Re: LAMPSecurity Capture the Flag

[Brian J Smith-Sweeney <bsmithsweeney () NYU EDU>]

Awesome Justin!  I've just recently been having conversations with a
peer about tools they could use to get up to speed on performing
vulnerability assessments.  Will definitely give this a look.

Cheers,
Brian

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney                                     Assistant Director
ITS Technology Security Services, New York University
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


On Wed, Jan 9, 2013 at 8:37 AM, Justin C. Klein Keane
<jukeane () sas upenn edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello all,
>
>   yesterday I released the latest in a series of capture the flag
> exercises as part of the LAMP Security project, hosted at
> SourceForge.net (read: free training!).  This exercise was run at the
> Philadelphia OWASP chapter meeting.  It includes a full virtual
> machine image with custom and open source web applications that
> demonstrate a number of common web application vulnerabilities and
> misconfigurations.  The goal of the exercise is to break into the
> target and get access to the root account with no prior information
> about the target.  The exercise includes a full 43 page PDF
> walk-through that is suited for folks of all levels of technical
> expertise.  You can complete the exercise with or without the
> walk-through.  The exercise uses the BackTrack Linux distribution to
> demonstrate a number of open source testing tools that you can use in
> your own organization as well as highlight the strengths and
> weaknesses of each tool.  Download the exercise if you want to:
>
> * Break into a system with permission
> * Learn more about web application vulnerabilities
> * Play with open source testing tools in a safe environment
> * Understand why tools like SQLMap are so dangerous
> * Understand why SQLMap sucks
> * Benchmark your own commercial testing tools
> * Confound yourself with virtual network settings
> * Have some fun and hopefully learn something
>
> You can download the exercise from
> https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/CTF7/.
>  Any and all feedback is appreciated.
>
> Cheers,
> - --
> Justin C. Klein Keane, MA MCIT
> Information Security
> University of Pennsylvania, School of Arts & Sciences
>
> The PGP signature on this email can be verified using the public key at
> https://sites.sas.upenn.edu/kleinkeane
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJQ7XKGAAoJEIH7slQlJAgK95AP/0feQfQqJ4LVKDXIRcGWK/Gy
> 8RIkBbDdpmYE7cE61MmCKNzF30BnjaY9pD9llpcYGNmo4wAqam/jQ6vs+mJTIT3R
> oALH9NxR3iUc6aaGCAzg/Js6q9f0bMoaCSp98o1lh0oXWA6R5gZ0xkW4WXSdZvTe
> 7tHqUqvK4wu9d5fWF8TwqgNyi4hMAK+UzXc7inME4OdYvFw0Hr4RMuNlLFjmfexx
> TSLe5Z+/Si4fDwbNINhtyRTm4+CZhAkAS3OmDt1YIEyRvhXtuVAoQFeTvK834+gY
> CGtVLBSMRqtLeU4YHdQdOTsuXQuif8Kries0dciz4se/aHq/97fsnLHCZXPUjlFg
> EFXqIRaNv53B1saU+MTt7Go3SHKlwAr+dJkXecgnD/X8oE7zuvfl4PKBqh2KRZfj
> CeyUEkk9EvTVN8uVsOsAgT/tOxtRpldvJ94+v4mv3ict3HbXonsgfRoMh8GCZH2O
> /qdLlZ0z1D8MjaZ2BCktrqvr7fuaYDMmsdjOF3G1n1hnmxeSoWDjF8dV1RYQ2Rhx
> TNxIpUb2AMZ7/CKvqUDGdAHD3CIa1w4d1t1BThvVbBm7RmFFmbK46Yy6e0ZgtA62
> Qx7B8P6VMFqDIBBkJ7aDp5IQH0Tfdw9btBVAUZte8l8GOyLZfP2u/m/vSmvmI6Ui
> fCepLREbsM4MMkIkftzS
> =q9xk
> -----END PGP SIGNATURE-----