Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,205,003 members, 7,990,771 topics. Date: Friday, 01 November 2024 at 12:28 AM

Web Security Tutorials - Web Market - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Web Market / Web Security Tutorials (18403 Views)

Join Our Practical Web Development Tutorials In Sango Otta. / Be Ur Own Boss: Learn Web Design With Our Ebook 'n' Video Tutorials!!!! / Teach Yourself Webdesign/development Using Video Tutorials (2) (3) (4)

(1) (2) (Reply) (Go Down)

Web Security Tutorials by Slyr0x: 1:22pm On Apr 17, 2012
Have you ever wanted to learn how to hack? Are you more of a hands on learner, then one that can learn from just reading out of a book? Are you interested in developing secure code by understanding how a hacker will attack your application? If you answered "yes" to any of these questions, then this site is for you. Since 2005, Enigma Group has been providing its members a legal and safe security resource where they can develop their pen-testing skills on various challenges provided by this site. These challenges cover the exploits listed in the OWASP Top 10 Project and teach members the many other types of exploits that are found in today's applications; thus, helping them to become better programmers in the mean time. By knowing your enemy, you can defeat your enemy.

The missions are sub-divided into what we have below

Prerequisites


Pre 1 - View Source —
Pre 2 - Url Modification —
Pre 3 - Robots —

JavaScript

JavaScript 1 - Form modification —
JavaScript 2 - Login Bypass —
JavaScript 3 - Login Bypass —
JavaScript 4 - Login Bypass —
JavaScript 5 - Login Bypass —
JavaScript 6 - Login Bypass —
JavaScript 7 - Login Bypass —
JavaScript 8 - Login Bypass —
JavaScript 9 - Substrings —
JavaScript 10 - charCodeAt() —
JavaScript 11 - charAt();indexOf() —
JavaScript 12 - Date Manipulation —

Miscellaneous

Misc. 1 - Header Injections —
Misc. 2 - Server Side Includes —
Misc. 3 - Regexp Skills —
Misc. 4 - Buffer Overflows —
Misc. 5 - Buffer Overflows (cont.) —
Misc. 6 - Shopping Cart Exploitation —
Misc. 7 - MySQL and SQL Column Truncation Vulnerabilities —

Spoofing

Spoofing 1 - Internet Protocol —
Spoofing 2 - Useragent —
Spoofing 3 - Referrer —
Spoofing 4 - Resolution —
Spoofing 5 - Cookie Modification —

SQL Injections

SQL 1 - Login Bypass —
SQL 2 - Basic URL Based Injection —
SQL 3 - Signature Evasion —
SQL 4 - Useragent Based Injection —
SQL 5 - Blind SQL Injection 1 —
SQL 6 - Blind SQL Injection 2 —

URL Manipulation

URLManip. 1 - $_GET superglobal includes —
URLManip. 2 - Hex Injection —
URLManip. 3 - Hex Injection (Cont.) —

Auditing

Auditing 1 - PHP Audit Discovery —
Auditing 2 - PHP Audit Discovery —
Auditing 3 - PHP Audit Discovery —
Auditing 4 - PHP Audit Discovery —
Auditing 5 - PHP Audit Discovery —
Auditing 6 - PHP Audit Discovery —
Auditing 7 - PHP Audit Discovery —
Auditing 8 - PHP Audit Discovery —
Auditing 9 - PHP Audit Discovery —
Auditing 10 - PHP Audit Discovery —
Auditing 11 - PHP Audit Discovery —
Auditing 12 - PHP Audit Discovery —

Reconnaissance

Reconnaissance 1 - Server IP/OS —
Reconnaissance 2 - PHP Version —
Reconnaissance 3 - Full Path Disclosure - Array[] —
Reconnaissance 4 - Full Path Disclosure - $_SESSION[] —
Reconnaissance 5 - Full Path Disclosure - Zero Division —

Variable Manipulation

VarManip. 1 - Local File Inclusion —
VarManip. 2 - Redirection Evasion —
VarManip. 3 - Remote File Inclusion —
VarManip. 4 - Basic Filter Evasion —
VarManip. 5 - Cross Site Request Forgery —
VarManip. 6 - Carriage Return Line Feed Injection —
VarManip. 7 - Null Byte Upload —
VarManip. 8 - Null Byte Includes —
VarManip. 9 - GIF Upload Bypass One —
VarManip. 10 - GIF Upload Bypass Two —

XSS (Cross Site Scripting)

XSS 1 - Basic Cross Site Scripting —
XSS 2 - UserAgent XSS —
XSS 3 - fromCharCode XSS —
XSS 4 - Basic Filter Evasion XSS —

Java Applets

Java Applet 1 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 2 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 3 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 4 - Basic Java Applet - Check Your Mission Answer! —



Trust me, we are gon learn a LOT. .and we all would definitely enjoy this!

