Full Disclosure mailing list archives
LAMPSecurity.org Capture the Flag Exercise
From: "Justin C. Klein Keane" <justin () madirish net>
Date: Tue, 12 May 2009 17:49:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm happy to announce that the second installment (cryptically called CTF5) of LAMPSecurity.org's capture the flag series of exercises is now available. This edition is novel in that it includes a 0-day exploit that can be used (indirectly) to gain root. This is a training exercise released in support of the educational mission of LAMPSecurity.org. The exercise is modeled after many of the exercises that are presented in expensive commercial training courses, except it's free, of course. Unlike tools like OWASP's WebGoat, LAMPSecurity.org's capture the flag exercise consists of a full, vulnerable, virtual machine (VMWare's free Player is required). This allows users to explore vulnerabilities at every level of the LAMP stack. The first exercise includes an "attack" VM as well, with tools pre-installed (where possible). It also includes over 60 pages of step-by-step documentation so no prior experience is necessary (although the documentation only outlines one of several routes to root compromise). The exercise is designed to educate system administrators and developers on some common dangers and mis-configurations facing Linux,Apache,MySQL, PHP (LAMP) applications. Further details, including the documentation, are available at http://lampsecurity.org/capture-the-flag-5. The vulnerable virtual machine and attack image are available from SourceForge at https://sourceforge.net/projects/lampsecurity/. Constructive feedback is of course welcome. Thank you and enjoy. - -- Justin C. Klein Keane http://www.MadIrish.net http://www.LAMPSecurity.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBSgnu0ZEpbGy7DdYAAQL8CQb+LaIBqQzRJuX3gvEe/XdLaxFbaGMlgrTj WT7ma76x3RhJHU12pkWEynrlU8Jc2FHx9EY3J+PHS121WqeSR/XKAtx9pi9HIeUA +uBXaJ1IEdwRPeuquxyJjXswzbzJ7ae9aKI4uLPWYPt4ZD+K7QHNx2S/HmuLFsSL E0p4gcYpd7so7RQ/Ol3R6fh713c743FuQlDLG785vqY5fEgg2Kw93RcOO35YMa0A VmrL1KmQMvE+jOYi2Xf4r2XW0lqzddHsMnPU9IsBZLlqSd3h7XDIojNfS7zdPzZL ux+wPuOydqc= =VWDy -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- LAMPSecurity.org Capture the Flag Exercise Justin C. Klein Keane (May 12)