CANVAS Report for CTF Event at USAFA on 4/25/2007

Slides:



Advertisements
Similar presentations
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Advertisements

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
System and Network Security Practices COEN 351 E-Commerce Security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Penetration Testing Training Day Capture the Flag Training.
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Software Security Testing Vinay Srinivasan cell:
Wireless Networks and the NetSentron By: Darren Critchley.
California State University, Northridge Certification Process Team B Carlos Guzman John Kramer Stacey LaMotte University of Phoenix.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
I-Hack’08 International Hacking Competition “Details”
CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Firewall Security.
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
DataFlow Diagram – Level 0
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
How to Setup Scan to on most Sharp Models.
Internet FTP to network. Preliminary Steps a FTP program is used and executed such as WS_FTP LE Information needed –host name –user id –password.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.
Serial Server Configuration Peter Szyszko. Hardware Configuration  Unit has to be connected to network and powered.  Computer has to be connected to.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Intro to Ethical Hacking
VMware ESX and ESXi Module 3.
Project CTF Yeganeh Safaei Arizona State University
Chapter 7. Identifying Assets and Activities to Be Protected
Top 5 Open Source Firewall Software for Linux User
MySQL Exploit with Metasploit
Chapter 7: Identifying Advanced Attacks
WEB APPLICATION TESTING
Footprinting and Scanning
Common Methods Used to Commit Computer Crimes
CITA 352 Chapter 5 Port Scanning.
Secure Software Confidentiality Integrity Data Security Authentication
Chris D Hicks Director of IT MCSE, MCP + Internet Security
Network Exploitation Tool
FTP - File Transfer Protocol
Introduction to Networking
Security of a Local Area Network
Welcome To : Group 1 VC Presentation
Intuit has launched QuickBooks File Doctor tool (QBFD) in QuickBooks File Doctor is a tool that has been designed to recover the damaged company.
Intro to Ethical Hacking
Intro to Ethical Hacking
Network Models, Hardware, Protocols and number systems
Setting Up Firewall using Netfilter and Iptables
NETWORK SECURITY LAB Lab 8. Firewall and VPN.
Lecture 2 - SQL Injection
Web Servers / Deployment
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
Virtual Machine and VirtualBox
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Presentation transcript:

CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri Vispute 9/22/2018 CANVAS REPORT/rvispute

Front Range Voting Machines (FRVM) FRVM : Located in Denver, Colorado Created for : “Front Range Capture the Flag” Built using Web Interface To tally votes for political elections One person – one vote Front end – Web Server, Back end - MySQL 9/22/2018 CANVAS REPORT/rvispute

Voting Web Page Legitimate Serial No: 9000000-9000999 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Our Job Perform a complete system evaluation To find actual vulnerabilities Recommended solutions Submit the final report 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Rules to follow We cannot hack or attack any other teams We may not modify any software, hardware or data on other team’s servers/machines Keyboard time will be shared among members of our team If we violate any rule – we will be disqualified and asked to leave 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Information Provided One laptop to connect to Internet for looking up information and but not for transfer programs 1 Computer for a team of 3 members. Backtrack installed IP address Subnet Route 9/22/2018 CANVAS REPORT/rvispute

Procedure to find flags nmap 192.168.104.0/24 – gives IP Address of server Go to IE and type http://192.168.111.249/ View-Source Will get Image Directory – First flag Use Metasploit – WebDAV – will get command prompt. In Dir , Flag.txt file – Second flag From webpage , we will get admin.htm from where we can find admin.php 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Cont.. From C:\Inetpub\admin.php we obtain username/password info to (mysql server?) Use this info to login (where? Web server/fw/mysql server), here is Third flag Root password – hashes.txt Try ssh@root IP address , enter root password works – Fourth flag Try to enter serial number like ‘;’ you will get SQL error which is hint. Login Mysql with mysql –u root – get access Show databases; - Here is Fifth Flag Most Vulnerable situation: If you enter 123 OR 1=1 in the serial number box- you are in… 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Our Recommendations Secure Mysql database from SQL Injection Need Host based IDS and firewalls Using 443 port number for web server instead of port 80 Putting the web server on a DMZ – damage to local computer only Use SNORT to protect or observe the network Encryption/decryption should use for serial numbers which is plain text 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Cont.. In Order to login to system – Digital Certificates or CAC cards should used. The system went down after being exploited – will create angry voters 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Our suggestions Should have knowledge of Backtrack – how to use different tools. Exploitation tutorials 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute Who Won… Stephen Saroj Patil Did I missed anyone from UCCS 9/22/2018 CANVAS REPORT/rvispute

CANVAS REPORT/rvispute What we learned Great learning experience Comments from Group members.. 9/22/2018 CANVAS REPORT/rvispute

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.