The “WidgetCorp” challenge for the 2013 CSAW CTF was a really neat web exploitation problem. It was a challenge where I was super excited to work through the whole thing (not always the case for sure!)

Selection_002

It’s a light blue because I solved it but you get the gist. No information/comments are provided about what to expect so you’re going in blind here.

Here is a picture of the homepage for this site:

So recently I was attempting to hack a friend’s server (with permission!) via a local file inclusion vulnerability and I discovered that nobody had any tutorials on hacking XAMPP servers via LFI.

Basically it’s pretty straightforward if they have FileZilla FTP Server enabled and working! In fact it should be trivial to exploit this in any currently running XAMPP server with an LFI vulnerability!

So before we start I’d like to point out that I found this out by simply copying the remote host’s installed programs on a VM of my own. This way I can get a good picture of what their server setup is and can more effectively exploit them. If you’re completely new to LFI exploitation in general here are some nifty tutorials/guides for you to read:

So I had an interesting idea when a friend of mine asked what a hacker could use a botnet for.

I gave the casual responses like using bots for DDOS attacks, Bitcoin mining, and perhaps ad impressions. Basically anything that a computer can do without human interaction a botnet can do on a larger scale.

But then I thought what if a hacker used the human part of the botnet to complete his work? What if the hacker needed humans to complete his diabolical plan? Could you really use humans to power your botnet?

I’d say you could, and what is one thing humans beat computers at?

Something that I’ve been really interested in is sub domain brute forcing, but what is it any why does it matter?

So, where to start? Let’s tell the story of a company system administrator and his journey.

So Bob (the sysadmin for a very important tech company) is put in charge of managing the DNS servers for H.U.E Inc among other things.

(For this story we’ll be using a 127.x.x.x format but we’ll pretend that these aren’t all loopback IP addresses)

After reading this news article by The Register:

http://www.theregister.co.uk/2013/02/02/twitter_breach_leaks_user_data/

I had a thought about how often this is starting to happen – often dumps are released to the public via torrents or other downloads.