Wednesday, 1 June 2011

Using O2 to exploit HacmeBank

Just posted this to the o2 mailing list:

Hi ..., no worries about being confused, O2 is VERY confusing for new users :)

On HacmeBank have you seen the O2 Scripts that automate a number of its exploits?

Here are a couple pointers for you to start:
Other resources:

Finally here is a exercise for you:

"...reuse this HacmeBank IE Automation script

public API_HacmeBank login(string userName, string password)
return this;

on this script (instead of the Altoro SQLi)

(the SQLi script above will fuzz the login sequence and take a screenshot after each request
Note that the scripts above are the ones that you will find on your local C:\O2\O2Scripts_Database\_Scripts folder