this button twice to progress to the next screen.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Details”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Run New Assessment”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the platform to “Red Hat Enterprise Linux 32-bit” and click “Save and Run”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="332" src="https://lh6.googleusercontent.com/fm3X2WzVj6DK-3Hk0BPwPH4abc-zvzdKIfQueXojT-f19VvYVWyrlgNdloE3POe1n_p0hX__cmdY91WTApBJhQoItAXPOJ5uRKoklvNVASkpE8g2ds4F36aFSxLSwNpA0hUfiXr1" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click the checkbox if you want an email notification and click “Run Now”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s see if this run is successful or not. The “Auto refresh” checkbox may already be checked to automatically update the screen with the progress of the build process.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">After a short period of time, this run will also fail
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click the “!” exclamation point for Clang
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This time we have much more output than in previous assessments in the failure report. We are getting closer and very soon all of the right things will be done to make a successful assessment!
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s examine the failure report</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="609" src="https://lh5.googleusercontent.com/GBoG6F3RdnuIFePpBnnKdzjVU91i2Xrn_Jnteaenlxsca1GrysQuMN8mjtd7AChYiAyiyxts-GtU6R9PucKlBCekYppnWN1TGIwKhMcGflcCVTC7QEJMR_vrCXHpI5id6Yi-dR2T" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">< more lines from all kinds of tools working ></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="403" src="https://lh5.googleusercontent.com/4Gl_fCMyiZd_3FAmj2QCpXsxIhEznb8zlJH4kFAbTmmt5DXxjRp6ZWJQX-yi99cEcCdLX9STvEsyoHJ_TePF8j2yq6mQ_YsHLQ20m8AAEcuZ-u5QRYBcEVk9hMcg6lcrB9LZqIdK" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The error with “Ssh.bin” is interesting. Let’s take a look at it more in-depth in the next post!</span></div>
</li>
</ol>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-68684808494172943732016-10-25T17:00:00.000-05:002016-10-25T17:00:12.607-05:00Fuzzy Assessment: Part 3 - Finding our footing in the SWAMP<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The previous posts set the scene of how to get packages to run in the SWAMP. We are going to fix the “configure.ac” error identified in the previous SWAMP build process.</span><br />
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 1: What seems to be the problem</span><br />
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The issue was saw in the previous post was reported in ./configure with line 15,218</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="100" src="https://lh6.googleusercontent.com/TmGCGvp1U7WvpH323Y88oyeJLRK8t305zAu9HZwouGgdDbco-HvYA2bx8f_LeWKQ8Aw7ooMajR804nm29jn3-uwZSDUzrKijZE_QBbVCpDDDyNE294PNbPsF7Yf0cuxeyJHFOQdW" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">However, the “./configure” program was automatically generated at runtime of the build process in the virtual machine from autoconf. So this is not a file that we can edit and fix the error above. However, we do have a “configure.ac”.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Go to the location in your file system where we expanded the OpenSSH archive
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Here we can see “configure.ac”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="116" src="https://lh4.googleusercontent.com/FVT5M-8k6mlGHe71G7PG49KrHPp4QWSM-gTE8XPG_c_LSaJzph0y0zdrAHMdcQxuzrbxyhztrUbBp1EIIGBHw9TF1CJaiAGx5XjuWnTsqSkyDL8DCBmvjMRiXFJctsz9fx29pw3e" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="203" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Open up “configure.ac” in a text editor
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we scroll to the bottom of the file, we can see that there are only 3,825 lines of code</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="122" src="https://lh5.googleusercontent.com/6GTgwdr9iT5p9JzwcFG6Aqlh53jS6Wr_HolsGj6ANsta3zV_j4xcCQqpUrSdEvm5qwrQ-CVPUDs-DPRe9EhlZTYbBgGnjNfp3m_HriyEMtZaSDQVktU_aluNfBzpA50QFWIfMkFn" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="204" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If there are problems, we may be able to find a bug report relating to something we encounter. Luckily for us, there was a bug to address the problem we are seeing above. Let’s review the release notes for the next minor release of OpenSSH which was 4.4.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see the release notes for OpenSSH 4.4 below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://www.openssh.com/txt/release-4.4">https://www.openssh.com/txt/release-4.4</a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the end of the release notes, we can see bugs filed in their bug tracking system. One particular bug seems to be directly related to the issue we see above.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="81" src="https://lh6.googleusercontent.com/adWonj-3OljryYTdRuffyQ0clTKIkF7-X4MSXbeFnEZPDauodOrMDzK26vWIxVPxJrYEjkv4_kAleMuixXRZW02x1KXXPg8g1TCP6M590zhigKqq5S61X09BnKYB3XxQJD50OxLi" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="483" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the top of the list, they provide a URL to their bug tracking system at
<a href="http://bugzilla.mindrot.org/">http://bugzilla.mindrot.org</a>
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Open up a new tab or window to <a href="http://bugzilla.mindrot.org/">http://bugzilla.mindrot.org</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="259" src="https://lh4.googleusercontent.com/8tH7Mhgbi5k-lxvVFD93iB7v1fgPYLihb0A0RltLVsGr8OfDzBb_UKqIoNyTXDhunVI0Y3tQQ4LfcCveK3meBkMn3HADKKKW8r-jisqrqpNjnIr3HID-BuniumhT_5XCTUmAXUAD" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Enter in 1203 in the search bar and click “Quick Search”. “1203” is the bug number associated with the “configure.ac” issue from the OpenSSH 4.4 release notes.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Quick search brings us to <a href="https://bugzilla.mindrot.org/show_bug.cgi?id=1203">https://bugzilla.mindrot.org/show_bug.cgi?id=1203</a>
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">There are a bit of detail on this page. Scroll down to “Comment 1” and click on “details”.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="65" src="https://lh6.googleusercontent.com/4Nq2FbuZvHT8MnBCqtEa55zve9G8Uei99fHGbvWYrLTVfZ2IvPxsfYf1L3Hi_tWej1aQlWdEIHzc9QsmfSvksarlq83uJW2z5oiLuPfzkceW_D420LiQBaeBnsJLEZ5-KOGYDEXg" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="537" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the details page, we can see the code changes added in patch 2 for OpenSSH 4.3 (known as OpenSSH 4.3 p2). We can see that line 1608 was added that was a “[” character added which properly closed the block in the “configure.ac” file.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="198" src="https://lh4.googleusercontent.com/ZzjJesamTeZaTmuCWhby42KaHBn3XsB47iSJhYW2fl_ciNYBhyVAgIWSEFKg5TznG4DUWWeh1ceb4Lvpr-S5z0Fe9Z0w7ixAGwuzU_uOIYeZgYYx1GHRq8LZfWRrABgjAbJM8oCm" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Rather than download patch 2, we are going to go another route</span></div>
</li>
</ol>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 2: Fix ‘er up</span><br />
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse to the file system with OpenSSH 4.3
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Open up “configure.ac” with a text editor
