Participate in experiment on Intrusion Detection

Discuss the many weaknesses of browser security and ways to mitigate the threat

Participate in experiment on Intrusion Detection

Post by haakjes on Sun Aug 08, 2010 11:51 am
([msg=43415]see Participate in experiment on Intrusion Detection[/msg])

Hi,


We created a system, which detects attacks on a website and creates a
list of the attackers and their skill level. Now, we have set up an
experiment to test this system and could use the help of hackers,
security professionals, crackers, script kiddies and all others with at
least some ability to compromise a website.

In this experiment, we ask you to compromise a website (which contains a
number of security problems). Then, we ask you some questions to
determine your skill level and compare this to the output of our system.

To participate in this experiment, please go to:

http://130.89.241.108


Thank you in advance,

Frank
haakjes
New User
New User
 
Posts: 2
Joined: Sun Aug 08, 2010 11:49 am
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by Goatboy on Sun Aug 08, 2010 1:21 pm
([msg=43418]see Re: Participate in experiment on Intrusion Detection[/msg])

As far as I can tell, this is legit. It asks for an email though, and I'm too lazy right now to start.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by haakjes on Sun Aug 08, 2010 2:22 pm
([msg=43424]see Re: Participate in experiment on Intrusion Detection[/msg])

Any help is much appreciated, even if you can only try for a couple of minutes. For the e-mail: I can image people do not want to give their e-mailaddress in some hacker experiment. An option would be to use Mailexpire and set up a temporary forward (set lifespan to one week).



Best,

Frank
haakjes
New User
New User
 
Posts: 2
Joined: Sun Aug 08, 2010 11:49 am
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by sanddbox on Sun Aug 08, 2010 2:46 pm
([msg=43426]see Re: Participate in experiment on Intrusion Detection[/msg])

So far this is a fun challenge. Nonpersistent XSS vulns, directory traversal...
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by Bren2010 on Sun Aug 08, 2010 4:07 pm
([msg=43428]see Re: Participate in experiment on Intrusion Detection[/msg])

^ Yeah, it is. It has a lot of tings I wouldn't really think about trying on most of the missions here.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by IncandescentLight on Sun Sep 05, 2010 8:54 pm
([msg=45069]see Re: Participate in experiment on Intrusion Detection[/msg])

Found the XSS, MySQL and directory transversal vulnerabilities. However, the directory transversal vulnerability lead to a shadowed password, to which access is blocked. If anyone could tell me, how would I get this file? Tried cookies, but did not work.
Speak softly and carry a big stick -Theodore Roosevelt

http://www.rhetoricalcatch.blogspot.com
User avatar
IncandescentLight
Poster
Poster
 
Posts: 216
Joined: Sun Apr 27, 2008 3:16 am
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by sanddbox on Sun Sep 05, 2010 10:11 pm
([msg=45072]see Re: Participate in experiment on Intrusion Detection[/msg])

IncandescentLight wrote:Found the XSS, MySQL and directory transversal vulnerabilities. However, the directory transversal vulnerability lead to a shadowed password, to which access is blocked. If anyone could tell me, how would I get this file? Tried cookies, but did not work.


You can't get the password file itself, but you can get the etc/passwd file and pretty much any other file.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Participate in experiment on Intrusion Detection

Post by IncandescentLight on Mon Sep 06, 2010 10:41 pm
([msg=45188]see Re: Participate in experiment on Intrusion Detection[/msg])

Aww... Oh well, was a fun test. See how the skills learnt here worked out in a 'real' website.
Speak softly and carry a big stick -Theodore Roosevelt

http://www.rhetoricalcatch.blogspot.com
User avatar
IncandescentLight
Poster
Poster
 
Posts: 216
Joined: Sun Apr 27, 2008 3:16 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests