Book Image

Kali Linux CTF Blueprints

By : Cameron Buchanan
Book Image

Kali Linux CTF Blueprints

By: Cameron Buchanan

Overview of this book

Table of Contents (14 chapters)
Kali Linux CTF Blueprints
About the Author
About the Reviewers

Exploitation guides

The following are exploit guides for the scenarios created in this chapter. These are guidelines and there are more ways to exploit the vulnerabilities.

Scenario 1 – cookie theft for fun and profit

The brief provided for this exploitation guide is assumed to be: steal the admin user's cookie from <IP>/input.php. Perform the following steps for this scenario:

  1. The first thing to do is to the browse the website. We can see that we have an input box.

  2. The brief says, "steal a cookie", so we can assume this is a cross-site scripting attack. We can add test messages to see whether the input is returned to us. As it doesn't return the input, we must assume that it's being passed to the admin somewhere as the brief suggests that an admin can see it. This means that trying the standard <script>alert(1);</script> code won't work.

  3. However, we can make a call back to our own server with cross-site scripting. This is achieved by first enabling Apache on our server with...