Exploiting. Part 2: Web & OS

We discuss several cybersecurity subjects in a practical manner:

• Web application endpoint discovery

• Web static analysis

• Injection Attacks

• OS exploitation

Slides for this session:

• handout

• handout_4on1_notes

• handout_8on1

Tasks

1. Instal dirb and wordlists via the following command:

   sudo apt install dirb wordlists
   

   Use the /usr/share/dirb/wordlists/common.txt wordlist and perform endpoint brute-forcing.

   The target is http://141.85.224.104:40000.

2. The more you look at it, the less you see. This target is a silent-speaker.

   There might invisible things embedded in the web page.

   See if you can GET some file.

   The file that you want is located under the /flag path.

   Your target is http://141.85.224.104:40001/index.php.

3. Give me a fixed ping and I will give the whole flag.

   1. Access http://141.85.224.104:40002/index.php and read the /flag file.

   2. Previous one was easy.

      Can you still do it when some characters are stripped?

      Access http://141.85.224.104:40002/harder.php and read the same /flag file again.

4. Could you please inject some sql into this target? Keep it simple. Like… really simple.

   At http://141.85.224.104:40003/index.php there is a vulnerable login page.

   You can login as ctf with password ctf.

   However, the ctf user does not have access to any interesting information.

   Can you find out the secret of user admin?

5. Download the vulnerable virtual machine Ubuntu10-exploit.zip. Login as student with password student. Try to exploit the kernel to obtain root shell. Alternatively, you can download Ubuntu 10.04 desktop amd64 and set it up into your own virtual machine.

   Hint: Exploit Database is an archive of public exploits corresponding to vulnerable software.

(Bonus): Do as many challenges from https://alf.nu/alert1 as you can :)