1 / 13

CANVAS Report for CTF Event at USAFA on 4/25/2007

CANVAS Report for CTF Event at USAFA on 4/25/2007. Subject : Penetration Tools for Front Range Pen Test Exercis e By Rajshri Vispute. Front Range Voting Machines (FRVM). FRVM : Located in Denver, Colorado Created for : “Front Range Capture the Flag” Built using Web Interface

ziva
Download Presentation

CANVAS Report for CTF Event at USAFA on 4/25/2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri Vispute CANVAS REPORT/rvispute

  2. Front Range Voting Machines (FRVM) • FRVM : Located in Denver, Colorado • Created for : “Front Range Capture the Flag” • Built using Web Interface • To tally votes for political elections • One person – one vote • Front end – Web Server, Back end - MySQL CANVAS REPORT/rvispute

  3. Voting Web PageLegitimate Serial No: 9000000-9000999 CANVAS REPORT/rvispute

  4. Our Job • Perform a complete system evaluation • To find actual vulnerabilities • Recommended solutions • Submit the final report CANVAS REPORT/rvispute

  5. Rules to follow • We cannot hack or attack any other teams • We may not modify any software, hardware or data on other team’s servers/machines • Keyboard time will be shared among members of our team • If we violate any rule – we will be disqualified and asked to leave CANVAS REPORT/rvispute

  6. Information Provided • One laptop to connect to Internet for looking up information and but not for transfer programs • 1 Computer for a team of 3 members. • Backtrack installed • IP address • Subnet • Route CANVAS REPORT/rvispute

  7. Procedure to find flags • nmap 192.168.104.0/24 – gives IP Address of server • Go to IE and type http://192.168.111.249/ • View-Source • Will get Image Directory – First flag • Use Metasploit – WebDAV – will get command prompt. • In Dir , Flag.txt file – Second flag • From webpage , we will get admin.htm from where we can find admin.php CANVAS REPORT/rvispute

  8. Cont.. • From C:\Inetpub\admin.php we obtain username/password info to (mysql server?) • Use this info to login (where? Web server/fw/mysql server), here is Third flag • Root password – hashes.txt • Try ssh@root IP address , enter root password • works – Fourth flag • Try to enter serial number like ‘;’ you will get SQL error which is hint. • Login Mysql with mysql –u root – get access • Show databases; - Here is Fifth Flag • Most Vulnerable situation: If you enter 123 OR 1=1 in the serial number box- you are in… CANVAS REPORT/rvispute

  9. Our Recommendations • Secure Mysql database from SQL Injection • Need Host based IDS and firewalls • Using 443 port number for web server instead of port 80 • Putting the web server on a DMZ – damage to local computer only • Use SNORT to protect or observe the network • Encryption/decryption should use for serial numbers which is plain text CANVAS REPORT/rvispute

  10. Cont.. • In Order to login to system – Digital Certificates or CAC cards should used. • The system went down after being exploited – will create angry voters CANVAS REPORT/rvispute

  11. Our suggestions • Should have knowledge of Backtrack – how to use different tools. • Exploitation tutorials CANVAS REPORT/rvispute

  12. Who Won… • Stephen • Saroj Patil • Did I missed anyone from UCCS CANVAS REPORT/rvispute

  13. What we learned • Great learning experience • Comments from Group members.. CANVAS REPORT/rvispute

More Related