I am following the Metasploit Unleashed Tutorial – however I am experiencing problems creating the “Vulnerable Web app” (Chapter 2 – Required Materials)
I have created a Windows XP VM using the FDCC virtual hard disk.I have
Turned off the firewall
Turned off automatic updates
Installed SQL Server 2005 Express
Made SQL Server 2005 Express available on the network
Installed SQL Server Management Studio
Created the database “WebApp” as instructed
Granted db_owner permissions to the ASPNET account
Create the web application by cutting and pasting the code from the tutorial into the following three files
C:\Inetpub\wwwroot\Default.aspx
C:\Inetpub\wwwroot\Default.aspx.cs
C:\Inetpub\wwwroot\Web.config
However when I try to access the web page I get a 401.1 error message “You are not authorized to view this page”.This occurs when I try to access the web application from the host machine or a networked computer.
I have viewed the permissions in IIS.The Default web site is configured for anonymous access using the IUSR_FDCC_XP_VHD account.This account does have the right to logon locally.
I have run the Permissions Wizard on the default website but I am still getting the 401.1 error messages.
I have also granted specific "Read and Execute" Permissions for the IUSR_FDCC_XP_VHD account on the following folders:
C:\Inetpub
C:\Inetpub\wwwroot
I have added the IUSR_FDCC_XP_VHD user account to the Users group
I have changed the password for the IUSR_FDCC_XP_VHD user account and then manually entered the password into IIS (and unticked the box which lets IIS control the password)
But still I am getting the 401.1 errors. Any suggestions gratefully received.
Apologies for the frequent updates....I am trying hard to resolve this problem.
I have found that if I remove the IUSR_FDDC_XP_VHD account from Guests and I can now access the web page.....although I suspect this is insecure. Has anyone else had similar problems with IIS 5.1?
wiganbotch
3 Posts
Metasploit Unleashed – Vulnerable Web App
Apr 11, 2012 06:49 AM|LINK
I am following the Metasploit Unleashed Tutorial – however I am experiencing problems creating the “Vulnerable Web app” (Chapter 2 – Required Materials)
I have created a Windows XP VM using the FDCC virtual hard disk. I have
Turned off the firewall
Turned off automatic updates
Installed SQL Server 2005 Express
Made SQL Server 2005 Express available on the network
Installed SQL Server Management Studio
Created the database “WebApp” as instructed
Granted db_owner permissions to the ASPNET account
Create the web application by cutting and pasting the code from the tutorial into the following three files
C:\Inetpub\wwwroot\Default.aspx
C:\Inetpub\wwwroot\Default.aspx.cs
C:\Inetpub\wwwroot\Web.config
However when I try to access the web page I get a 401.1 error message “You are not authorized to view this page”. This occurs when I try to access the web application from the host machine or a networked computer.
I have viewed the permissions in IIS. The Default web site is configured for anonymous access using the IUSR_FDCC_XP_VHD account. This account does have the right to logon locally.
I have run the Permissions Wizard on the default website but I am still getting the 401.1 error messages.
Any suggestions would be gratefully received.
Regards
Paul
wiganbotch
3 Posts
Re: Metasploit Unleashed – Vulnerable Web App
Apr 11, 2012 07:21 AM|LINK
I have also granted specific "Read and Execute" Permissions for the IUSR_FDCC_XP_VHD account on the following folders:
C:\Inetpub
C:\Inetpub\wwwroot
I have added the IUSR_FDCC_XP_VHD user account to the Users group
I have changed the password for the IUSR_FDCC_XP_VHD user account and then manually entered the password into IIS (and unticked the box which lets IIS control the password)
But still I am getting the 401.1 errors. Any suggestions gratefully received.
wiganbotch
3 Posts
Re: Metasploit Unleashed – Vulnerable Web App
Apr 11, 2012 07:50 AM|LINK
Apologies for the frequent updates....I am trying hard to resolve this problem.
I have found that if I remove the IUSR_FDDC_XP_VHD account from Guests and I can now access the web page.....although I suspect this is insecure. Has anyone else had similar problems with IIS 5.1?