From Technologia Incognita
Jump to: navigation, search
Date 2014/01/13
Location Tech Inc
Type Workshop
Contact Melanie

Capture The Flag evening - Part 4

  • 13 January, 2014 - 8 PM
  • Please bring along a laptop with you!!!

General CTF Info

Our 1st CTF

  • Positive Hack Days (PhD) qualifier
  • Let's meet at Tech Inc on Saturday
    • Jan 25 - 10 AM
    • TODO: Add to Tech Inc event list
    • Sunday is the Tech Inc ALV, so things won't be as organised that day..

Web hacking!!!!

  • Julius is talking about OWASP and Web Hacking this evening
    • Topics: brute force, SQL injections, Network eavesdropping, XSS, Session hijacking
  • Afterwards, Stef did some web hacking demonstrations, using Certified Secure
    • Challenge: Herman Vluchtbeveiliging
      • Add a single quote at the end of a URL to see if it breaks
      • Can we request a specific page? Example: pagina=/etc/passwd
      • This doesn't work, but we get enough information to be able to see where it's located in the filesystem
      • With some directory traversal, we can dump the password file
    • Challenge: Security Shop
      • We can exploit the Search Product field
      • Once again, we want to cause an error that gets information from the backend.. we can use a single quote again
      • This indeed gives us the SQL query, including part of the database schema
      • You can use UNION to concatenate two adjacent tables
      • We can try using UNION SELECT 1 --
      • We can see from the error message that the UNION isn't matching up with a table w/ 5 columns
      • We can now try using UNION SELECT 1,2,3,4 --
      • Another query that works often is VERSION()
      • If we replace 3 with VERSION(), we can now see the Ubuntu version running
      • USER() also leaks information
      • Trial and error works pretty well here… we need to select things from other tables.. we can guess what these tables might be called
      • You can query the password this way

Informational Links

Web-Hacking Wargames