SignUp Here: http://www.enigmagroup.org

After Signing up, visit the mission page here http://www.enigmagroup.org/pages/basics/ and start from the Pre-requisites downwards. .

Please indicate after signing up and also let's use this thread as our "discussion room". .

Incase you get stuck trying to solve a mission, please feel free to ask questions HERE

Please Remember: NO SPOILERS Pls


Happy spl0iting


wink cheesy

2 Likes

Re: Web Security Tutorials by 8figure(m): 1:29pm On Apr 17, 2012
Cool just landed here
Re: Web Security Tutorials by dansmog(m): 3:04pm On Apr 17, 2012
hope it is gonna be mind exploding? cos i have been wanting to learn hacking for the better.. thanks for bringing it up...
Re: Web Security Tutorials by dansmog(m): 3:20pm On Apr 17, 2012
am still in the site and am enjoying it. thanks man! i love you
Re: Web Security Tutorials by Slyr0x: 3:45pm On Apr 17, 2012
dansmog++:
am still in the site and am enjoying it. thanks man! i love you

I luv yo gf more wink cheesy. .

What level are you on now?
Re: Web Security Tutorials by dansmog(m): 4:13pm On Apr 17, 2012
am still checking out the basic skills,
yeah i know! i havent gone far..
Re: Web Security Tutorials by Slyr0x: 4:30pm On Apr 17, 2012
A mission at a time bro . .Don't rush it wink. .

Also make sure you are putting your notepad++ /notepad into good use. . wink
Re: Web Security Tutorials by dansmog(m): 5:49pm On Apr 17, 2012
Slyr0x, there is a problem! i thought it was gonna be tutorial on hacking? how come am seeing mission, which i need to complete, or am i not clicking on the right links? is there no tutorials cos i have only learn't html,css and am learning javascript now.
Re: Web Security Tutorials by Slyr0x: 5:56pm On Apr 17, 2012
Slyr0x: Have you ever wanted to learn how to hack? Are you more of a hands on learner, then one that can learn from just reading out of a book?

^^^You have your answer here bro. .

It is a hands-on hacking simulation site. . .So basically, you learn by trying to break into webapps with the little tips given.
Re: Web Security Tutorials by 8figure(m): 9:47am On Apr 18, 2012
dansmog++:
Slyr0x, there is a problem! i thought it was gonna be tutorial on hacking? how come am seeing mission, which i need to complete, or am i not clicking on the right links? is there no tutorials cos i have only learn't html,css and am learning javascript now.


Hu hu hu hu ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha

This guy ur funny
.
Re: Web Security Tutorials by netesy(m): 10:38am On Apr 18, 2012
try www.hackthissite.org thats good too!!!!
never got past basic ten
Re: Web Security Tutorials by 8figure(m): 11:20am On Apr 18, 2012
Just completed Javascript 8 and moved on to nine, and learned some functions.
Am really enjoying this.
Re: Web Security Tutorials by netesy(m): 11:54am On Apr 18, 2012
http://www.enigmagroup.org/missions/basics/pre/2/*********/******.inc
the answer to pre 2 is not working 404 error and i cant move to more advance stuffs because of this iish
or maybe the dontlookhere is wrong or my network is effing up
Re: Web Security Tutorials by 8figure(m): 2:06pm On Apr 18, 2012
@netesy
what you saw there is called path disclosure and which can lead the intending intruder into deciphering what your directory structure looks like, and as the mission title suggests, the intruder can easily modify the url to get dir listing,guess you know what it means?

