Security Challenge II re-visited - boards.ie
Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
01-03-2012, 20:37   #1
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Security Challenge II re-visited

For the people that missed it last year, here is your chance to try it yourself.

For those that previous tried it, this is two little differences. 2nd part is gone, but that part confused people anyway. Also the first part has a little twist now for thoes that previously did it.
Spoiler: You might need the assistance of a different part of the website/other challenge :-)

http://damo.clanteam.com/sch2/
Damo2k is offline  
Thanks from:
Advertisement
02-03-2012, 13:43   #2
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
I have linked the others at:

http://damo.clanteam.com

enjoy.
Damo2k is offline  
02-03-2012, 19:59   #3
900913
Registered User
 
Join Date: Mar 2011
Location: On an island between Atlantic Ocean and Irish Sea.
Posts: 328
That took me a while to realise what I was doing wrong.

Very good challenge.
Thanks
900913 is offline  
02-03-2012, 20:56   #4
900913
Registered User
 
Join Date: Mar 2011
Location: On an island between Atlantic Ocean and Irish Sea.
Posts: 328

http://damo.clanteam.com/900913.txt
900913 is offline  
02-03-2012, 22:21   #5
DonkeyStyle \o/
Closed Account
 
Join Date: Oct 2004
Posts: 6,600
Good one
Less awkward second half than last time... didn't have to look for my linux CD.

Did a double entry there ("hmm"), wasn't expecting to submit that way.
DonkeyStyle \o/ is offline  
Advertisement
04-03-2012, 21:44   #6
Zab
Registered User
 
Join Date: Feb 2002
Posts: 1,859
These were enjoyable by the way. I'd try the missing ones if that ever becomes possible in the future.
Zab is offline  
05-03-2012, 09:11   #7
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Im afraid the other ones are not really suitable for public web hosting.

Neither is this challenge really, but the worst that will happen is people can only delete/modify my site, and not others on same hosting.
Damo2k is offline  
07-03-2012, 17:55   #8
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Had to remove the image upload part, it was a bit dangerous.

So I changed this one slightly. Those of you that already did this one, you can do it again as there is some things different.
Damo2k is offline  
Thanks from:
07-03-2012, 18:31   #9
900913
Registered User
 
Join Date: Mar 2011
Location: On an island between Atlantic Ocean and Irish Sea.
Posts: 328
Completed :-)
900913 is offline  
Advertisement
07-03-2012, 19:43   #10
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Nice one :-)
Damo2k is offline  
07-03-2012, 20:04   #11
900913
Registered User
 
Join Date: Mar 2011
Location: On an island between Atlantic Ocean and Irish Sea.
Posts: 328
With every challenge I learn something new :-)

Thanks.....
900913 is offline  
08-03-2012, 01:45   #12
JimmyCrackCorn
Moderator
 
Join Date: Jan 2010
Location: Bondi Beach
Posts: 1,520
I was playing with the image upload one last night.

Since it has been removed can i confirm it was php code embedded in an image that could be executed using .php.jpg


your wifi one has me stumped though. But ill get it eventually.

Thanks,
Pat
JimmyCrackCorn is online now  
08-03-2012, 08:06   #13
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Quote:
Originally Posted by JimmyCrackCorn View Post
I was playing with the image upload one last night.

Since it has been removed can i confirm it was php code embedded in an image that could be executed using .php.jpg


your wifi one has me stumped though. But ill get it eventually.

Thanks,
Pat
Yup, your correct, that was the idea for the challenge. But it left the rest of the site vulnerable to modification/deletion
Damo2k is offline  
08-03-2012, 09:40   #14
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,022
Quote:
Originally Posted by JimmyCrackCorn View Post
your wifi one has me stumped though. But ill get it eventually.

Thanks,
Pat
Spoiler: Eircom Jimi Hendrix
Damo2k is offline  
Thanks from:
12-03-2012, 09:55   #15
JimmyCrackCorn
Moderator
 
Join Date: Jan 2010
Location: Bondi Beach
Posts: 1,520
Still setting in in oz ill be back to normal and have a crack later in the week.
JimmyCrackCorn is online now  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet