Pen-Testing Comps
Wednesday, 10 January 2024

+ natas debrief (and any leftover bandit)
- Hints woulda been nice
- More info later levels
- Trying to understand instead of just using toys
- 

+ HTTP techniques
- Burp Suite proxy tool
    observing and modifying HTTP queries in-flight
- Difference between GET and POST
- Techniques with curl
    GET requests
    POST requests, including POST data
    set headers with -H
    funnel through Burp with --proxy

+ Some Web security vulnerability classes
- Directory traversal
- Local file inclusion (distinct from but similar to directory traversal)
- Remote file inclusion
- Command injection
- File upload attack
- SQL injection

+ For Friday & Monday
- Small group with one of the above web security topics 
- Volunteer if you think you can be ready by Friday
- Read up on your topic
- Create a demo using Kali as the target and your host computer as the attacker
    - use PHP (as opposed to python, node.js, etc.) if your vulnerability involves
        server-side code execution
    - use postgres if your vulnerability requires a database
- Prepare a presentation (10 minutes or less)
    - explain how your vulnerability works
    - perform your demo
    - explain what setup was required to make the demo go

==== test.php ====

<!DOCTYPE html>
<html>
<head><title>Whatever</title></head>

<body>
<div style="background-color: orange">
<?php
    $user = $_REQUEST['user'];
    $user2 = $_GET['user'];
    $user3 = $_POST['user'];
    
    echo "Hello there, $user/$user2/$user3";

    echo "\n<br>\$_REQUEST:<br>";
    print_r($_REQUEST);
    echo "\n<br>\$_GET:<br>";
    print_r($_GET);
    echo "\n<br>\$_POST:<br>";
    print_r($_POST);
    echo "\n<br>";
?>
</div>

</body>