Presentation is loading. Please wait.

Presentation is loading. Please wait.

CANVAS Report for CTF Event at USAFA on 4/25/2007

Published byDeddy Pranata Modified over 6 years ago

Similar presentations

Presentation on theme: "CANVAS Report for CTF Event at USAFA on 4/25/2007"— Presentation transcript:

1 CANVAS Report for CTF Event at USAFA on 4/25/2007
Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri Vispute 9/22/2018 CANVAS REPORT/rvispute

2 Front Range Voting Machines (FRVM)
FRVM : Located in Denver, Colorado Created for : “Front Range Capture the Flag” Built using Web Interface To tally votes for political elections One person – one vote Front end – Web Server, Back end - MySQL 9/22/2018 CANVAS REPORT/rvispute

3 Voting Web Page Legitimate Serial No: 9000000-9000999
9/22/2018 CANVAS REPORT/rvispute

4 CANVAS REPORT/rvispute
Our Job Perform a complete system evaluation To find actual vulnerabilities Recommended solutions Submit the final report 9/22/2018 CANVAS REPORT/rvispute

5 CANVAS REPORT/rvispute
Rules to follow We cannot hack or attack any other teams We may not modify any software, hardware or data on other team’s servers/machines Keyboard time will be shared among members of our team If we violate any rule – we will be disqualified and asked to leave 9/22/2018 CANVAS REPORT/rvispute

6 CANVAS REPORT/rvispute
Information Provided One laptop to connect to Internet for looking up information and but not for transfer programs 1 Computer for a team of 3 members. Backtrack installed IP address Subnet Route 9/22/2018 CANVAS REPORT/rvispute

7 Procedure to find flags
nmap /24 – gives IP Address of server Go to IE and type View-Source Will get Image Directory – First flag Use Metasploit – WebDAV – will get command prompt. In Dir , Flag.txt file – Second flag From webpage , we will get admin.htm from where we can find admin.php 9/22/2018 CANVAS REPORT/rvispute

8 CANVAS REPORT/rvispute
Cont.. From C:\Inetpub\admin.php we obtain username/password info to (mysql server?) Use this info to login (where? Web server/fw/mysql server), here is Third flag Root password – hashes.txt Try IP address , enter root password works – Fourth flag Try to enter serial number like ‘;’ you will get SQL error which is hint. Login Mysql with mysql –u root – get access Show databases; - Here is Fifth Flag Most Vulnerable situation: If you enter 123 OR 1=1 in the serial number box- you are in… 9/22/2018 CANVAS REPORT/rvispute

9 CANVAS REPORT/rvispute
Our Recommendations Secure Mysql database from SQL Injection Need Host based IDS and firewalls Using 443 port number for web server instead of port 80 Putting the web server on a DMZ – damage to local computer only Use SNORT to protect or observe the network Encryption/decryption should use for serial numbers which is plain text 9/22/2018 CANVAS REPORT/rvispute

10 CANVAS REPORT/rvispute
Cont.. In Order to login to system – Digital Certificates or CAC cards should used. The system went down after being exploited – will create angry voters 9/22/2018 CANVAS REPORT/rvispute

11 CANVAS REPORT/rvispute
Our suggestions Should have knowledge of Backtrack – how to use different tools. Exploitation tutorials 9/22/2018 CANVAS REPORT/rvispute

12 CANVAS REPORT/rvispute
Who Won… Stephen Saroj Patil Did I missed anyone from UCCS 9/22/2018 CANVAS REPORT/rvispute

13 CANVAS REPORT/rvispute
What we learned Great learning experience Comments from Group members.. 9/22/2018 CANVAS REPORT/rvispute

Download ppt "CANVAS Report for CTF Event at USAFA on 4/25/2007"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.

CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
Lab How to Use WANem Last Update 2011.08.01 1.1.0 Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
Wireless Networks and the NetSentron By: Darren Critchley.

Wireless Networks and the NetSentron By: Darren Critchley.
California State University, Northridge Certification Process Team B Carlos Guzman John Kramer Stacey LaMotte University of Phoenix.

California State University, Northridge Certification Process Team B Carlos Guzman John Kramer Stacey LaMotte University of Phoenix.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.

Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
I-Hack’08 International Hacking Competition “Details”

I-Hack’08 International Hacking Competition “Details”
CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.

CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.

Similar presentations

Ads by Google