Educause Security Discussion mailing list archives
LAMPSecurity Capture the Flag
From: "Justin C. Klein Keane" <jukeane () SAS UPENN EDU>
Date: Wed, 9 Jan 2013 08:37:10 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, yesterday I released the latest in a series of capture the flag exercises as part of the LAMP Security project, hosted at SourceForge.net (read: free training!). This exercise was run at the Philadelphia OWASP chapter meeting. It includes a full virtual machine image with custom and open source web applications that demonstrate a number of common web application vulnerabilities and misconfigurations. The goal of the exercise is to break into the target and get access to the root account with no prior information about the target. The exercise includes a full 43 page PDF walk-through that is suited for folks of all levels of technical expertise. You can complete the exercise with or without the walk-through. The exercise uses the BackTrack Linux distribution to demonstrate a number of open source testing tools that you can use in your own organization as well as highlight the strengths and weaknesses of each tool. Download the exercise if you want to: * Break into a system with permission * Learn more about web application vulnerabilities * Play with open source testing tools in a safe environment * Understand why tools like SQLMap are so dangerous * Understand why SQLMap sucks * Benchmark your own commercial testing tools * Confound yourself with virtual network settings * Have some fun and hopefully learn something You can download the exercise from https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/CTF7/. Any and all feedback is appreciated. Cheers, - -- Justin C. Klein Keane, MA MCIT Information Security University of Pennsylvania, School of Arts & Sciences The PGP signature on this email can be verified using the public key at https://sites.sas.upenn.edu/kleinkeane -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQ7XKGAAoJEIH7slQlJAgK95AP/0feQfQqJ4LVKDXIRcGWK/Gy 8RIkBbDdpmYE7cE61MmCKNzF30BnjaY9pD9llpcYGNmo4wAqam/jQ6vs+mJTIT3R oALH9NxR3iUc6aaGCAzg/Js6q9f0bMoaCSp98o1lh0oXWA6R5gZ0xkW4WXSdZvTe 7tHqUqvK4wu9d5fWF8TwqgNyi4hMAK+UzXc7inME4OdYvFw0Hr4RMuNlLFjmfexx TSLe5Z+/Si4fDwbNINhtyRTm4+CZhAkAS3OmDt1YIEyRvhXtuVAoQFeTvK834+gY CGtVLBSMRqtLeU4YHdQdOTsuXQuif8Kries0dciz4se/aHq/97fsnLHCZXPUjlFg EFXqIRaNv53B1saU+MTt7Go3SHKlwAr+dJkXecgnD/X8oE7zuvfl4PKBqh2KRZfj CeyUEkk9EvTVN8uVsOsAgT/tOxtRpldvJ94+v4mv3ict3HbXonsgfRoMh8GCZH2O /qdLlZ0z1D8MjaZ2BCktrqvr7fuaYDMmsdjOF3G1n1hnmxeSoWDjF8dV1RYQ2Rhx TNxIpUb2AMZ7/CKvqUDGdAHD3CIa1w4d1t1BThvVbBm7RmFFmbK46Yy6e0ZgtA62 Qx7B8P6VMFqDIBBkJ7aDp5IQH0Tfdw9btBVAUZte8l8GOyLZfP2u/m/vSmvmI6Ui fCepLREbsM4MMkIkftzS =q9xk -----END PGP SIGNATURE-----
Current thread:
- LAMPSecurity Capture the Flag Justin C. Klein Keane (Jan 09)
- Re: LAMPSecurity Capture the Flag Brian J Smith-Sweeney (Jan 09)
- Re: LAMPSecurity Capture the Flag Drew Perry (Jan 09)
- Re: LAMPSecurity Capture the Flag David James Anderson (Jan 09)
- Re: LAMPSecurity Capture the Flag Drew Perry (Jan 09)
- Re: LAMPSecurity Capture the Flag Brian J Smith-Sweeney (Jan 09)