-
Notifications
You must be signed in to change notification settings - Fork 2
/
theveryrealworld.php
48 lines (47 loc) · 3.79 KB
/
theveryrealworld.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<?php
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="lt-ie9 lt-ie8 lt-ie7" lang="en"> <![endif]-->
<!--[if IE 7]> <html class="lt-ie9 lt-ie8" lang="en"> <![endif]-->
<!--[if IE 8]> <html class="lt-ie9" lang="en"> <![endif]-->
<!--[if gt IE 8]><!--> <html lang="en"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Mark's Pentest Challenge</title>
<link rel="stylesheet" href="css/style.css">
<!--[if lt IE 9]><script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
</head>
<body>
<section class="container">
<div class="login">
<h1>Welcome!</h1>
Very warm welcome again my fellow hacker!
<br>Since you have succesfully solved my challenges, I want to make you an offer. I have the following files on my webserver, but I just forgot my password. <br><br>
<img src="pics/files.jpg" width="600px"><br><br>
But I remember, that I have some websites running on the server (see the list below). Can you access those files and tell me the content? If yes, you will be generously rewarded.<br>
All of these websites are from the corresponding projects website and there are a lot of tutorials and walk-through. If you are really stuck, search for the solutions of one, try to understand and then try to solve an other one on your own.<br>
Although solving only these challenges will not get you the above mentioned files. You have to figure that out for yourself. But if you do, the reward will be yours. I only ask you to provide a detailed description of how you did it, and allow me to publish it on my <a href="http://eittrento.blogspot.com/" target="_blank">blog</a> (under your choosen name/nickname of course). And given that I can not print money (yet), I want to limit the number of rewards for one per person, so you have to choose if you got more.
<h2><a href="mutillidae/">OWASP Mutillidae II</a></h2>
"OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest."
<h2><a href="hackademic/">OWASP Hackademic Challenges Project</a></h2>
"The OWASP Hackademic Challenges Project helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controllable and safe environment."
<h2><a href="dvwa/">Damn Vulnerable Web App</a></h2>
"Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment."<br>
First challenge is to login to the challenge. There is no registration, you have to guess my password (hint: it is very easy).<br>
<!--<h2><a href="">WackoPicko Vulnerable Website</a></h2>
"WackoPicko is a website that contains known vulnerabilities."<br>
<h2><a href="">Advanced level: OWASP Hackademic Challenges Project, but with Snort</a></h2>
It is the same webapp as before, but Snort IDS is used to protect it. But can you fool it?<br>
"Snort is an open-source, free and lightweight network intrusion detection system (NIDS) for UNIX derivatives and Windows."<br>-->
</div>
</section>
<section class="about">
<p class="about-author">
Design is based on the code of <a href="http://thibaut.me" target="_blank">Thibaut Courouble</a> -
<a href="http://www.cssflow.com/mit-license" target="_blank">MIT License</a><br>
Original PSD by <a href="http://www.premiumpixels.com/freebies/clean-simple-login-form-psd/" target="_blank">Orman Clark</a>
</section>
</body>
</html>