Capture The Flag evening - Part 4

General CTF Info

Positive Hack Days (PhD) qualifier
- 48 hours: Jan. 25, 2014, 8 a.m. — Jan. 27, 2014, 8 a.m.
- http://quals.phdays.ru/
- TODO: Add to Tech Inc event list

Stuff to prepare
- Stepping stone box (for storing tools, and allowing lots of people access)
- Edit pad - etherpad or https://quadpad.lqdn.fr
  - We will want to archive this afterwards, for write-ups and stuff
- IRC channel - create a password-protected #techinc-ctf channel
We have a mailing list already - http://technologia-incognita.nl/cgi-bin/mailman/listinfo/ctf

Julius is talking about OWASP and Web Hacking this evening
- Topics: brute force, SQL injections, Network eavesdropping, XSS, Session hijacking

Afterwards, Stef did some web hacking demonstrations, using Certified Secure
Challenge: Herman Vluchtbeveiliging
- Add a single quote at the end of a URL to see if it breaks
- Can we request a specific page? Example: pagina=/etc/passwd
- This doesn't work, but we get enough information to be able to see where it's located in the filesystem
- With some directory traversal, we can dump the password file
Challenge: Security Shop
- We can exploit the Search Product field
- Once again, we want to cause an error that gets information from the backend.. we can use a single quote again
- This indeed gives us the SQL query, including part of the database schema