lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <50ED71B0.5030003@madirish.net>
Date: Wed, 09 Jan 2013 08:33:36 -0500
From: "Justin C. Klein Keane" <justin@...irish.net>
To: full-disclosure@...ts.grok.org.uk
Subject: LAMPSecurity Capture the Flag

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Warning: Gratuitous project self promotion to follow.

Hello all,

  yesterday I released the latest in a series of capture the flag
exercises as part of the LAMP Security project, hosted at
SourceForge.net.  This exercise was run at the Philadelphia OWASP
chapter meeting.  It includes a full virtual machine image with custom
and open source web applications that demonstrate a number of common
web application vulnerabilities and misconfigurations.  The goal of
the exercise is to break into the target and get access to the root
account with no prior information about the target.  The exercise
includes a full 43 page PDF walk-through that is suited for folks of
all levels of technical expertise.  You can complete the exercise with
or without the walk-through.  The exercise uses the BackTrack Linux
distribution to demonstrate a number of open source testing tools that
you can use in your own organization as well as highlight the
strengths and weaknesses of each tool.  Download the exercise if you
want to:

* Break into a system with permission
* Learn more about web application vulnerabilities
* Play with open source testing tools in a safe environment
* Understand why tools like SQLMap are so dangerous
* Understand why SQLMap sucks
* Benchmark your own commercial testing tools
* Confound yourself with virtual network settings
* Have some fun and hopefully learn something

You can download the exercise from
https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/CTF7/.
 Any and all feedback is appreciated.

Cheers,

- -- 
Justin C. Klein Keane
http://www.MadIrish.net

The PGP signature on this email can be verified using the public key at
http://www.madirish.net/gpgkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iPwEAQECAAYFAlDtcaoACgkQkSlsbLsN1gCDRQb/envkpZNuD6W/8wPqVMXXMO0H
CxlTXM1k3zNQMA64a/pnqcpC3+apZ44HcGYVVII7wEbju+GnCNbd+TjW47TTgnKc
OS0+Jpu3rCmevYtiDEuBEbsajlIJFm/t+uwkTNCiViczZ5Gb/Rq3a+cfdDsklJlf
WxjyQlKTPLtK3lknV+P2tgtF+4mNUzxmjCvYxGGjsyNSPSvRjl8SiMf/zyyjpSJI
fJ1hu4mZSdBYFUFv/d0Q3/bMPvdIH+w7N5ptRYlTNbNrbNUXIFhGMhBM3tXVZWCa
jjxSuMpKFGV+82BBu6U=
=yxZB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