[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] LAMPSecurity.org Capture the Flag Exercise
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] LAMPSecurity.org Capture the Flag Exercise
- From: "Justin C. Klein Keane" <justin@xxxxxxxxxxxx>
- Date: Tue, 12 May 2009 17:49:05 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I'm happy to announce that the second installment (cryptically called
CTF5) of LAMPSecurity.org's capture the flag series of exercises is now
available. This edition is novel in that it includes a 0-day exploit
that can be used (indirectly) to gain root. This is a training exercise
released in support of the educational mission of LAMPSecurity.org. The
exercise is modeled after many of the exercises that are presented in
expensive commercial training courses, except it's free, of course.
Unlike tools like OWASP's WebGoat, LAMPSecurity.org's capture the flag
exercise consists of a full, vulnerable, virtual machine (VMWare's free
Player is required). This allows users to explore vulnerabilities at
every level of the LAMP stack. The first exercise includes an "attack"
VM as well, with tools pre-installed (where possible). It also includes
over 60 pages of step-by-step documentation so no prior experience is
necessary (although the documentation only outlines one of several
routes to root compromise). The exercise is designed to educate system
administrators and developers on some common dangers and
mis-configurations facing Linux,Apache,MySQL, PHP (LAMP) applications.
Further details, including the documentation, are available at
http://lampsecurity.org/capture-the-flag-5. The vulnerable virtual
machine and attack image are available from SourceForge at
https://sourceforge.net/projects/lampsecurity/. Constructive feedback is
of course welcome. Thank you and enjoy.
- --
Justin C. Klein Keane
http://www.MadIrish.net
http://www.LAMPSecurity.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQD1AwUBSgnu0ZEpbGy7DdYAAQL8CQb+LaIBqQzRJuX3gvEe/XdLaxFbaGMlgrTj
WT7ma76x3RhJHU12pkWEynrlU8Jc2FHx9EY3J+PHS121WqeSR/XKAtx9pi9HIeUA
+uBXaJ1IEdwRPeuquxyJjXswzbzJ7ae9aKI4uLPWYPt4ZD+K7QHNx2S/HmuLFsSL
E0p4gcYpd7so7RQ/Ol3R6fh713c743FuQlDLG785vqY5fEgg2Kw93RcOO35YMa0A
VmrL1KmQMvE+jOYi2Xf4r2XW0lqzddHsMnPU9IsBZLlqSd3h7XDIojNfS7zdPzZL
ux+wPuOydqc=
=VWDy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/