Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

LAMPSecurity Capture the Flag
From: "Justin C. Klein Keane" <justin () madirish net>
Date: Wed, 09 Jan 2013 08:33:36 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Warning: Gratuitous project self promotion to follow.

Hello all,

  yesterday I released the latest in a series of capture the flag
exercises as part of the LAMP Security project, hosted at
SourceForge.net.  This exercise was run at the Philadelphia OWASP
chapter meeting.  It includes a full virtual machine image with custom
and open source web applications that demonstrate a number of common
web application vulnerabilities and misconfigurations.  The goal of
the exercise is to break into the target and get access to the root
account with no prior information about the target.  The exercise
includes a full 43 page PDF walk-through that is suited for folks of
all levels of technical expertise.  You can complete the exercise with
or without the walk-through.  The exercise uses the BackTrack Linux
distribution to demonstrate a number of open source testing tools that
you can use in your own organization as well as highlight the
strengths and weaknesses of each tool.  Download the exercise if you
want to:

* Break into a system with permission
* Learn more about web application vulnerabilities
* Play with open source testing tools in a safe environment
* Understand why tools like SQLMap are so dangerous
* Understand why SQLMap sucks
* Benchmark your own commercial testing tools
* Confound yourself with virtual network settings
* Have some fun and hopefully learn something

You can download the exercise from
https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/CTF7/.
 Any and all feedback is appreciated.

Cheers,

- -- 
Justin C. Klein Keane
http://www.MadIrish.net

The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iPwEAQECAAYFAlDtcaoACgkQkSlsbLsN1gCDRQb/envkpZNuD6W/8wPqVMXXMO0H
CxlTXM1k3zNQMA64a/pnqcpC3+apZ44HcGYVVII7wEbju+GnCNbd+TjW47TTgnKc
OS0+Jpu3rCmevYtiDEuBEbsajlIJFm/t+uwkTNCiViczZ5Gb/Rq3a+cfdDsklJlf
WxjyQlKTPLtK3lknV+P2tgtF+4mNUzxmjCvYxGGjsyNSPSvRjl8SiMf/zyyjpSJI
fJ1hu4mZSdBYFUFv/d0Q3/bMPvdIH+w7N5ptRYlTNbNrbNUXIFhGMhBM3tXVZWCa
jjxSuMpKFGV+82BBu6U=
=yxZB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • LAMPSecurity Capture the Flag Justin C. Klein Keane (Jan 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault