Created
April 8, 2017 18:21
-
-
Save tomekr/780064c917871940050bf9cf65a8961f to your computer and use it in GitHub Desktop.
webgoat docker log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2017-04-08 18:19:50,550 DEBUG - request: SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.context.HttpSessionSecurityContextRepository$Servlet3SaveToSessionRequestWrapper@327b42e1] | |
2017-04-08 18:19:50,550 DEBUG - principle: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbf4aed: Principal: org.springframework.security.core.userdetails.User@48f4806f: Username: webgoat; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_WEBGOAT_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 172.17.0.1; SessionId: 5B3BFADD84C01ABD5F7CA8614E72DB28; Granted Authorities: ROLE_WEBGOAT_ADMIN | |
2017-04-08 18:19:50,550 DEBUG - HH Entering Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA | |
Hacked admin | |
2017-04-08 18:19:50,551 INFO - PARM MAP: {Screen=[Ljava.lang.String;@959919b, menu=[Ljava.lang.String;@13b39e79, Credit=[Ljava.lang.String;@36d93a0f, user=[Ljava.lang.String;@5e5d1a7f, SUBMIT=[Ljava.lang.String;@1bcd9d66} | |
2017-04-08 18:19:50,551 DEBUG - HH Leaving Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA | |
java.util.NoSuchElementException | |
at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) | |
at org.owasp.webgoat.plugin.ChallengeScreen.getNetstatResults(ChallengeScreen.java:658) | |
at org.owasp.webgoat.plugin.ChallengeScreen.doStage3(ChallengeScreen.java:310) | |
at org.owasp.webgoat.plugin.ChallengeScreen.doStage2(ChallengeScreen.java:204) | |
at org.owasp.webgoat.lessons.SequentialLessonAdapter.createStagedContent(SequentialLessonAdapter.java:108) | |
at org.owasp.webgoat.plugin.ChallengeScreen.createContent(ChallengeScreen.java:134) | |
at org.owasp.webgoat.lessons.AbstractLesson.handleRequest(AbstractLesson.java:873) | |
at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:304) | |
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:148) | |
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) | |
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) | |
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) | |
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) | |
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) | |
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) | |
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) | |
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) | |
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) | |
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) | |
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) | |
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) | |
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) | |
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) | |
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) | |
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) | |
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) | |
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) | |
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) | |
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) | |
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683) | |
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) | |
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) | |
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) | |
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) | |
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) | |
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) | |
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) | |
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) | |
at java.lang.Thread.run(Thread.java:745) | |
Apr 08, 2017 6:19:50 PM org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/WebGoat] log | |
INFO: WebGoat: Sat Apr 08 18:19:50 UTC 2017 | 172.17.0.1:172.17.0.1 | org.owasp.webgoat.plugin.ChallengeScreen | [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)] | |
2017-04-08 18:19:50,663 DEBUG - Sat Apr 08 18:19:50 UTC 2017 | 172.17.0.1:172.17.0.1 | org.owasp.webgoat.plugin.ChallengeScreen | [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)] | |
2017-04-08 18:19:50,663 DEBUG - Forwarding to view: /lesson_content.jsp | |
2017-04-08 18:19:50,663 DEBUG - Screen: The CHALLENGE | |
2017-04-08 18:19:50,664 DEBUG - Leaving doPost: | |
2017-04-08 18:19:51,705 DEBUG - Loading source file: /.extract/webapps/WebGoat/plugin_extracted/org/owasp/webgoat/plugin/ChallengeScreen.java | |
2017-04-08 18:19:51,722 ERROR - Could not find solution for null | |
2017-04-08 18:19:51,722 INFO - Checking if challenge authorized for: ShowHints | |
2017-04-08 18:19:51,722 INFO - authorized: false | |
2017-04-08 18:19:51,722 INFO - Checking if challenge authorized for: ShowHints | |
2017-04-08 18:19:51,723 INFO - authorized: false | |
2017-04-08 18:19:51,723 INFO - Checking if challenge authorized for: ShowHints | |
2017-04-08 18:19:51,723 INFO - authorized: false | |
2017-04-08 18:19:51,724 INFO - Checking if challenge authorized for: ShowHints | |
2017-04-08 18:19:51,724 INFO - authorized: false | |
2017-04-08 18:19:51,783 ERROR - Could not find solution for null | |
2017-04-08 18:19:51,818 INFO - Role: admin | |
2017-04-08 18:19:51,818 INFO - Role: admin | |
2017-04-08 18:19:51,818 INFO - Role: admin | |
2017-04-08 18:19:51,818 INFO - Role: admin | |
2017-04-08 18:19:51,818 INFO - Role: admin | |
2017-04-08 18:19:51,819 INFO - Role: admin | |
2017-04-08 18:19:51,819 INFO - Role: admin | |
2017-04-08 18:19:51,819 INFO - Role: admin | |
2017-04-08 18:19:51,819 INFO - Role: admin | |
2017-04-08 18:19:51,819 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin | |
2017-04-08 18:19:51,820 INFO - Role: admin |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment