Jump to content


Photo

Challenge: IGOR000


  • Please log in to reply
1 reply to this topic

#1 Ohm

Ohm

    I could have written a book with all of these posts

  • Members
  • 3,209 posts
  • Gender:Male
  • Location:Maine, USA

Posted 26 September 2009 - 11:34 AM

Ignorant Igor, the fledgling web application programmer, has created his very own forums in PHP/MySQL. He's worked hard on this, and he thinks they're just perfect. Your task throughout these challenges is to prove him wrong by poking holes in his hard work.

This is a series of challenges. Exploit only the vulnerabilities asked of you in the challenge, you may find others but they'll be addressed in further challenges.

But first, you'll need to be able to run his software on your computer. We can't very well install software like this on the Binrev server, unless we want a repeat of last July ;) To do this, you'll need the traditional LAMP setup. On Linux, this is quite easy to install. Install Apache, MySQL and PHP5. Most distributions make this very easy for you. On Windows, there are several pre-packaged install programs that will set all this up for you, including XAMPP. If anyone has any specific experience with a distro or package like XAMPP, feel free to reply with instructions.

All the web applications included are protected with a .htpasswd file, forcing HTTP authentication. This is done to prevent anyone poking around in your network from discovering this (quite vulnerable) software. The username and password you use here is always igor/igor.. If you're paranoid, use a firewall and/or change this username and password in the .htpasswd file.

So the challenge here is simple, set up a LAMP server. You should also have a way of executing SQL statements from the command-line stored in a file. This is the way Igor sets up his database (no sophisticated PHP scripts yet!) so this is how you should be doing it. I suspect many of you are already finished, but this challenge is here so everyone is on the same page.

#2 bcrscahh198987

bcrscahh198987

    Mack Daddy 31337

  • Members
  • 211 posts
  • Location:Ur rektumm

Posted 25 October 2009 - 08:09 AM

What skills or knowledge do you need to win this challange?

Knowing linux, php, mysql, and web protocols?

Edited by bcrscahh198987, 25 October 2009 - 08:10 AM.





BinRev is hosted by the great people at Lunarpages!