Home > Others

2012 the third session of Xidian University network attack and Defense competition and network infiltration part of the clearance scheme V2.0

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

2012 the third session of the Xidian University network attack

Competition and network penetration part of the Customs Clearance program

V2.0

Southern Sword

Cyberpolice

Http://weibo.com/nanguojian

Objective:

This competition by the West Electricity Information Security Association host official site: https://csc.xdsec.org

10.1-10.15 Day. The registration period expires on October 10. Please allocate time reasonably for the participating team. --xdsec

0x000

First off: Local off JavaScript to view the Web page source, the arrow refers to the part of the encryption part of the hexadecimal encryption

The decryption was key:f1rstpa5skey.

0x001

Second off local intercept view packets know that a cookie needs to be decrypted

Visual for hex encryption decrypted (zzbozxhuzg8wcm==), this is not the final result, judged as Base64 encryption, through Base64 decryption learned for g0nextdo0r

Get the final cookie value modify the local cookie submission to log into the system.

0x002

The third is

Modify head Content-language:en as prompted

Resubmit, enter system to get key

0X003

The four-off for the hint please login needs to log in to view locally intercepted packets

Attempt to change cookie admin=0 to Admin=1, login successfully

0x004

Five for a login page, enter the password box, need to crack

Check the bottom of the source code, you can find the password dictionary

Download it, load into the hack tool run password

0x005

The six-off estimate is to look for access data, based on tips <!--tips:conn.inc-->

?? Need further analysis!!

0x006

Seventh off is based on the exported Sam crack password

H4CKER:1004:C4FB857DAAF137F088BE239044A684C5:4708EEA5CCA17F195EE8EACA40153F5B:::

Run your own Rainbow watch.

Result is

71dd0709187df68befd20973fc23f973

4708eea5cca17f195ee8eaca40153f5b

0x007

Eighth off a login box, bypassing logging in

Account number is admin ' or ' = ' or '/**

Password: Random input

You can log in. Visual inspection for Dvwa Vulnerability Walkthrough environment;

0x008

The key is to get the clear text password for admin at the Nineth off prompt.

Inject bypass get admin password

Have

N1md4

0x009

Tenth close a PHP file, you need to intercept the local 00 truncation modify the packet before uploading the success

The answer is then back to a key;

2012 the third session of Xidian University network attack and Defense competition and network infiltration part of the clearance scheme V2.0

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
practice of system and network administration design network subnetting scheme get the permalink wordpress the field circuit and network book network threats and countermeasures examples of network software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More