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse to line 1603</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="146" src="https://lh6.googleusercontent.com/BYrZYsXUMNsxj5y_JgdUyQlqpN0sLh5uIe6Wum7ZRpsBxSXwbmejlSIlEsPYKgRF_wCDF_UtlwhIqLX7gky4CjdLbYkwYYTI_aLAE-xFZxEA1xZ-cPtjVlxb3IQMoGPlXMecqM_v" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="484" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see there is no opening “[” line as we saw from the bug report earlier. We can see the previous block there are corresponding “[” and “]” characters. Let’s add in a “[” character.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now the block should look like this:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="166" src="https://lh4.googleusercontent.com/qQJU4jlQeGTa2eeRD190jkGyqQi9xxU0ifTit_OGAQalfDeKlSZY_vyXgaxqBDXjDCoZ4q1gbv6pKqGcSBuWUusdTTYyvIEtE7zATYnTTVyPxEW-kYJelWk0F1nIXPBGNe1-L8lh" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="478" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Save the file and close it
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Go up one directory and use any method available to you to archive up this new version of OpenSSH 4.3. For instance, on a Mac, right click on the folder and click “Compress”.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="51" src="https://lh4.googleusercontent.com/qrnAOCuW9Mab8TqeUvcrjhLiENDzQIZJxrI8R6l48rThhm4MJM-kC7vNiAAUv5dkzr9YHwCRDWYTz2gL38b9ShaXzt6h_gK8wNVXGyQY-M9DFrExwxnNbXIbwA-ZcTLmQ4jHIPjW" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We should have an archived copy of OpenSSH 4.3 with our fix for “configure.ac”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="73" src="https://lh4.googleusercontent.com/oOsQFWvSGmLCAFzrIVB78OHRm2fFRwKghHlzKgYi9Xi4ha-M9JcXvNcEOGvbPEyDyfmA90gEYv7--qNfsCBJfTvSCPguSuoq376ZVGu1lhPer5Yh3U8D2bVEddE_WUQD6XD-5MrY" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="314" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now we need to create a new package with this new version of OpenSSH or add this copy to the existing OpenSSH 4.3 blog package. Let’s just create a new package in the next section.</span></div>
</li>
</ol>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 3: Try this on for size</span><br />
<span style="font-family: arial; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Log into the SWAMP if not already (<a href="https://www.mir-swamp.org/">https://www.mir-swamp.org/</a>)
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">On the homepage, click on “Packages”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Add New Package”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Give this new package a new such as “OpenSSH 4.3 blog2”, upload the new archived copy of OpenSSH 4.3, and change the version number if you’d like</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="464" src="https://lh5.googleusercontent.com/R_movFiW4Bt0o3SREzb3-E6MjQG_b6YuARF_X5OluFTqXU7KvX49zaFoARC6SwHbcAL6SZ_tL0Z31bw0PXtrAY6RlOq_JNGoQrgK-IoUfNs_nSc4TXKg1bVv9WbUEG-qqB-1jhGq" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Next”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Your mileage may vary, but on a Mac, when we bundled up this archive, there are two folders from the root. There is the OpenSSH folder and a MACOX folder.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the “Source” screen, click “Select”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="240" src="https://lh5.googleusercontent.com/m3B6WFuUItP24xIDH9Jsy43yYahU0cfDq9M8ufdeKBE0aqZq1twTwyiPVvA-rOMeSH_d6JY6JifBBJWo9W6GF72S2DCQzUVJCQh8keDtXNfpB53zx_lUPkmorAEVML3amJKoDH49" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Here we can see the two top level folders</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="236" src="https://lh3.googleusercontent.com/nfNuv0ilQOW0woshytXfTmiLi3bRcFqivpkdMhx_vuwp6ckcQhFVCjWVUEENAegbQAuMxWmT4ZuBd0muAvTiUU7UAS-rsSmz-eiPthQqJiVpxQFxYjEFTxCSagCy7v6YBTHDXQ3n" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="462" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “openssh-portable-V_4_3_P1” and click “OK”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now we know for sure that the build process will kick off in the right folder as we can see below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="326" src="https://lh6.googleusercontent.com/4DYNAUGT-QP84QbIExeGlom-EIOojc00oYHA4hddQevC6x1NtRUGXM_-xanmKPAXRGlbQoxoirs_1_ReodRCaemJISBdnegJOpCx6MQZvoTR_9_R9bUZYca_RMc_n4Joeuilvegq" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Next”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the build system to “Configure+make”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add in “autoconf; “ in the “Configure command” line</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="358" src="https://lh3.googleusercontent.com/7IQI3v8Pb3z2CT0gEjQT_wFokSoGDiVJDjIt8UD3DiJpfub5fjeMkYCunmiGcLOJ-TCMlnswXPi9LOgIz6j3YD7miIzOvcL3jP2F6d6zpqo-2asg2xao9TFa8w91Qi_JutXq2S9M" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="549" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add in “; make install” in the “Build options” line</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="290" src="https://lh3.googleusercontent.com/8uyRMh-oJehYvw8UF4X5ytJRPb8GTIe6zvqkSEIwfjY5xU_TopV6WCq9hTV3yXjxSfTkkOQt9Jwrsnpk1CLtPL3P_gdAA8Qsrq-yhu0Uph1WfPTIxex0r7E6DeUyxJJoZYsl3bTE" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="455" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see the commands that will be ran in the build process in the RHEL VM</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="407" src="https://lh3.googleusercontent.com/zeE48uX1ubQyk6DiMvqqsraBEH-tsuVSphleWHjbQkWM3qzEhsmZLajaX4OfABf1wzm2oWzr3dNsQ3rz1duWDkh5gFW7JDtnDECAxFQ4xKhJP0VjL2RMOMbOpa3vHfsTb8lcaXW9" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="514" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save New Package”. Sometimes I have to click this button twice.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” to the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Details”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="240" src="https://lh6.googleusercontent.com/IwEoELRFP1lYDRiOpoBqgTtNxUEQ74iwkTRxojpbTzg5DTL7EobWkoP9GMZZugZ1BbS7Uk7vb8F5DjkMYsgH7lp-I9mabQPR1R05PRb5NtRaleZDWpAUDULoSNg9RhU7KFGbk5QH" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="397" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Run New Assessment”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="501" src="https://lh6.googleusercontent.com/YyvvodprV76bgnTtuIawJ8KwAE1tMS308hyFWimOwfK2xWnQqn1eR_9YupK5qBftXVKO0_wHs0MBjOvOfZWhKlGQ6-sSjJsIejsfuNN352X6Z3SnVcftVx202wfuSByweZvAlvA7" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the “Platform” to “Red Hat Enterprise Linux 32-bit” and click “Save and Run”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="423" src="https://lh4.googleusercontent.com/eI7YQRU9HwGbDnXcVqM4y2-Krs4XVuGhgoJiwsgMdxh41msVNfGnIXyVegaff9RPQVknp0KLaOAhTu8Gs79ZZdz3j-jrNuxSs0JMOD_G9tWvuFgWQweiwZcbaz0bTGUj8YVLQH32" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Check the box if you want to be emailed a notification. Click “Run Now”.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="237" src="https://lh3.googleusercontent.com/O12AmX_KKPHAXYRdA_VO9_RllOzeQKkYa3Q1cYJfkbWuY8RP6YAmvBBOR3Xdvytrw2wE2hvCbunuTYvQGEM--v7goVMxFIKpWxis0EMNDIZWq3C0w7kRtLYX8Rb1yOPVhv6elTog" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now we wait for our build to process and see if this build was successful or not
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Unfortunately, this still fails, but it’ll be a new error!
