samuraiwtf login incorrect
Closed this issue · 8 comments
I am using the u: samurai and p: samurai, but it is not taking my login information. What could be causing this issue? I installed just the target VM if that helps. Let me know if there is any other info needed to address this problem. Thanks!
Did you build using Vagrant? And did the build complete?
@secureideas Yes, I am using Vagrant v. 2.2.4 and the build did complete. It is being hosted in VirtualBox and appears to be fully functional. I even ran the vagrant reload command as instructed in the readme.
I will list some possible problems that were in my PowerShell prompt here. I found this mentioning an invalid user near the end of when I was first setting up the target VM, here is the output:
`target: Exiting with failure status due to previous errors
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: setting up professionallyevil.wtf
target: /var/www /opt/targets/client-side-attacks-lab/targets/cors.dem
target: chown:
target: invalid user: ‘samurai:samurai’
target: chown:
target: invalid user: ‘samurai:samurai’
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: setting up amoksecurity.wtf
target: /var/www /opt/targets/client-side-attacks-lab/targets/cors.dem
target: chown:
target: invalid user: ‘samurai:samurai’
target: chown:
target: invalid user: ‘samurai:samurai’
target: /opt/targets/client-side-attacks-lab/targets/cors.dem
target: All finished!`
I read the target_bootstrap.sh file and here is what is mentioned about the default account:
Setting up professionallyevil.wtf
echo 'setting up professionallyevil.wtf'
pushd /var/www
sudo mkdir professionallyevil
sudo chown samurai:samurai professionallyevil
cd professionallyevil
sudo echo 'It Works ;)' > index.html
sudo chown samurai:samurai index.html
popd
Setting up amoksecurity.wtf
echo 'setting up amoksecurity.wtf'
pushd /var/www
sudo mkdir amoksecurity
sudo chown samurai:samurai amoksecurity
cd amoksecurity
sudo echo 'It Works ;)' > index.html
sudo chown samurai:samurai index.html
popd
This error was in red although I am not sure what it would do with it:
target: debconf: delaying package configuration, since apt-utils is not installed
Seems to be some problem with the database:
target: Setting up the DBs. target: target: <br>Dropping database...<br /> target: <b>Warning</b>: mysqli::__construct(): (HY000/2002): Connection refused in <b>/var/www/html/reset-db.php</b> on line <b>13</b><br /> target: <br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>14</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>15</b><br /> target: <br>Creating database...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>18</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>19</b><br /> target: <br>Creating blogs table...<br /> target: <b>Warning</b>: mysqli::__construct(): (HY000/2002): Connection refused in <b>/var/www/html/opendb.inc</b> on line <b>2</b><br /> target: <br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>29</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>30</b><br /> target: <br>Creating accounts table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>39</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>40</b><br /> target: <br>Creating hitlog table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>51</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>52</b><br /> target: <br>Populating accounts table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>65</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>66</b><br /> target: <br>Populating blogs table...<br /> target: <b>Warning</b>: mysqli::query(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>79</b><br /> target: <br /> target: <b>Warning</b>: mysqli_error(): Couldn't fetch mysqli in <b>/var/www/html/reset-db.php</b> on line <b>80</b><br /> target: <p>If you see no errors above, it should be done. <a href="index.php">Continue back to the frontpage.</a></body>
I already tried uninstalling all of samuraiwtf and reinstalling it from the GitHub here, so it seems to be a consistent problem. I can supply the professionallyevil.wtf/amoksecurity.wtf/cors.dem files as well if needed.
Are you using the Next branch or master?
@secureideas The master branch, is there something I missed that is important in the next branch?
Nope. We are moving to including Ansible scripts in Next, so it changes my troubleshooting. :)
Kevin
Ahhh figured it out here. The issue is that you created just the targets. The samurai user is built in the userenv.sh file, which is not run in a target only build. The user is vagrant:vagrant.
This will change when Next becomes master.
@secureideas Thank you! That solved my issue!