💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  • Importance of debugging
  • Sample code
  • Debugging
  • Remote Debugging
  1. Code review
  2. Manual code review

Debugging

Importance of debugging

Debugging is a great way to understand the application flow during the application penetration test and monitor the input we provide in order to reach our objectives.

Sample code

Below we can find sample Java program which takes the input from the user and plays with him in guessing game.

User provide the number and program tells him is it too low or to high until he wins.

import java.util.Random;
import java.util.Scanner;

public class RandomNumberGame {
    public static void main(String[] args) {
        Scanner scanner = new Scanner(System.in);
        Random random = new Random();
        
        // Define the range for the random number
        int min = 1;
        int max = 100;
        int randomNumber = random.nextInt(max - min + 1) + min;

        System.out.println("Welcome to the Random Number Game!");
        System.out.println("I have chosen a number between " + min + " and " + max + ". Can you guess it?");

        int userGuess = 0;
        while (userGuess != randomNumber) {
            System.out.print("Enter your guess: ");
            userGuess = scanner.nextInt();

            if (userGuess < randomNumber) {
                System.out.println("Too low! Try again.");
            } else if (userGuess > randomNumber) {
                System.out.println("Too high! Try again.");
            } else {
                System.out.println("Congratulations! You guessed the number: " + randomNumber);
            }
        }

        scanner.close();
    }
}

Debugging

In order to debug the application we click the Run and Debug button at the top left side of the screen.

In order to pause the program on the chosen line we have to select it before clicking the button. In the screenshot below breakpoints are set to line 12 and 13.

After setting the breakpoints application runs and stops at the line 12. In order to go to the next breakpoint we press "Step Over" button at the top of the screen.

Due to debugging we are able to see the values of the variables we could not see otherwise. For example when application stops at breakpoint set at line 13 at the left side of the screen we can see the local variables. One of them is randomNumber which is visible only during debugging. In this case debugging allows us to see the number which is required to win and complete the game.

Remote Debugging

Remote Debugging is a funcionality which enables us to debug a process running on a remote system.

PreviousSearching for exploitsNextDecompilation

Last updated 5 months ago