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the “!” exclamation point on the Clang line
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom of the failure report</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="517" src="https://lh4.googleusercontent.com/l1ai12QSlUoAQYg-6i9LUUiqiMJr3ySmQBuGiCqsXmVzRzXxGKwr8_4E2fJ7TtO6MxeYX6akpmli1ODLuCOKMBEbZB2bT3i9Qe3fey0CJgNdDJkCK0WDaVsQFbw4PSoJABtYJrAI" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><more lines from the configure output></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="291" src="https://lh4.googleusercontent.com/MXzHrqCLDcauFOR7sw9m5ldtAk_dvzlRAC3baWfYYd-pxz7QGKbN0fko0KwkPLo2WV_kdmx1Nz6UlHipCFxoFg0HkdaEsNSg28cH4pUlzhSDIfoL9oPMVqLXQPLld2tXbwMJ1BqP" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Well, now we have a different error talking about “config.h.in” missing. As this file does not exist in the file system, we need to investigate this in the next post!</span></div>
</li>
</ol>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-608573392097755552016-10-20T17:00:00.000-05:002016-10-20T17:00:03.156-05:00Fuzzy Assessment: Part 2 - Knowing your way in the SWAMP<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The previous post introduced the SWAMP to perform a software assessment on OpenSSH 4.3. The motivation was to see if modern tools and processes could automatically identify the issues called out in the book from manual analysis in 2006 as compared to automatic analysis in 2016. As we saw in the last post, doing a “next next run” process of adding a package and performing an assessment did not produce helpful results.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Let’s take a deeper look at the process to understand more of what is going on. This post will go over the files needed for the build process, explain why more commands are needed in the build process, and change the build process from the recommendation.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;">Section 1: Let’s take a look under the hood</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; font-weight: 700; white-space: pre-wrap;"><br /></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As we saw in the previous post, when we built the package, the wizard told us to fly, you fools. No. The wizard told us that there was no “Makefile” and in the failure report we received after the assessment indicated that there was no “Makefile”.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The installation instructions from OpenSSH said all we needed to do was, “./configure; make; make install”. From a basic high level view, this process gathers up the various source code files and produces a working binary. Let’s do a level set. Let’s find a “configure” and “makefile” in the OpenSSH directory.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse in the file system the folder containing the extracted OpenSSH contents. Or, unzip the OpenSSH 4.3 zip file if you haven’t already.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Here we see that there is no regular “configure”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="113" src="https://lh6.googleusercontent.com/juZoE-MxNpopLqAJCT9lByfjMg3EMfoomZAwyj8iiOJJ9XVTG1PrPI25tJYr_oIewBlLIdKpYKRexowDI4FiIN3Cu2KM5FbOzUxNNcGZ7uS345xbmCdrFYHYqDIkoOMeL4C9rB9W" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="220" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Here we see that there is no regular “makefile”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="119" src="https://lh4.googleusercontent.com/FvrJrmFI3vemvG0utQ5Mk1vlRVCaNx-9YV32ftMfC1TjSoVPzzsS0qcl5cETf46LzFGpeY_2ffMonCquFrDgVEeolKt1eyiHcoNh9lfiIBGPAdhN-zbj2dHOJTUq0GrGvTmpURUq" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="154" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Those files are like that because…. reasons. No. The configure and makefile files are in those states for portability. The previous post was a run-through of the entire process to get familiar with how things work. We need to understand why the files are like that and how to work with them.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The three articles below really helped me to understand why the commands in the next section needed to be done with the files in the OpenSSH directory.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://robots.thoughtbot.com/the-magic-behind-configure-make-make-install">https://robots.thoughtbot.com/the-magic-behind-configure-make-make-install</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="http://www.ifnamemain.com/posts/2014/Mar/13/autoconf_automake/">http://www.ifnamemain.com/posts/2014/Mar/13/autoconf_automake/</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="http://markuskimius.wikidot.com/programming:tut:autotools:1">http://markuskimius.wikidot.com/programming:tut:autotools:1</a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">From the above links, we need to do the following:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">autoconf</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">./configure</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">make</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">make install
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s add these options in the SWAMP in the next section</span></div>
</li>
</ol>
<div>
<span style="font-family: "arial";"><span style="font-size: 14.6667px; white-space: pre-wrap;"><br /></span></span></div>
<div>
<span style="font-family: "arial";"><span style="font-size: 14.6667px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Section 2: Let’s change it up in the SWAMP</span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Log into the SWAMP at <a href="https://www.mir-swamp.org/">https://www.mir-swamp.org</a>
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “Packages”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the name of the package. In this instance we’re using “OpenSSH 4.3 blog”.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom to see the version 4.3
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the number. This is an instance where changing the build process is not very intuitive at first.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="282" src="https://lh4.googleusercontent.com/5_UrUTMMz0cbK6sIlPbFzd41o-a-7tQdnKbnPQtw_2JuZ3IUAMO8cPlvA7zu8iTEB6dUjKGz-0V4TlxbwHuw5sW8LsmuvNwLuKG8_wDwxRUyzujM2WDrVz0Kkep6vZycHJF67wto" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Build”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="404" src="https://lh3.googleusercontent.com/-Eyd-WxOCRQVF2URZbdL0sb7b9mME8-avEQywtirmfjIwDB6k7u2a3lT698BWdCgot1NolHILw2TSOIVcsw5yWLTKdMRrY5G7oY7Pl1UvLtyEqOAxWbwkKUcmwAnZl-JNAOl1quF" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the bottom and click “Edit Build Info”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the build drop down from “make” to “configure+make”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="192" src="https://lh3.googleusercontent.com/-rxVobymVsStECRRyGEKMV0mPsxr4cOe0I1PFTNpv1LTbc2hKxTdleQ9EGnU6xBO9JlscHE8nlMudgmBu1nowNK7ssaeLduQClHGLPzE2LdHG_9E8zvFTHRBtop_HEDVoH2WuOVD" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now we will get additional fields to play with to change the “configure” process and the “build” process
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As a quick peek, scroll to the bottom to see what would run if we stopped here</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfD7cfW-yvWeeL-7_YgTU33m6bFAvALjwmdNyAXArLMJWTuw1B9nxkepWXuBmn9le1ApR9f0Ke1t3oJLq5nRemI_EwSJqPuKkZrwnSwUKmCpI37M7-l2k00TGBB1w-hWPvlwtofarfBPsU/s1600/fuzzed3.png" imageanchor="1"><img border="0" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfD7cfW-yvWeeL-7_YgTU33m6bFAvALjwmdNyAXArLMJWTuw1B9nxkepWXuBmn9le1ApR9f0Ke1t3oJLq5nRemI_EwSJqPuKkZrwnSwUKmCpI37M7-l2k00TGBB1w-hWPvlwtofarfBPsU/s640/fuzzed3.png" width="640" /></a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">With the auto-populated things in place now (./configure and make), we just need to add “autoconf” and “make install”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll to the top to the “Configure settings” section</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="295" src="https://lh3.googleusercontent.com/484oVdtHFxhVL5_7EwCwx99SPkW-rGMQPeFYfjpQGBx20qLePx3wdfpI4bEybHDw8GyMw__YUn_j5PNqZoW-NtKgnJYOHk9_FVkR22VVStKIt2p6QQy1LV1QZRiXl0lM1NgjpuW2" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="506" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add in “autoconf; “ before “./configure” as below</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="291" src="https://lh3.googleusercontent.com/0ch2eQ0A9BYgytuCYVTUw2FKN1HBP2cYbtdUa2AaQdZ_8vGRjLVevjqYNklIiz7WtzoCkTz5p0dFWResE1NZ4G7qWFf0-D3yUma6AGbnPTcC2rxu5KaRXUDMnHwrx5B_63FAGfa7" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="519" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the top, click “Build” to configure this part of the build process
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll down to the newly popped out “Build section”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="188" src="https://lh6.googleusercontent.com/B7L9LCCJQtofK7lIr8WAGWkwtAV9h91rFitGvHFUDa-IkRWrtF9GuXohB8TuwmxMqa7FeS_rHtma4id2JC-npy3jEAXIqjm9o0cL09bXfm8PgVwGRmiukVF63h1OxsGMDXFpcOvR" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Add in “; make install” in the “Build options” text box</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="186" src="https://lh6.googleusercontent.com/L5iKDJa4M6HT18zWb76vyi8hX1_g7h5lrSuZayj8HLY0mHRj4oCFfn4FSh6zd2SXCcXgXPrYz_duDOJ9oWvyt_UWr-h0zKxjQcHAogDcxbuJCE9NX8SXjJ0Y0TjRVhUe87nCP3Qo" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we scroll to the bottom, we see our new build process</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJkwOPDuvfhjJxYeryXuisp-IW-kVcNBEEUw3htBNRlil3hZGX13HMC1I8AEB-Ceg89PDpB5LluI_EL369Fwh-PDzHJYxhvn2zfXNSJnXU5uzwuiHeEhDvd6TrfyfL-8BKPGmfQ_rq_AZ3/s1600/fuzzed4.png" imageanchor="1"><img border="0" height="286" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJkwOPDuvfhjJxYeryXuisp-IW-kVcNBEEUw3htBNRlil3hZGX13HMC1I8AEB-Ceg89PDpB5LluI_EL369Fwh-PDzHJYxhvn2zfXNSJnXU5uzwuiHeEhDvd6TrfyfL-8BKPGmfQ_rq_AZ3/s400/fuzzed4.png" width="400" /></a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save Build Info”. Sometimes, I’ve found I need to click this button twice for it to save and progress to the next window.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The output from autoconf will create the necessary “configure” program. The configure program will be able to ingest the “makefile.in” file for the rest of the build process to continue.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Details”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="227" src="https://lh5.googleusercontent.com/ThaPMQNiXDzZ6IH9HSB2NvHhu9M1gbu2fV2UptQUADD1hPioyaHeIAp99iPI_PX5x-I87G8Z0PYUESE_P8EAfPkKqjJIMc_cprvBTl1BO8NnHXGQqpG82Nk1o4DbTiaB_GNVDaNA" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="474" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Run New Assessment”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="497" src="https://lh6.googleusercontent.com/YBORWINGcIoQO7uwRkmdeXebrU9olA0Fp0CItNeMn2JPvaKnkgmDaeR1AFjRf2P_Cdar-vjEgI7w5gZht7Og9fqycjCJ_ZFQ6JX550Abknf6idoxOTZDTllBfYAl3g4dJYm9y3KS" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Change the platform to “Red Hat Enterprise Linux 32-bit”, then click “Save and Run”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="326" src="https://lh4.googleusercontent.com/r0GOkbX3gc9pVUJMAEuKKwUGx-OGXokQU4a_WcBva5dMN-NdrbNR59n8_70dP7y6Mxg4nZNyD_N_IphQRgVMASrFPSbR634mi78DZ3ATTyJZ7Y5omXLBy4w8aVnp5UiRUs9c5Qjj" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Check the box if you want to receive email notifications and click “Run Now”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="237" src="https://lh6.googleusercontent.com/Zwl2ZlAYNp7gtEkUDkeplgum6L6Mj9ZV6c6XkVpAb0fEAJTsqmjHYjH5Ll-4Wmz92vv04CzN5uwWM6v22O6T5iQjbS1PkEtc0TtGC_GqILbfmZ6sNg20SxSEgkkTsnSpDzFOk_mv" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The “Auto refresh” check box may already be checked, but wait for the assessment to pass or fail</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="183" src="https://lh6.googleusercontent.com/Bxr2D4YmxgouaP-Q1o7_GILQJ9Ief6HqvuzUVfYXqqleOl5MEx_V7n1ClAYGkk5f9hXf1j6Hyfm4hgs5WV05sql-s3ixi59uGPzvW-GIsDDQC_1GVaxm9h_jxOjytCTw0s1S_j-g" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Unfortunately, this build will fail as well. But, we are getting closer! :)</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="175" src="https://lh3.googleusercontent.com/qGGzq43WIs8-EiKf5-WnG8_gLmNaw6ERTykpB-Z6tIkAPchOhsDcx2IrIPnwBnuxuC4hvqA2f5uQ2yk7_-IGxdsR8IuvBZnCVtyiluesvSBJr1-MKRle8NFdQXJbSaUp4MMCMsMk" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the “!” exclamation point on the Clang line
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see that we get much farther in the process with the automatically generated ./configure file. However, we see an error with ./configure.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7ZajNn-2rSUgoj8UiYaxW_ddTbeEYFUe0ksGJ5KLy6N6ge63s2m9MYC1X5aYplvdEDv1iVwGFmt6KklLsLQJKRiUBFvecN86BX2-zkHCgl-LQMvrf5s05UHJv51ct0hxhi6UCSuwOI1y5/s1600/fuzzed5.png" imageanchor="1"><img border="0" height="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7ZajNn-2rSUgoj8UiYaxW_ddTbeEYFUe0ksGJ5KLy6N6ge63s2m9MYC1X5aYplvdEDv1iVwGFmt6KklLsLQJKRiUBFvecN86BX2-zkHCgl-LQMvrf5s05UHJv51ct0hxhi6UCSuwOI1y5/s640/fuzzed5.png" width="640" /></a>
<long section of similar output>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3NYbEpLQX3ZifAt2bE309oxR772NQJWmNPdELk1rFm-f9yIijwVEp-ZQp7UrnGxvYEgzNUb378Wb1cN4tTCNsv3fjg1wBcoYfKExDog5YXo1RS9NYdgrYDkMVoaHU-d0Hlf6Mm_M9rLF7/s1600/fuzzed6.png" imageanchor="1"><img border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3NYbEpLQX3ZifAt2bE309oxR772NQJWmNPdELk1rFm-f9yIijwVEp-ZQp7UrnGxvYEgzNUb378Wb1cN4tTCNsv3fjg1wBcoYfKExDog5YXo1RS9NYdgrYDkMVoaHU-d0Hlf6Mm_M9rLF7/s640/fuzzed6.png" width="640" /></a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The next posts will address this issue and additional errors that we will run into the farther we get into this process. However, once we resolve these issues, OpenSSH will be built correctly and we will see the results of our work!</span></div>
</li>
</ol>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-13008955058633117342016-10-18T17:00:00.000-05:002016-10-18T17:00:00.449-05:00Fuzzy Assessment: Part 1 - Welcome to the SWAMP<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Between the DVRF series and other things in the works, I have been reading “<a href="https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426" target="_blank">The Art of Software Security Assessment</a>”. I recently finished reading the fourth chapter which concludes with a case study of OpenSSH 4.3. This case study discusses review points for the reader to further explore such as reviewing SSH RFCs along with various OpenSSH C and C header files. Different issues are pointed out to the reader to investigate such as asking the reader if double free vulnerabilities and memory leaks can be identified.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">As a point of reference, OpenSSH 4.3 was released in February 2006. While the book also came out in 2006, automated assessment tools have continued to mature. I wanted to know if modern tools today would help provide insight into the vulnerabilities mentioned from security assessments referenced in the book.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">There are assessment tools mentioned in the book, but that was ten years ago. Looking at tools available today, there is one particular open source project called </span><a href="https://www.mir-swamp.org/" style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;" target="_blank">SWAMP</a><span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">, which provides tools to assess software available on multiple platforms and languages. Below is an excerpt from their </span><a href="https://www.mir-swamp.org/#about" style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;" target="_blank">About page</a><span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">:</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">“The Software Assurance Marketplace (SWAMP) is committed to bringing a transformative change to the national software assurance landscape by providing a national marketplace that provides continuous software assurance capabilities to researchers and developers. By providing software assurance researchers, tool developers, tool users and educators who train our workforce a suite of secure and dependable analysis services, the Software Assurance Marketplace will reduce the number of vulnerabilities deployed in software.”</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Unfortunately, getting acclimated to the SWAMP can be confusing. There are a lot of things to click on and documentation is not very straightforward to walk you through the process for everything needed. However, once you play with some of the existing projects they have available to you, it becomes easier to use. I am going to walk through the process I took to get OpenSSH 4.3 evaluated by tools available in the SWAMP.</span><br />
