lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <50ED71B0.5030003@madirish.net> Date: Wed, 09 Jan 2013 08:33:36 -0500 From: "Justin C. Klein Keane" <justin@...irish.net> To: full-disclosure@...ts.grok.org.uk Subject: LAMPSecurity Capture the Flag -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Warning: Gratuitous project self promotion to follow. Hello all, yesterday I released the latest in a series of capture the flag exercises as part of the LAMP Security project, hosted at SourceForge.net. This exercise was run at the Philadelphia OWASP chapter meeting. It includes a full virtual machine image with custom and open source web applications that demonstrate a number of common web application vulnerabilities and misconfigurations. The goal of the exercise is to break into the target and get access to the root account with no prior information about the target. The exercise includes a full 43 page PDF walk-through that is suited for folks of all levels of technical expertise. You can complete the exercise with or without the walk-through. The exercise uses the BackTrack Linux distribution to demonstrate a number of open source testing tools that you can use in your own organization as well as highlight the strengths and weaknesses of each tool. Download the exercise if you want to: * Break into a system with permission * Learn more about web application vulnerabilities * Play with open source testing tools in a safe environment * Understand why tools like SQLMap are so dangerous * Understand why SQLMap sucks * Benchmark your own commercial testing tools * Confound yourself with virtual network settings * Have some fun and hopefully learn something You can download the exercise from https://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/CTF7/. Any and all feedback is appreciated. Cheers, - -- Justin C. Klein Keane http://www.MadIrish.net The PGP signature on this email can be verified using the public key at http://www.madirish.net/gpgkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iPwEAQECAAYFAlDtcaoACgkQkSlsbLsN1gCDRQb/envkpZNuD6W/8wPqVMXXMO0H CxlTXM1k3zNQMA64a/pnqcpC3+apZ44HcGYVVII7wEbju+GnCNbd+TjW47TTgnKc OS0+Jpu3rCmevYtiDEuBEbsajlIJFm/t+uwkTNCiViczZ5Gb/Rq3a+cfdDsklJlf WxjyQlKTPLtK3lknV+P2tgtF+4mNUzxmjCvYxGGjsyNSPSvRjl8SiMf/zyyjpSJI fJ1hu4mZSdBYFUFv/d0Q3/bMPvdIH+w7N5ptRYlTNbNrbNUXIFhGMhBM3tXVZWCa jjxSuMpKFGV+82BBu6U= =yxZB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists