downloading vulnurable sites

Discuss the many weaknesses of browser security and ways to mitigate the threat

Re: downloading vulnurable sites

Post by dark159123 on Thu Apr 01, 2010 10:31 am
([msg=37564]see Re: downloading vulnurable sites[/msg])

@sanddbox ooh... blame my english teacher :evil:

@linkero what version of windows did you try it on? i got it working on my old xp computer (i did try to connect to it through the lan but i couldnt find it), but i couldnt make it work on my new windows 7 computer
Scientia Est Sanctum

Security is not to be archieved by eliminating danger, but by learning to defend yourself against it
User avatar
dark159123
Experienced User
Experienced User
 
Posts: 71
Joined: Sun Feb 28, 2010 4:37 pm
Location: The Cyberweb
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by linkero on Thu Apr 01, 2010 10:40 am
([msg=37565]see Re: downloading vulnurable sites[/msg])

im using 32 bit win7 ultimate
linkero
New User
New User
 
Posts: 6
Joined: Thu May 22, 2008 9:18 am
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by GiSK on Fri Apr 02, 2010 6:39 am
([msg=37612]see Re: downloading vulnurable sites[/msg])

Hi there!! I'm new here, so I'm using this to introduce myself by the way :)

I've just completed 10 of the basic missions and well, I can see the need for these "vulnerable sites" to download. It's not about having total access (what would be the point then?), I think it would be interesting to be able to try more than one correct syntax.

For those of you who have done the basic missions, which I suspect, is most of you, you must have noticed that in order not to compromise this page, the code you can write is (obviously) really limited. You have to type the exact thing in order to get the exploit working, when in real life you can't find a page where you can ONLY execute a "ls ../", because that would mean that piece of code has been purposedly made possible to execute.

As hacking means (leaving ethics apart) exploiting security flaws, that wouldn't be hacking, since it's not a flaw, it's on purpose. In a real site you might use a "ls blah-blah" instead, or another wide variety of options. Since this place is meant for training, I'm sure this would come in really handy, so I would be glad to hear about these sites to.


Oh! And sorry for the off-topic, but as I'm new, I feel I've got to say I'm very excited about this site, and I'm willing to learn everything I can. Keep up with it, guys! :)
GiSK
New User
New User
 
Posts: 1
Joined: Fri Apr 02, 2010 6:26 am
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by linkero on Fri Apr 02, 2010 8:40 am
([msg=37615]see Re: downloading vulnurable sites[/msg])

@GiSK: Try the "Realistic Missions".....you will find theres more then one way to solve most of them. The point of the basic missions is to teach you different ways of exploiting the vunerabilities, its not meant to allow you to do EACH way on a single mission and such. Thus is why they are called "Basic" missions ;)


Back on topic a bit, you get it working yet dark159123?
linkero
New User
New User
 
Posts: 6
Joined: Thu May 22, 2008 9:18 am
Blog: View Blog (0)


Re: downloading vulnurable sites

Post by sanddbox on Fri Apr 02, 2010 6:30 pm
([msg=37640]see Re: downloading vulnurable sites[/msg])

GiSK wrote:For those of you who have done the basic missions, which I suspect, is most of you, you must have noticed that in order not to compromise this page, the code you can write is (obviously) really limited. You have to type the exact thing in order to get the exploit working, when in real life you can't find a page where you can ONLY execute a "ls ../", because that would mean that piece of code has been purposedly made possible to execute.


I would disagree with that. Code isn't limited; you just have to sanitize all data that is inputted.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Previous

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests