tomekr/webgoat_docker.log

## webgoat_docker.log
2017-04-08 18:19:50,550 DEBUG - request: SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.context.HttpSessionSecurityContextRepository$Servlet3SaveToSessionRequestWrapper@327b42e1]
2017-04-08 18:19:50,550 DEBUG - principle: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbf4aed: Principal: org.springframework.security.core.userdetails.User@48f4806f: Username: webgoat; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_WEBGOAT_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 172.17.0.1; SessionId: 5B3BFADD84C01ABD5F7CA8614E72DB28; Granted Authorities: ROLE_WEBGOAT_ADMIN
2017-04-08 18:19:50,550 DEBUG - HH Entering Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA
Hacked admin
2017-04-08 18:19:50,551 INFO  - PARM MAP: {Screen=[Ljava.lang.String;@959919b, menu=[Ljava.lang.String;@13b39e79, Credit=[Ljava.lang.String;@36d93a0f, user=[Ljava.lang.String;@5e5d1a7f, SUBMIT=[Ljava.lang.String;@1bcd9d66}
2017-04-08 18:19:50,551 DEBUG - HH Leaving Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA
java.util.NoSuchElementException
	at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
	at org.owasp.webgoat.plugin.ChallengeScreen.getNetstatResults(ChallengeScreen.java:658)
	at org.owasp.webgoat.plugin.ChallengeScreen.doStage3(ChallengeScreen.java:310)
	at org.owasp.webgoat.plugin.ChallengeScreen.doStage2(ChallengeScreen.java:204)
	at org.owasp.webgoat.lessons.SequentialLessonAdapter.createStagedContent(SequentialLessonAdapter.java:108)
	at org.owasp.webgoat.plugin.ChallengeScreen.createContent(ChallengeScreen.java:134)
	at org.owasp.webgoat.lessons.AbstractLesson.handleRequest(AbstractLesson.java:873)
	at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:304)
	at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:148)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
Apr 08, 2017 6:19:50 PM org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/WebGoat] log
INFO: WebGoat: Sat Apr 08 18:19:50 UTC 2017 | 172.17.0.1:172.17.0.1 | org.owasp.webgoat.plugin.ChallengeScreen | [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)]
2017-04-08 18:19:50,663 DEBUG - Sat Apr 08 18:19:50 UTC 2017 | 172.17.0.1:172.17.0.1 | org.owasp.webgoat.plugin.ChallengeScreen | [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)]
2017-04-08 18:19:50,663 DEBUG - Forwarding to view: /lesson_content.jsp
2017-04-08 18:19:50,663 DEBUG - Screen: The CHALLENGE
2017-04-08 18:19:50,664 DEBUG - Leaving doPost:
2017-04-08 18:19:51,705 DEBUG - Loading source file: /.extract/webapps/WebGoat/plugin_extracted/org/owasp/webgoat/plugin/ChallengeScreen.java
2017-04-08 18:19:51,722 ERROR - Could not find solution for null
2017-04-08 18:19:51,722 INFO  - Checking if challenge authorized for: ShowHints
2017-04-08 18:19:51,722 INFO  - authorized: false
2017-04-08 18:19:51,722 INFO  - Checking if challenge authorized for: ShowHints
2017-04-08 18:19:51,723 INFO  - authorized: false
2017-04-08 18:19:51,723 INFO  - Checking if challenge authorized for: ShowHints
2017-04-08 18:19:51,723 INFO  - authorized: false
2017-04-08 18:19:51,724 INFO  - Checking if challenge authorized for: ShowHints
2017-04-08 18:19:51,724 INFO  - authorized: false
2017-04-08 18:19:51,783 ERROR - Could not find solution for null
2017-04-08 18:19:51,818 INFO  - Role: admin
2017-04-08 18:19:51,818 INFO  - Role: admin
2017-04-08 18:19:51,818 INFO  - Role: admin
2017-04-08 18:19:51,818 INFO  - Role: admin
2017-04-08 18:19:51,818 INFO  - Role: admin
2017-04-08 18:19:51,819 INFO  - Role: admin
2017-04-08 18:19:51,819 INFO  - Role: admin
2017-04-08 18:19:51,819 INFO  - Role: admin
2017-04-08 18:19:51,819 INFO  - Role: admin
2017-04-08 18:19:51,819 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
2017-04-08 18:19:51,820 INFO  - Role: admin
