Wednesday, 1 June 2011

Using O2 to exploit HacmeBank

Just posted this to the o2 mailing list:

Hi ..., no worries about being confused, O2 is VERY confusing for new users :)

On HacmeBank have you seen the O2 Scripts that automate a number of its exploits?

Here are a couple pointers for you to start:
Other resources:

Finally here is a exercise for you:

"...reuse this HacmeBank IE Automation script

public API_HacmeBank login(string userName, string password)
{
loginPage();
ie.field("txtUserName").value(userName);
ie.field("txtPassword").value(password);
ie.button("Submit").click();
return this;
}

on this script (instead of the Altoro SQLi)



(the SQLi script above will fuzz the login sequence and take a screenshot after each request
..."
Note that the scripts above are the ones that you will find on your local C:\O2\O2Scripts_Database\_Scripts folder
Post a Comment