think a little bit there is nothing wrong with anything, the error you got is just because you got the wrong answer.
Re: Web Security Tutorials by netesy(m): 3:48pm On Apr 18, 2012
how them dey do robot rubbish ehn? but IWP na eff up, the thing they dull me.....need help with a good server.
Re: Web Security Tutorials by netesy(m): 4:09pm On Apr 18, 2012
User-agent: *
Disallow: /f0rk/
how the f*ck do i use it? mad
Re: Web Security Tutorials by 8figure(m): 4:28pm On Apr 18, 2012
go read about robots, thats what i did to pass through that level.
Re: Web Security Tutorials by netesy(m): 4:36pm On Apr 18, 2012
spoiler addd this to the url of pre 3 /f0rk/
how about javascript 2,3,4,5 please?
Re: Web Security Tutorials by Slyr0x: 4:43pm On Apr 18, 2012
You done with Javascript 1?
Re: Web Security Tutorials by netesy(m): 4:56pm On Apr 18, 2012
yes i edited source on opera 11
PLEASE JAVA 3,4,5,6,7 help spoilers also accepted
Re: Web Security Tutorials by 8figure(m): 5:34pm On Apr 18, 2012
Below is my little analysis of the javascript 9 code

The long loop inner loop part is where am stuck
and

var confirmPass = document.login.password.value;
part

Re: Web Security Tutorials by netesy(m): 5:40pm On Apr 18, 2012
how do i do this java 3 nah i can veiw the sourec on my opera 11
how is it under my nose i have cleaned it pls a spoiler needed
Re: Web Security Tutorials by netesy(m): 8:45pm On Apr 21, 2012
slyr0x am i gonna get answered or not mehn help out a brother
chasing you with a virus ..
Re: Web Security Tutorials by 8figure(m): 5:39pm On Apr 25, 2012
<script type="text/javascript">



var year= 6
var pass=12

for(i = 1; i <= year; i++)
{
pass += year * i * year;
}
document.write(pass)

/*
WHEN PASS = 318338237039211050000
WHAT IS THE VALUE OF YEAR.
pass += year * i * year;

*/

</script>


I need to know where am getting it wrong

when I do it manually by hand, the result is never the same with what i got from this script.
Any hint?
Re: Web Security Tutorials by webmpro(m): 6:50am On Apr 29, 2012
Gud job fellas am on my way!
Re: Web Security Tutorials by 8figure(m): 1:45pm On Apr 29, 2012
netesy: slyr0x am i gonna get answered or not mehn help out a brother
chasing you with a virus ..




Hey whats your prob? tell me am listening
Re: Web Security Tutorials by netesy(m): 6:27pm On Apr 29, 2012
Java 3 how do i veiw source code when its hidden or is dat the real code?
Re: Web Security Tutorials by 8figure(m): 7:42pm On Apr 29, 2012
^^
Hey I think you need this tool to actually see what you re doing.

https://addons.mozilla.org/firefox/downloads/file/123595/firebug-1.7.3-fx.xpi?src=dp-btn-primary
Re: Web Security Tutorials by 8figure(m): 11:31am On Apr 30, 2012
Geez I've just completed mission 9 and you know what am now trying to figure out how i can implement what i did as a script cos I did it by hand and that's gonna be boring if the p1.length where to be like 100.


I will still post the script if it would not be a spoiler. that is when am done o.

1 Share

Re: Web Security Tutorials by netesy(m): 1:37am On May 01, 2012
thanks bro am trying it
Please in JavaScript 7 is it the day you registered you use?
Re: Web Security Tutorials by netesy(m): 4:43am On May 02, 2012
<script language="JavaScript">
var base= new Array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "grin", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z","a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"wink;
var data=new Array(3);
base.reverse();
data[0]=base[42];
data[1]=base[11];
data[2]=base[17];
data[3]=base[12];
data[4]=base[7];
data[5]=base[43];
data[6]=base[6];
password=prompt("Please enter the Password!",""wink;
if (password==data.join("_"wink){
window.location.href=""+password+".php";
}
Please any tip?
Re: Web Security Tutorials by 8figure(m): 11:25am On May 02, 2012
@nesty
what you need to study for you to beat that mission are (join,reverse and array), once you did that, you wouldn't have much to ask.



I just tried it now and improved my solution with a script that solves prints out the pass for me.

(1) (2) (Reply)

Get a responsive website/blog today at affordable cost / Solve Issues With Your Website Here, Wordpress, Joomla, PHP Script E.t.c / Get The Best Responsive Website/ Blog Today, We Also Help With Monetization

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 47
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.