-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
executable file
·106 lines (95 loc) · 7.21 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
/**
* ----------------------------------------------------------------
* OWASP Hackademic Challenges Project
* ----------------------------------------------------------------
* Copyright (C) 2010-2011
* Andreas Venieris [[email protected]]
* Anastasios Stasinopoulos [[email protected]]
* ----------------------------------------------------------------
*/
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<head>
<title>OWASP Hackademic Sample Challenges</title>
<link rel="stylesheet" type="text/css" href="main.css" />
</head>
<br/>
<br/>
<br/>
<h1 class="style6"><a href="challenge_4/sql-connections/setup-db.php"><font size=4>Setup Database for challenge 4</font></a><br/></h1>
<h1 class="style6"><a href="challenge_7/sql-connections/setup-db.php"><font size=4>Setup Database for challenge 7</font></a></h1>
<font/></br></br>
<br/>
<body>
<table style="width: 100%" align="center" class="style7">
<tr>
<td class="style9" style="width: 123px"> </td>
<td class="style2">
<img src='challogox.png' /></td>
</tr>
<tr>
<td class="style2" style="width: 123px"><a href="about.php">Sample</a></td>
<td class="style8">
<h1 class="style6"><br/>OWASP Hackademic Challenges Sample</h1>
</td>
</tr>
<tr>
<td class="style2" style="width: 123px">Challenge_1 </td>
<td class="style2"><p> <br />A Friend of your's is a great football fan, he has newly created a website [ <a href="challenge_1/" target="_blank"> FootbalLovers</a> ] and has challenged you to find out the admin login credentials. All you have to do is find out the login credentials of the website.<br/><br /> Hint : Images can reveal way too much. <br /> Tag : Medium (Source code + steganography + Cryptography)</p> <br />
</tr>
<tr>
<tr>
<td class="style2" style="width: 123px">Challenge_2 </td>
<td class="style2"><p> <br /> You are the Senior Network Engineer of the company. You have just came to know from your sources that an employee of your company has been giving out some Company related information and admin credentials for Money. You as a Network Manager just have to had the traffic details during the period (which was just 1 to 2 minutes ago), the information which was being passed through an instant chat messenger via audio or video conferencing only. Now, what you have to do is crack the admin login panel of this [ <a href="challenge_2/" target="_blank">UnderConstruction</a> ] search for a pcap file, analyse that file, decode the hidden credentials and log in as an Admin on this page so that you can change the admin details as soon as possible. Hurry up, You have limited Time for this challenge.<br /> <br /> Tag : Medium (Path Disclosure + Wireshark Packet analysis)</p><br />
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_3 </span></td>
<td class="style2"><br />Your Best Friend has started a new e-commerce startup, and he has just launched up a new website <a href="challenge_3/" target="_blank">DeskTest.</a> He has asked you to find out some critical vulnerabilities on it.<br /><br />Tag : Easy (Post request) </p><br />
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_4 </span></td>
<td class="style2"><p> <br />A Web Developer has made his best out to secure his website from various injection attacks by using various filters and even thinks that even the best hacker couldn't break into his site. Prove him wrong. Link : <a href="challenge_4/" target="_blank">SITE.</a> However, you have been just using the system which has a user already logged in. So, first you have to inject the website to get the admin credentials and then search for the admin login page [Hint : You wouldn't even find the admin page by using a search engine as search bots have been excluded]. Common give it a try, All the Best !! <br /> <br />Tag : Medium (GET Advanced sql injection : Robots.txt)</p><br /></td>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_5 </span></td>
<td class="style2"><br /><p> You are working as an UnderCover Agent for a mission, and almost close to complete the mission successfully. You were following a criminal and you have the complete proof of him being accussed of the charge. He is currently residing in a resort, but the resort Officials are not revealing any information about him [ or any customer ]. You too can't reveal your identity. So all you have to do know is inject into the website, get information and details about the victim. Don't Worry about the Ethics and stuffs, that will be taken care off. <br /> <br /> <a href="challenge_5/" target="_blank"> Under Construction</a> "<strong>Tag : XSS!</strong>".</p><br />
</td>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_6 </span></td>
<td class="style2"><p><br /> <a href="challenge_6/" target="_blank">Under Construction</a> </p>
<p> message "<strong>Tag : XSS!</strong>". .</p><br />
</td>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_7 </span></td>
<td class="style2"><br /><p>Government officials have discovered a paid website, which might have illegal activities covering under them, and they have hired you to get the admin login details of this <a href="challenge_7/" target="_blank">SITE</a>. However, they have solved this to an extent and have caught a regular user of the website. He has revealed his username and password { username : scrtusr & password : mint_cinnamon} however he is not revealing anything else and this bit of information wan't enough to inject into the website and get to the user's profile and to get admin login details . So, now you have to find out the admin credentials and hand it over to the government officials, so that they can carry out some security checks.<br />Hint : Wanna have a Cookie ??<br/><br />Tag : Hard (Sqli WAF + User agent Spoofing)</p><br />
</td>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_8 </span></td>
<td class="style2"><br /><p> You just came across this website <a href="challenge_8/" target="_blank">UnderConstruction</a> <br/> Hint : input the ID as parameter with numeric value </p>
<p> Tag : Hard(Filtered GET-Based sqli)</p><br />
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_9 </span></td>
<td class="style2"><p> <br /> You as a member of <a href="challenge_9/" target="_blank">UnderConstruction<br /></a> <br />Tag : Medium (Sqli WAF filter + Shell Upload) </p><br />
</td>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge_10 </span></td>
<td class="style2"><p> <br />OS command injection <a href="challenge_10/" target="_blank">UnderConstruction</a>. <br /> <br /> <br /> Tag : Medium (OS Command inection + HTML injection) </a>.</p><br/>
</tr>
<tr>
<td class="style2" style="width: 123px"><span >Challenge 11 </span></td>
<td class="style2"><p><br/> <br /> The messyhackers !<br/> <br /><a href="challenge_11/" target="_blank">UnderConstruction</a><br /><br/>Tag : Medium(Command execution via netcat or Metasploit + PHP backdoor shelling :D)<br/></p><br/>
</tr>
</table>
<div class="style1">
<br>
<p class="owaspSupport">Supported by OWASP<br><br>
<img src="index.jpeg"><br>
</p>
</body>
</html>