search

SamuraiWTF / samuraiwtf

The main SamuraiWTF collaborative distro repo.
https://owasp.org/www-project-samuraiwtf/#SamuraiWTF_Project
GNU Lesser General Public License v3.0
462 stars 119 forks source link

samuraiwtf login incorrect #83

Closed jfreedrice closed 5 years ago

jfreedrice commented 5 years ago

I am using the u: samurai and p: samurai, but it is not taking my login information. What could be causing this issue? I installed just the target VM if that helps. Let me know if there is any other info needed to address this problem. Thanks!

secureideas commented 5 years ago

Did you build using Vagrant? And did the build complete?

jfreedrice commented 5 years ago

@secureideas Yes, I am using Vagrant v. 2.2.4 and the build did complete. It is being hosted in VirtualBox and appears to be fully functional. I even ran the vagrant reload command as instructed in the readme.

jfreedrice commented 5 years ago

I will list some possible problems that were in my PowerShell prompt here. I found this mentioning an invalid user near the end of when I was first setting up the target VM, here is the output:

`target: Exiting with failure status due to previous errors
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: setting up professionallyevil.wtf
target: /var/www /opt/targets/client-side-attacks-lab/targets/cors.dem
target: chown:
target: invalid user: ‘samurai:samurai’
target: chown:
target: invalid user: ‘samurai:samurai’
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: setting up amoksecurity.wtf
target: /var/www /opt/targets/client-side-attacks-lab/targets/cors.dem
target: chown:
target: invalid user: ‘samurai:samurai’
target: chown:
target: invalid user: ‘samurai:samurai’
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: All finished!`

I read the target_bootstrap.sh file and here is what is mentioned about the default account:

Setting up professionallyevil.wtf echo 'setting up professionallyevil.wtf' pushd /var/www sudo mkdir professionallyevil sudo chown samurai:samurai professionallyevil cd professionallyevil sudo echo 'It Works ;)' > index.html sudo chown samurai:samurai index.html popd

Setting up amoksecurity.wtf echo 'setting up amoksecurity.wtf' pushd /var/www sudo mkdir amoksecurity sudo chown samurai:samurai amoksecurity cd amoksecurity sudo echo 'It Works ;)' > index.html sudo chown samurai:samurai index.html popd

This error was in red although I am not sure what it would do with it: target: debconf: delaying package configuration, since apt-utils is not installed

Seems to be some problem with the database: target: Setting up the DBs. target: target: <br>Dropping database...<br /> target: <b>Warning</b>: mysqli::__construct(): (HY000/2002): Connection refused in <b>/var/www/html/reset-db.php</b> on line <b>13</b><br /> target: <br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>14</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>15</b><br /> target: <br>Creating database...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>18</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>19</b><br /> target: <br>Creating blogs table...<br /> target: <b>Warning</b>: mysqli::__construct(): (HY000/2002): Connection refused in <b>/var/www/html/opendb.inc</b> on line <b>2</b><br /> target: <br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>29</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>30</b><br /> target: <br>Creating accounts table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>39</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>40</b><br /> target: <br>Creating hitlog table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>51</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>52</b><br /> target: <br>Populating accounts table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>65</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>66</b><br /> target: <br>Populating blogs table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>79</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>80</b><br /> target: <p>If you see no errors above, it should be done. <a href="index.php">Continue back to the frontpage.</a></body>

I already tried uninstalling all of samuraiwtf and reinstalling it from the GitHub here, so it seems to be a consistent problem. I can supply the professionallyevil.wtf/amoksecurity.wtf/cors.dem files as well if needed.

secureideas commented 5 years ago

Are you using the Next branch or master?

jfreedrice commented 5 years ago

@secureideas The master branch, is there something I missed that is important in the next branch?

secureideas commented 5 years ago

Nope. We are moving to including Ansible scripts in Next, so it changes my troubleshooting. :)

Kevin

secureideas commented 5 years ago

Ahhh figured it out here. The issue is that you created just the targets. The samurai user is built in the userenv.sh file, which is not run in a target only build. The user is vagrant:vagrant.

This will change when Next becomes master.

jfreedrice commented 5 years ago

@secureideas Thank you! That solved my issue!