From Technologia Incognita
CTF-practice-evening:2014-01-13
|
Date
|
2014/01/13
|
Time
|
|
Location
|
Tech Inc
|
Type
|
Workshop
|
Contact
|
Melanie
|
Capture The Flag evening - Part 4
- 13 January, 2014 - 8 PM
- Please bring along a laptop with you!!!
General CTF Info
Our 1st CTF
- Positive Hack Days (PhD) qualifier
- Let's meet at Tech Inc on Saturday
Web hacking!!!!
- Julius is talking about OWASP and Web Hacking this evening
- Topics: brute force, SQL injections, Network eavesdropping, XSS, Session hijacking
- Afterwards, Stef did some web hacking demonstrations, using Certified Secure
- Challenge: Herman Vluchtbeveiliging
- Add a single quote at the end of a URL to see if it breaks
- Can we request a specific page? Example: pagina=/etc/passwd
- This doesn't work, but we get enough information to be able to see where it's located in the filesystem
- With some directory traversal, we can dump the password file
- Challenge: Security Shop
- We can exploit the Search Product field
- Once again, we want to cause an error that gets information from the backend.. we can use a single quote again
- This indeed gives us the SQL query, including part of the database schema
- You can use UNION to concatenate two adjacent tables
- We can try using UNION SELECT 1 --
- We can see from the error message that the UNION isn't matching up with a table w/ 5 columns
- We can now try using UNION SELECT 1,2,3,4 --
- Another query that works often is VERSION()
- If we replace 3 with VERSION(), we can now see the Ubuntu version running
Informational Links
Web-Hacking Wargames