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">Section 1: Get OpenSSH 4.3</b><br />
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse to <a href="http://www.openssh.com/">http://www.openssh.com/</a>
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on the “Linux … For other OS’s “ link on the left
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Under “Developers” we see a link for repositories hosted at GitHub. Click that to bring you to <a href="https://github.com/openssh/openssh-portable">https://github.com/openssh/openssh-portable</a>.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We are in the “Portable” version of OpenSSH hosted on GitHub. Click on the “130 releases” link for this repository. We want to go back to version 4.3. Also, the number of releases may be different by the time you read this.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse through the list of releases (back a few pages) to see the v4.3 P1 release:
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="93" src="https://lh5.googleusercontent.com/1kD_-4L02XjaYnZJOqti79Sf7ZvM-zd8itReBMaAxlmuTD0vCA6ogkBvW0QfbCDqhBMRq1sfcQg0tM4jp79E61DXxNYgpGO1pIGS01pfCg4NRX55o9hFzRamruF7E0aw-CI4U8eC" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="476" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click on “zip” to download the archived snapshot of the OpenSSH v4.3 P1 release
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Extract/double click on the downloaded archive to open it up
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse through the folder of OpenSSH 4.3 to the “INSTALL” file
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Open up “INSTALL” with a text editor
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">To perform a basic installation, the instructions are:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">“To install OpenSSH with default options:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">./configure</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Make</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">make install</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">”
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Seems pretty straightforward to get this installed</span></div>
</li>
</ol>
<b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>Section 2: A nice view of the SWAMP</b></span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b><br /></b></span></div>
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Browse to <a href="https://www.mir-swamp.org/">https://www.mir-swamp.org</a>
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Sign up to create an account and come back to the main page once that is done
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Once logged in, click on “Packages”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Add New Package”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Fill in the required details and other parts as you’d like. Upload the OpenSSH 4.3 archive from the previous step. Click “Next” once complete. This is mine:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="457" src="https://lh4.googleusercontent.com/wxHmtoLnbmdAziHMUn_guEqR-1RM6anHIjDB-77eVp_9TxZhP0PyYeqygQVcoMuHd7IaNKjQtw_QY39onjY6mXXL0JSWqL6e4YZQ_nucHM_PdKFdKTAzXOJxrnRZdHIdh5SOtJI6" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This next step should fill in the details automatically as below:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6PLg1xuekjtk1RsHfwMYBD2KBSaztcW52Kq7Ke56b_AqoWm011doxpD7rb-uHp5Pbdydh09MXrnjVw5vT6F5pXkpucV9atqyt6r95LJXWwgIRMxVKsenraiueudFmnejPaosWya7ODAzK/s1600/fuzzed1.png" imageanchor="1"><img border="0" height="317" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6PLg1xuekjtk1RsHfwMYBD2KBSaztcW52Kq7Ke56b_AqoWm011doxpD7rb-uHp5Pbdydh09MXrnjVw5vT6F5pXkpucV9atqyt6r95LJXWwgIRMxVKsenraiueudFmnejPaosWya7ODAzK/s640/fuzzed1.png" width="640" /></a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click Next
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">This page has a lot of options and things to add in as we can see:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="343" src="https://lh6.googleusercontent.com/XltLvoBlqj3O3ZqsuGiIcq85_kodyHlg9NmIpjccdARdFDVoAuweDQP-d1PrT52HSsbdWRbXdzQaQ6De9ccloHMS67DgjnSJCO5upS0mHYK-3bMqorljBldav4tXKknrXG6KRrab" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiuleszGcysF8iflr3LaD3Nrpe52zZ4i64mXZr5uIaalM-JLz1ZBL_ujlTNZbTxpoHnmEno4MlFHGnsSApf2F18v5NFetKrebfV35Zlp1Pm0G7lUoQpPPiAIHjn6kFDWYqv0eWmk1MMUWD/s1600/fuzzed2.png" imageanchor="1"><img border="0" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiuleszGcysF8iflr3LaD3Nrpe52zZ4i64mXZr5uIaalM-JLz1ZBL_ujlTNZbTxpoHnmEno4MlFHGnsSApf2F18v5NFetKrebfV35Zlp1Pm0G7lUoQpPPiAIHjn6kFDWYqv0eWmk1MMUWD/s640/fuzzed2.png" width="640" /></a>
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The “Build script” window is the most important window to focus on right now. The contents in the grey box will be executed on the virtual machine in the SWAMP. We know from the instructions that we should do a “./configure; make; make install” to get this to run. We also see the warning in the yellow box that no “makefile” can be found. Let’s see what happens!
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Save New Package”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” to the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Now that our package is created, scroll to the bottom of the window and click “Run new assessment”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The assessment window has many tools available to run against a variety of languages. You should be here now:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="465" src="https://lh6.googleusercontent.com/eG1K-hPehFU-CWNj5g_B0ZDpP4VHIiEcru64PVuGIqo5MU06LgSgn5lPUb94bG5U7FSNQPy_qS0stC3MdhKpQ7zxC7nGmK9oD8ETluP8Vol9b-WgSDeIYaZeIq_tVJNpawizJwFs" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We’ll let the SWAMP use all <a href="https://www.mir-swamp.org/#tools/public" target="_blank">available tools</a> with the latest version possible
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">For the Platform, we have a variety of Linux options. As OpenSSH 4.3 came out in 2006, we should stick with a 32-bit system for better compatibility. We can see a selection of options as below:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="376" src="https://lh5.googleusercontent.com/0bdsPEr-KRLPg-nzWSuJMsN0ym9AR1HlS43n1Abc4LWqJpqL4sqpZp41DZQp0GZMNZk40Qa0V09vAYcpfcnd_-AMu5Mfd5lNYn8ADTKtCcssAxNmu1hKNuBe2az7Tgr_p0nwBWrv" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="403" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Choose “Red Hat Enterprise Linux 32-bit”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">At the time of this writing, there are two options of “Latest” and “RHEL 6.4 32-bit”. Both choices are the same option of “RHEL 6.4”. Leave it as “Latest” and click “Save and Run”.