	2017-04-08 18:19:50,550 DEBUG - request: SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.context.HttpSessionSecurityContextRepository$Servlet3SaveToSessionRequestWrapper@327b42e1]
	2017-04-08 18:19:50,550 DEBUG - principle: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@bbf4aed: Principal: org.springframework.security.core.userdetails.User@48f4806f: Username: webgoat; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_WEBGOAT_ADMIN; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 172.17.0.1; SessionId: 5B3BFADD84C01ABD5F7CA8614E72DB28; Granted Authorities: ROLE_WEBGOAT_ADMIN
	2017-04-08 18:19:50,550 DEBUG - HH Entering Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA
	Hacked admin
	2017-04-08 18:19:50,551 INFO - PARM MAP: {Screen=[Ljava.lang.String;@959919b, menu=[Ljava.lang.String;@13b39e79, Credit=[Ljava.lang.String;@36d93a0f, user=[Ljava.lang.String;@5e5d1a7f, SUBMIT=[Ljava.lang.String;@1bcd9d66}
	2017-04-08 18:19:50,551 DEBUG - HH Leaving Session_id: B6A0AF7CFD522C5DC4481BEB50FEB6BA
	java.util.NoSuchElementException
	at java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
	at org.owasp.webgoat.plugin.ChallengeScreen.getNetstatResults(ChallengeScreen.java:658)
	at org.owasp.webgoat.plugin.ChallengeScreen.doStage3(ChallengeScreen.java:310)
	at org.owasp.webgoat.plugin.ChallengeScreen.doStage2(ChallengeScreen.java:204)
	at org.owasp.webgoat.lessons.SequentialLessonAdapter.createStagedContent(SequentialLessonAdapter.java:108)
	at org.owasp.webgoat.plugin.ChallengeScreen.createContent(ChallengeScreen.java:134)
	at org.owasp.webgoat.lessons.AbstractLesson.handleRequest(AbstractLesson.java:873)
	at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:304)
	at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:148)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)
	Apr 08, 2017 6:19:50 PM org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/WebGoat] log
	INFO: WebGoat: Sat Apr 08 18:19:50 UTC 2017 \| 172.17.0.1:172.17.0.1 \| org.owasp.webgoat.plugin.ChallengeScreen \| [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)]
	2017-04-08 18:19:50,663 DEBUG - Sat Apr 08 18:19:50 UTC 2017 \| 172.17.0.1:172.17.0.1 \| org.owasp.webgoat.plugin.ChallengeScreen \| [Screen=162777743,menu=3000,Credit=VISA-987654321,user=' or '1'='1,SUBMIT=Proceed to the next stage...(3)]
	2017-04-08 18:19:50,663 DEBUG - Forwarding to view: /lesson_content.jsp
	2017-04-08 18:19:50,663 DEBUG - Screen: The CHALLENGE
	2017-04-08 18:19:50,664 DEBUG - Leaving doPost:
	2017-04-08 18:19:51,705 DEBUG - Loading source file: /.extract/webapps/WebGoat/plugin_extracted/org/owasp/webgoat/plugin/ChallengeScreen.java
	2017-04-08 18:19:51,722 ERROR - Could not find solution for null
	2017-04-08 18:19:51,722 INFO - Checking if challenge authorized for: ShowHints
	2017-04-08 18:19:51,722 INFO - authorized: false
	2017-04-08 18:19:51,722 INFO - Checking if challenge authorized for: ShowHints
	2017-04-08 18:19:51,723 INFO - authorized: false
	2017-04-08 18:19:51,723 INFO - Checking if challenge authorized for: ShowHints
	2017-04-08 18:19:51,723 INFO - authorized: false
	2017-04-08 18:19:51,724 INFO - Checking if challenge authorized for: ShowHints
	2017-04-08 18:19:51,724 INFO - authorized: false
	2017-04-08 18:19:51,783 ERROR - Could not find solution for null
	2017-04-08 18:19:51,818 INFO - Role: admin
	2017-04-08 18:19:51,818 INFO - Role: admin
	2017-04-08 18:19:51,818 INFO - Role: admin
	2017-04-08 18:19:51,818 INFO - Role: admin
	2017-04-08 18:19:51,818 INFO - Role: admin
	2017-04-08 18:19:51,819 INFO - Role: admin
	2017-04-08 18:19:51,819 INFO - Role: admin
	2017-04-08 18:19:51,819 INFO - Role: admin
	2017-04-08 18:19:51,819 INFO - Role: admin
	2017-04-08 18:19:51,819 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin
	2017-04-08 18:19:51,820 INFO - Role: admin