Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
TopDog Lab
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Requirements
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Releases
Package registry
Model registry
Operate
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
topdog
TopDog Lab
Commits
cbc972be
Commit
cbc972be
authored
7 years ago
by
Niklas Johansson
Browse files
Options
Downloads
Patches
Plain Diff
Uppdaterat pm
parent
6040ae9f
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
Shepherd.pdf
+0
-0
0 additions, 0 deletions
Shepherd.pdf
Shepherd.tex
+37
-30
37 additions, 30 deletions
Shepherd.tex
with
37 additions
and
30 deletions
Shepherd.pdf
+
0
−
0
View file @
cbc972be
No preview for this file type
This diff is collapsed.
Click to expand it.
Shepherd.tex
+
37
−
30
View file @
cbc972be
...
...
@@ -125,9 +125,8 @@ stuck in a module and need a hint. Register for the coaching session in Lisam.
The coaching sessions are not compulsory!
\section
{
Deadline
}
\label
{
sec:deadline
}
The lab server opens up for registration on November 11th at 15:00.
The lab must be finished before the end of the exam period which is on the 14th
of January 2017. Shortly after, the Security Shepherd server will be shut down,
The lab server opens up for registration on November 8th at 17:00.
The lab must be finished before the end of the exam period. Shortly after, the Security Shepherd server will be shut down,
so you can't do the lab after this date.
\section
{
Disciplinary stuff
}
...
...
@@ -281,59 +280,67 @@ complex. We have put a lot of work into making the lab interesting and to run
the actual server. If you have any ideas or suggestions we are all ears!
\section
{
Challenges
}
\label
{
sec:challenges
}
The following challenges are required to pass the lab. The challenges we put at
the end of the list are the hardest, so we recommend that you don't start with
them. However, you are free to do the challenges in any order you want.
The following 21 challenges are required to pass the lab, and you are free to do the challenges in any order you want.
\begin{description}
\item
[Session Management Challenge 1]
Try replacing
\enquote
{
user
}
with
\enquote
{
administrator
}
. But where?
\item
[Poor Data Validation 1]
. The
\enquote
{
troll
}
here means the third
image, i.e.
\
a
\enquote
{
trollface
}
. Google it if you are unsure.
\item
[Session Management Challenge 1]
{
\color
{
white
}
Try replacing
\enquote
{
user
}
with
\enquote
{
administrator
}
. But where?
}
\item
[Poor Data Validation 1]
{
\color
{
white
}
The
\enquote
{
troll
}
here means the third
image, i.e.
\
a
\enquote
{
trollface
}
. Google it if you are unsure.
}
\item
[Cross Site Scripting 1]
\item
[Session Management Challenge 2]
Try attacking the password reset.
\item
[Session Management Challenge 2]
{
\color
{
white
}
Try attacking the password reset.
}
\item
[Session Management Challenge 3]
\item
[SQL Injection 1]
\item
[SQL Injection 2]
The server first checks if the query contains
\emph
{
one
}
@ before processing it!
{
\color
{
white
}
The server first checks if the query contains
\emph
{
one
}
@ before processing it!
}
\item
[Insecure Cryptographic Storage Challenge 1]
\item
[Insecure Cryptographic Storage Challenge 2]
Here,
\enquote
{
2d cipher
}
refers to the
\enquote
{
Vigenère cipher
}
.
{
\color
{
white
}
Here,
\enquote
{
2d cipher
}
refers to the
\enquote
{
Vigenère cipher
}
.
}
\item
[Insecure Direct Object Reference Challenge 1]
\item
[Insecure Direct Object Reference Challenge 2]
Do challenges 1 and 2
before the Bank challenge!
\item
[Poor Data Validation 2]
Remember that large integers can overflow!
\item
[Insecure Direct Object Reference Challenge 2]
{
\color
{
white
}
Do challenges 1 and 2
before the Bank challenge!
}
\item
[Poor Data Validation 2]
{
\color
{
white
}
Remember that large integers can overflow!
}
\item
[Failure to Restrict URL Access 1]
\item
[CSRF 1]
\item
[Cross Site Scripting 2]
. Now the XSS filter is getting more clever,
\item
[Cross Site Scripting 2]
{
\color
{
white
}
Now the XSS filter is getting more clever,
but it's not perfect. Check the source code of the HTML returned from
the server to see which commands are filtered and which are not. Use the
hints from the slides.
\item
[Session Management Challenge 4]
Can you guess a Session ID? It should
be somewhat larger than 20.
hints from the slides.
}
\item
[Session Management Challenge 4]
{
\color
{
white
}
Can you guess a Session ID? It should
be somewhat larger than 20.
}
\item
[Failure to Restrict URL Access 2]
\item
[Cross Site Scripting 3]
\item
[Insecure Cryptographic Storage Challenge 3]
There are a number of ways
\item
[Insecure Cryptographic Storage Challenge 3]
{
\color
{
white
}
There are a number of ways
to defeat the crypto and get the encryption key in this challenge. The
quickest way is to submit base64 encoded spaces.
\item
[SQL Injection 3]
To complete this challenge, you must craft a second
quickest way is to submit base64 encoded spaces.
}
\item
[SQL Injection 3]
{
\color
{
white
}
To complete this challenge, you must craft a second
statement to return Mary Martin's credit card number as the current
statement only returns the customerName attribute. Note that the UNION
statement isn't filtered!
\item
[Insecure Direct Object Reference Bank]
To complete this challenge you
statement isn't filtered!
}
\item
[Insecure Direct Object Reference Bank]
{
\color
{
white
}
To complete this challenge you
must first register an account. The account must have a unique name. The
next step is to click the refresh balance button. Capture this request, and
replay it with different account numbers until you find one with cash. If
you are the first person to attempt this challenge, the account number 1
should have 10 million in it. You should be able to figure out the rest.
See
\cref
{
sec:faq-bank
}
if there's not enough money anywhere!
See
\cref
{
sec:faq-bank
}
if there's not enough money anywhere!
}
\end{description}
T
otal: 21 challenges to finish.
T
here are hidden hints!
\section
{
Challenges not required
}
\label
{
sec:hard-challenges
}
The following extra challenges are included in Security Shepherd but are NOT
required to finish the course. They are difficult. Note that, for these challenges, you are on your
own. T
he lab assistant is not required to
help you, and these challenges might
own. T
o keep the competition fair the lab assistant will not
help you, and these challenges might
require knowledge we didn't cover in the lecture, and resources we can't
provide.
\begin{itemize}
...
...
@@ -632,7 +639,7 @@ destinations.
\end{figure}
\chapter
{
Capturing The Flag
}
\label
{
sec:ctf
}
Security Shepherd is what the hacking community call
e
s a CTF, or Capture The
Security Shepherd is what the hacking community calls a CTF, or Capture The
Flag. CTF:s are a good way of practicing one's skills in order to become better
at pentesting, reverse-engineering, cracking, etc. It is common for security
conferences to have CTF competitions where teams try to solve a number of
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