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">You can chose to let the SWAMP send you emails about the status of the assessment and if you want the software to be assessed.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="238" src="https://lh5.googleusercontent.com/MOsal56HAi5SFSNVybJWRdgBVnJW8YngW5btFb9nvdwCL8R8sHJjvB1KOjkRFPo2orqzbA7Ap-WopGyoa0GQRzPtCW9k4hRiAHjHODi9tVax7uzdADaWXXQC8pP5pUfrDg8bOfHa" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “Run Now”
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click “OK” in the notification window
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Click the checkbox for “Auto refresh” for the status to be automatically updated</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="337" src="https://lh5.googleusercontent.com/-bNPg9g9P2cbCfiRuBdZup6fHyysWzF5ZKQiSkvaMnKrDAssMkZrp0jZ1_3FJUY-II5FkJWzDOKDLHdn1qSv42Pn7SPHiH07tjLS1k_-3oNHuWFKV7Gk3E-MSb9lOsgwItaGzhuG" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="535" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The SWAMP will process OpenSSH 4.3 against the Clang Static Analyzer, cppcheck, and gcc tools. Here are the descriptions for these three tools from the “Tools” page:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="http://clang-analyzer.llvm.org/" target="_blank">Clang Static Analyzer</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="52" src="https://lh5.googleusercontent.com/lGCSuDwVZRI13a7cUDewMVaMkayIGIVCLzC58V_KMMfEbvwwn7rvp9deXrzWneKFMCzkqXtUHP8xyjmihQddCr9e_-T1HYIQkwFsTbR_Qdtt3zYM17K2K7rzxzESfb8OWrKyac4t" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="http://cppcheck.sourceforge.net/" target="_blank">cppcheck</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="99" src="https://lh6.googleusercontent.com/tSEkc3bqEDWuSQZIHctF0GuOr6hvJR0nUJiLmtbyX__mZzDPTGw6mhVYLdwqOnbOI_wJzmclog87_iDDaodGNrL8kxWhRLefDjb2Y5SgPZKcXujVBY8Ub1aME-ysNYMElaQtIttl" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://gcc.gnu.org/" target="_blank">gcc</a></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="48" src="https://lh5.googleusercontent.com/hBHQ3J9HXnkZa8Fv7hVM1xT1rKiOPWY6cfCKVGcg1cKArpoDmYRDeD-Ke-NLl_UFAvh_fiV1GaCLP8ZrO2jmR7Z7s44yBSWFBZ9T0_UWkhYK33oHzl_d9wwrOhFo__DK37WWdzKl" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">After a short period of time, the assessment will pass or fail
</span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Unfortunately, this assessment will fail:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="185" src="https://lh4.googleusercontent.com/W-zELe5BlrfeQ1Br8-0xZxF9LBFqEhC7Z86nIy2fgQ04sCYiSjKAjybWflf7bvvLFVnhv5jNhHdUzoD_jyqig5bJtLCix5h6X1Mn92qzBo9WQSW4o8HDpGFDout1A2p07bJf5bSZ" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we click on the exclamation point for any of the tools, we’ll get more details of the failure. Click the exclamation point for Clang to open up a failure report.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="143" src="https://lh5.googleusercontent.com/9p-QXLDIZapnvqgo85A93e4TDnj7R13Rk8cDAC9tc8q4FL1fHxy7V_2bWoyqZMBhmyd5VGEdTSakYrCl55mlynrez7GCNAVy5Ejet4T16vFKGtVqVpyULcuqrLphPgp5aNbOHYQ0" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="196" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In the failed assessment report, we get a lot of detail. At the bottom we can see the error of why this run failed.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="495" src="https://lh6.googleusercontent.com/ybHZJIPvZIg0QMJCPvt6GZYX9mTk0di7w4__D7Nk2A5AWqqT0BRB9weXdKZvtHyWwN-mWo56CW8a31wgOHKSU4DOqtKPxdzuO-pYYYYXspp4ZEGoSXehVo3g1dAoRbtOkdF7PgbP" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As we saw from earlier and now in this report, there is no makefile to run. That issue will be covered in the next post!</span></div>
</li>
</ol>
<br />Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-72831370353384111142016-10-14T17:00:00.000-05:002016-10-14T17:00:29.640-05:00Fuzzy Assessment: Intro<span id="docs-internal-guid-7b8677b9-c4ea-fc06-21d7-bf9aef1a37d5"><span style="font-family: Arial; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;">This blog post series will explore topics such as software assessment and fuzzing. Other blog posts are still in the works (such as for the DVRF series), but I wanted to spend time with a series of posts focusing on this. Look for posts in this series soon!</span></span>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-68941213490661743022016-10-13T17:00:00.000-05:002016-10-14T16:50:04.921-05:00How would I make my own OS?<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Recently, a friend told me that his son wanted to build his own OS based on his own hardware design. He asked for my thoughts on how the son should start this endeavor. His son had found a lot of resources online where he could send in hardware designs and create fabrications based on his designs. The son wasn’t sure where to start or what to do next, but wanted to focus his efforts toward an Intel-like design. Rather than spend a lot of money up-front and possibly incur a lot of frustration, I suggested another route.</span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Without knowing the computer knowledge of his son, I suggested an approach of learning how programs work, how the OS works, and then down to hardware internals. Thankfully, a lot of these resources are free or low-cost and can utilize computers you may already have at home. The biggest investments into this endeavor are time and wanting to learn. It was fun to put this together and thought it would be a fun blog post!</span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span>
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>Step 1: Learn C</b></span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">The first topic to learn is the C programming language. Why C and not Python? Or Ruby? Or Go? Or X, Y, Z? Many software resources provide examples in C of how to interact with hardware. C is used in many places and a common way of doing things in a fast and portable manner. If you learn C, you can pick up C++, Java, C#, Python, and other languages that much easier. There are a lot of ways to learn C that available across the internet. One of the ways I learned C and I’m sure many other people was from the venerable K&R book available on Amazon.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">C Programming Language</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="https://www.amazon.com/Programming-Language-Brian-W-Kernighan/dp/B009ZUZ9FW/ref=sr_1_1">https://www.amazon.com/Programming-Language-Brian-W-Kernighan/dp/B009ZUZ9FW/ref=sr_1_1</a>
</span></div>
<b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.6667px; font-style: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><b>Step 2: Learn how popular operating systems work</b></span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">With a good foundation of C, you are able to get a better idea of how popular operating systems work at the deeper technical level. When you start to dig into the internals of Linux and Windows, you see function calls, structs, and other programming concepts. Without a good foundation of programming concepts and how these things work, it can be overwhelming.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">The first OS to learn more about is Linux. There are many free and supported ways to get current and older copies of various Linux operating systems to play with. To dig into Linux, I recommended these Linux internals resources:</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Introduction to Linux: A Hands on Guide</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><a href="http://www.tldp.org/LDP/intro-linux/html/index.html">http://www.tldp.org/LDP/intro-linux/html/index.html</a></span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Linux Insides</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://0xax.gitbooks.io/linux-insides/content/">https://0xax.gitbooks.io/linux-insides/content/</a></span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Linux Kernel 2.4 Internals</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.tldp.org/LDP/lki/lki.pdf">http://www.tldp.org/LDP/lki/lki.pdf</a></span></div>
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">[Update: A reader suggested "Linux From Scratch" as an additional method to learn Linux. Thanks David!]<br />Another way to learn Linux is to build it yourself! This site below walks you through the process to accomplish that.<br /><br /><a href="http://linuxfromscratch.org/lfs/index.html">http://linuxfromscratch.org/lfs/index.html</a></span><b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span>
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The second OS to learn more about is Windows. Microsoft Press puts out great resources to learn about a great deal of the internals within Windows. MSDN is also another resource to dive into after these resources below.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Windows Internals, Part 1 (Developer Reference)</span><br />
<a href="https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/B00JDMPHIG/ref=sr_1_3" style="font-family: arial, helvetica, sans-serif;">https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/B00JDMPHIG/ref=sr_1_3</a><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Windows Internals, Part 2 (Developer Reference)</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/B00JDMPIDU/ref=sr_1_4">https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/B00JDMPIDU/ref=sr_1_4</a></span><br />
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">Step 3: Learn Intel assembly</b><br />
<span style="color: black; font-family: "arial"; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;"><br /></span>
