1 reply to this topic

[Ohm]

Ignorant Igor, the fledgling web application programmer, has created his very own forums in PHP/MySQL. He's worked hard on this, and he thinks they're just perfect. Your task throughout these challenges is to prove him wrong by poking holes in his hard work.

This is a series of challenges. Exploit only the vulnerabilities asked of you in the challenge, you may find others but they'll be addressed in further challenges.

But first, you'll need to be able to run his software on your computer. We can't very well install software like this on the Binrev server, unless we want a repeat of last July To do this, you'll need the traditional LAMP setup. On Linux, this is quite easy to install. Install Apache, MySQL and PHP5. Most distributions make this very easy for you. On Windows, there are several pre-packaged install programs that will set all this up for you, including XAMPP. If anyone has any specific experience with a distro or package like XAMPP, feel free to reply with instructions.

All the web applications included are protected with a .htpasswd file, forcing HTTP authentication. This is done to prevent anyone poking around in your network from discovering this (quite vulnerable) software. The username and password you use here is always igor/igor.. If you're paranoid, use a firewall and/or change this username and password in the .htpasswd file.

So the challenge here is simple, set up a LAMP server. You should also have a way of executing SQL statements from the command-line stored in a file. This is the way Igor sets up his database (no sophisticated PHP scripts yet!) so this is how you should be doing it. I suspect many of you are already finished, but this challenge is here so everyone is on the same page.

[bcrscahh198987]

What skills or knowledge do you need to win this challange?

Knowing linux, php, mysql, and web protocols?

Edited by bcrscahh198987, 25 October 2009 - 08:10 AM.