<span style="color: black; font-family: "arial"; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;">At some point in time, learning assembly is going to be required to dive deep into the inner workings of an OS and hardware. There are many great resources to learn Intel x86 assembly, but the resources I refer to most often and to others are located at </span><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://opensecuritytraining.info/">http://opensecuritytraining.info</a></span><span style="color: black; font-family: "arial"; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;">. The ramp-up with these videos to learn assembly as a beginner to tackling advanced concepts is well thought out and approachable. Plus, the resources (video and slides) are free! Like any complex topic, there are beginner, intermediate, and advanced sections.</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><span style="font-size: 14.6667px; white-space: pre-wrap;"><u>Beginner:</u>
</span></span><span style="font-family: "arial" , "helvetica" , sans-serif;">Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://opensecuritytraining.info/IntroX86.html">http://opensecuritytraining.info/IntroX86.html</a></span><span style="font-family: "arial" , "helvetica" , sans-serif;"></span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">
-- Companion book to purchase: Professional Assembly Language:</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.amazon.com/gp/product/0764579010/ref=as_li_ss_tl">https://www.amazon.com/gp/product/0764579010/ref=as_li_ss_tl</a></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><u>Intermediate:</u></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<a href="http://opensecuritytraining.info/IntermediateX86.html" style="font-family: Arial, Helvetica, sans-serif;">http://opensecuritytraining.info/IntermediateX86.html</a></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">Introductory Intel x86-64: Architecture, Assembly, Applications, & Alliteration</span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://opensecuritytraining.info/IntroX86-64.html">http://opensecuritytraining.info/IntroX86-64.html</a></span><br />
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><u>Advanced:</u></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Advanced x86: Virtualization with Intel VT-x</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://opensecuritytraining.info/AdvancedX86-VTX.html">http://opensecuritytraining.info/AdvancedX86-VTX.html</a></span></div>
<div>
<span style="background-color: white; color: #222222; font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Advanced x86: Introduction to BIOS & SMM</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://opensecuritytraining.info/IntroBIOS.html">http://opensecuritytraining.info/IntroBIOS.html</a></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">There are many resources at Open Security Training that apply as well and you should check them out! </span><span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">In addition to those resources, the manuals from Intel are the best source to learn Intel assembly:</span></div>
<div>
<span style="background-color: white; color: #222222; font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Intel® 64 and IA-32 Architectures Software Developer Manuals</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html">http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html</a></span></div>
<div>
<span style="font-weight: normal;"><b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b></span></div>
<div>
<span style="font-weight: normal;"><b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b></span></div>
<div>
<span style="font-weight: normal;"><b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">Step 4: Learn Intel based hardware</b></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">With a solid foundation of C, OS internals, and how things work at an advanced technical level, it’s best to put that knowledge to work! Intel has a Raspberry Pi like board called the “Edison”. With the knowledge gained to this point, lots of interesting possibilities open up! You could write a simple application and analyze how that program works (</span><a href="http://vivirytech.blogspot.com/2016/06/learning-with-dvrf-intro.html" style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;" target="_blank">similar to the DVRF blog series</a><span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">). There are lots of possibilities only limited by your imagination! The Edison runs on an Intel CPU and can run C programs that let’s you get down to a low level of programming if wanted.</span></div>
<div>
<br /></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.intel.com/content/www/us/en/do-it-yourself/edison.html">http://www.intel.com/content/www/us/en/do-it-yourself/edison.html</a></span></div>
<div>
<br /></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://software.intel.com/en-us/iot/hardware/edison">https://software.intel.com/en-us/iot/hardware/edison</a></span></div>
<div>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b></div>
<div>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;"><br /></b></div>
<div>
<b style="font-family: arial; font-size: 14.6667px; white-space: pre-wrap;">Step 5: Do it!</b></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;"><br /></span></div>
<div>
<span style="font-family: "arial"; font-size: 14.6667px; white-space: pre-wrap;">With all of this knowledge gained, now it’s up to you to continue the journey. By now, you should have a great understanding of how complex systems in a computer work together. You can continue on to build an OS or join a project to maintain an OS and have a good idea of how to proceed. Going forward from here only continues to be fun!</span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
</div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-37608410910636034742016-10-11T17:00:00.000-05:002016-10-11T17:00:01.060-05:00Learning with DVRF - Step 14 - Stack buffer overflow - Phase 3<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">A fun way to reverse engineer a binary is to run it attached to a debugger. A common debugger used on Linux is the venerable </span><a href="https://www.gnu.org/software/gdb/" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">GDB</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> application. There are many options for a </span><a href="https://en.wikipedia.org/wiki/Disassembler" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">dissembler</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, but first we will use </span><a href="https://sourceware.org/binutils/docs/binutils/readelf.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">readelf</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> and </span><a href="https://sourceware.org/binutils/docs/binutils/objdump.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">objdump</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> as they’re free and remain as valuable tools to master.</span></div>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s recap the phases to explore with the stack buffer overflow challenge:
</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 1 - Run it to see how it works</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 2 - Run floss/strings - Initial static analysis</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 700; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 3 - Examine it with readelf/objdump - More static analysis</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 4 - Examine it with gdb/pwndbg - Dynamic analysis</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 5 - Exploit it</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><br />
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Phase 3 - Examine it with readelf/objdump - More static analysis:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
<br />
<ol style="margin-bottom: 0pt; margin-top: 0pt;">
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In this phase, we will do a little more static analysis with the binary to learn more about this program to attack it in phase 4. We could throw garbage, 40,000 “A”s, or whatever and we may never get to where we need to be, to beat the challenge. We could get lucky and smash it with A*40000, but it’s not very efficient to manually throw various characters at it. If we can (and the binary isn’t giant like Mozilla Firefox), it may be easier to examine the program in a static and disassembled form as well as dynamically with a debugger to get a better idea of what we can do.
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As implied with the phase name, let’s start by examining the binary with readelf
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">In Terminal, browse to the pwnable/Intro folder:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">cd</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">cd Downloads/DVRF-master/Firmware/_DVRF_v03.bin.extracted/squashfs-root/pwnable/Intro/</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="30" src="https://lh3.googleusercontent.com/ViyklXxGdAsl7Quk81osdu47X5AlESTMi6rtrOTwoNrMR4LZuVpODBIqr3wA7T1q6cQXlKQutFk0D7uahrYIJNdQWgjw3u3KXtFqBq_tH2fJkpQHPEWo_jrdUHosRXpHk7ITApSc" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We need to use the readelf version from buildroot. In Terminal, type in:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">/home/andy/buildroot/buildroot-2016.05/output/host/usr/bin/mipsel-linux-readelf -a ./stack_bof_01</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="19" src="https://lh3.googleusercontent.com/wdlAE0nDWXY-vHiD0elIdo_WEJmhVvUvzb73iiGNgMizoydz0koycVXbt3oKnhQR0B0xW23pbdHdOqnnbpc3NF0dPW7hqkeeFcll8lbaW_PY00prKQGsvaKgZbyxDnW203r9jQP9" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll down to the bottom to find similar information that was helpful to us in the blog post for step 9. Here we can see system, puts, printf, and strcpy as functions in the global entries section. We also see the canonical gp value of 0x00448cd0. Exciting!</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="437" src="https://lh5.googleusercontent.com/9NA_gIbAjD-TArSDh0RqcNkKqk67D-3ZXdPdkN9ypA4UvbgiIQSG18gaeAa65sqTQR6MZo-ROspVmrRdKCoFc4CdOCS8LRehs16whowlfQqzuOsiNDkFsZPuqqnY79c0ZIQVsmHp" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">There’s nothing else interesting nor helpful at this time for us to examine in the rest of the readelf output. Let’s move on.
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Let’s use objdump now. In Terminal, type in:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">/home/andy/buildroot/buildroot-2016.05/output/host/usr/bin/mipsel-linux-objdump -s ./stack_bof_01</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="18" src="https://lh5.googleusercontent.com/2OYA5DhsIYyh7PxBHSVLG1VQb6FqFybnt_JiAIww9ayuN9LU4_r4g-XJnzPRsfYNdqiOuB2cU39ILwNnUic4aHh-7ytb7OEMk6EgsBIWw_KFfoNjhjFB5gS7BjXQF6ZJKYtfDZ7u" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="537" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Scroll up to the .rodata section and we can see the same strings we saw from floss:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="412" src="https://lh6.googleusercontent.com/tiu3PKxqw0toUE0wmjgh3KJoDCwlrMOxJk464Nsk1XVsHCCbhnEjYNd7Ba6_CfTTWqy2X2DXvcVDujjUDrmHdyv78rUJOXhfmDlrFJBuMJ6qSYZOg1LDzIu6NdkaGwHRhbtjMbiD" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="536" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Instead of doing “-s” with objdump, let’s get a better view of the diassembly with “-d”. In Terminal, type in:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">/home/andy/buildroot/buildroot-2016.05/output/host/usr/bin/mipsel-linux-objdump -d ./stack_bof_01</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="27" src="https://lh3.googleusercontent.com/ONtJpy1kCXCPVZbC1N27zzFJj0axurvTCA27r99h9F57ivnX_PmelLShbIiFtC7b4lyA98j37TxxlqPFmTsupFS5Ry4YuR3HjJQYGr2pt98uRoYMyjRt5BQfwC4mlrPJN7SfLNXC" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="538" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We can see, as in previous steps, disassembled output of various functions of the binary. Scroll up to the <main> function starting at 004007e0. Browsing through this function, we can see this function is larger than previous main functions we have gone through. In addition, there are new opcodes such as slti and beqz that were not previously seen.
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">If we keep on scrolling, we can see that there is a “<dat_shell>” function. Judging purely based on the name, this is probably some function that we want to somehow reach. If we look in the “README” file located in the pwnable/Intro folder, we see this text for the stack_bof_01 challenge:</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">“stack_bof_01 - This is your run of the mill Buffer Overflow. This DOES NOT require shellcode to win, there is a function compiled into the binary that is impossible to reach to normally. Your goal is to reach that function which will display a congrats message and execute /bin/sh.”</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">With this info, we know that <dat_shell> must be the function that is referenced above that we need to reach through some kind of stack smashing technique. Additionally, we can see the “Congrats” message in the .rodata section in step 8. This message is what we should see when we successfully smash the stack with the appropriate data.
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As a quick note, if we open up this binary in Online Disassembler, we can see in the main function there are three sections in the screenshot below. The link below should bring you to the same stack_bof_01 MIPS binary from the DVRF project.</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><a href="https://www.onlinedisassembler.com/odaweb/OXabeNP7" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">https://www.onlinedisassembler.com/odaweb/OXabeNP7</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><img height="373" src="https://lh5.googleusercontent.com/37LzGLojkooZ6iQzyrwnN8AqMCaHc5alzbG5zmVptLbykGdbj-EiqUgSvIrFtbhyYjVtE526-E2e5xus76ZM9aZa4yhzXDYIDtET6IMG6NElBaXUr0k4kg0JqTVkigQkD5ejqgNC" style="-webkit-transform: rotate(0.00rad); border: none; transform: rotate(0.00rad);" width="537" />
</span><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br class="kix-line-break" /></span></div>
</li>
<li dir="ltr" style="background-color: transparent; color: black; font-family: Arial; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; list-style-type: decimal; text-decoration: none; vertical-align: baseline;"><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As programs become more complex, we may not see main functions with a straightforward path of code execution. At this point, we could either step through each instruction through objdump or check it out in GDB. You could at this point choose to step through the program line by line with objdump or in some other form. However, we will take a deeper look at this program with GDB in the next post and see what we can find out with dynamic analysis.
</span></li>
</ol>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-65416649151351834872016-10-06T21:16:00.004-05:002016-10-06T21:18:58.167-05:00Nebraska Cyber Security 2016 Conference slides<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">The slides from my presentation, Intro to Hardware Firmware Hacking, are now available! Within the slides is the Python solution to overflow the stack_bof_01 challenge and produce the desired result. The slides are hosted at:</span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">http://www.slideshare.net/AndrewFreeborn/intro-to-hardware-firmware-hacking</span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0tag:blogger.com,1999:blog-6692635973462574922.post-80329782781926776072016-09-29T19:18:00.000-05:002016-10-06T21:16:59.034-05:00Nebraska Cyber Security 2016 Conference wrap-up<span id="docs-internal-guid-a75fe2b1-6239-d38f-3dea-53b3ad39c1de"></span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Thanks to everyone who came out today for my talk! It was a lot of fun. I will work on making any adjustments to the slides from the talk today and get them posted. Once they’re posted, I’ll make a post with their location for future reference. Thanks again!</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com1tag:blogger.com,1999:blog-6692635973462574922.post-14419831944324642972016-09-27T17:00:00.000-05:002016-10-06T21:17:10.845-05:00Nebraska Cyber Security 2016 Conference<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Where’s phase 3 for the stack buffer overflow!? It will come! Sorry, it’s been busy the last couple weeks. There’s been the CSAW qualifications that I participated in with a work team, DerbyCon, and Flare-On just started! Lot’s of activity in the community right now. The writeups for the DVRF series will continue soon! I will also convert my notes into writeups for the CSAW qualifications I solved along with the other challenges I was able to work on after the qualification finished up.</span></div>
<b id="docs-internal-guid-e41c6539-6235-8294-49df-dc79bd83aa7a" style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">I have also been working on my presentation, which is this Thursday, at the Nebraska Cyber Security Conference in Lincoln, NE. You can find more information </span><a href="http://www.cio.nebraska.gov/cyber-sec/events.html" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">at their site</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> along with a </span><a href="http://www.cio.nebraska.gov/cyber-sec/events/pdf/2016/2016_Nebraska_Cyber_Security_Conference.pdf" style="text-decoration: none;"><span style="background-color: transparent; color: #1155cc; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">brochure of the scheduled talks</span></a><span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. On page 3 of the brochure I am scheduled to speak at 1:45p and page 5 has the abstract of the talk below:</span></div>
<b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">“This talk is an introduction for people looking to assess software within the firmware of a hardware device. Specifically, the talk will discuss the open source project, Damn Vulnerable Router Firmware, provide a brief overview of the MIPS CPU architecture and assembly language, give a brief rundown of MIPS disassembly with tools, as well as demonstrate how to pwn some of the intentionally broken binaries within the DVRF firmware. The firmware for this project can either run on an actual hardware device or be emulated in software. The talk would show how this can all be done in software to provide an easy way into the world of penetration testing of firmware on hardware devices.</span></div>
<b style="font-weight: normal;"><br /></b>
<br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: "arial"; font-size: 14.666666666666666px; font-style: italic; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">As firmware on hardware continues to be more readily available (either from the vendor or by dumping it through hardware access), organizations and individuals need to assess the software within the firmware. Not a lot of attention has been focused on hardware and firmware vulnerabilities as we see with mobile and Web applications. This talk helps to provide more awareness of the vulnerabilities within firmware software and how people can get into this area of infosec.”</span></div>
<br />
<span style="font-family: "arial"; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;">It should be a fun time with a lot of great talks there at the conference! If you’re there, come and say hi!</span><br />
<span style="font-family: "arial"; font-size: 14.6667px; vertical-align: baseline; white-space: pre-wrap;"><br /></span>Anonymoushttp://www.blogger.com/profile/06723335725625621722noreply@blogger.com0