Hello friends. After the past semester it has been a pleasure teaching you all. I hope you've enjoyed the wargames and materials as much as I have had building them. I've definitely enjoyed running all the tutorials and writing these challenges and hopefully you enjoy breaking webapps as much as I do after a semester of my sadistic tendencies. You have all been a wonderful cohort to teach and its been a very enjoyable semester.
The following exam should be challenging but also fun. All the challenges have working solver scripts, so don't tell me its unsolvable. If you're not sure on what to do, you already know what meme i'm going to post. I'll be online most of the time to help, but enjoy the exam.
If you would like to contribute to how the course is run in later years, please don't hesitate to fill in this feedback form. Its different to the one for cs6443, so don't worry.
Here are some spotify playlists so you can listen to them while you work:
kthx
sy
also thx from the entire team
norman, abhi, nina, ceyx, carey, sketch, clonsdale, grc, glem, bugcrowd.
- A contact page probably means there's an admin viewing your links
- If you manage to get code execution (not lfd), the flag will be at /flag
/etc/hostswill tell you what ip ranges/subnets you should look at- session challenge - maybe the solution isn't in the checksum.
- definitely jsonp injection - does the whitelisted host do anything.
- definitely oob injection challenge - flag is on a different host
- if you haven't eaten yet. burping makes this easier.
- awesome login - tutorial exercises may help.
- don't stop being creative with your scripts
- No bruteforcing is required for the auth challenge.
- The admin is logged in to their own profile when viewing links sent to them.
- You are not required to portscan for any of the challenges.
Is it possible to achieve the flag by interacting with that subdomain only
Yes. Each subdomain has its own flag. You may be required to chain vulnerabilities into the isolated network for that challenge, e.g. via ssrf etc. These domains will each have their own isolated network if needed for chaining. You will know when you get there.
do I need to dirbust for directories
no. Please don't. but if you do, my logs will show it. straight away, and i'll call you out.
Can the same vulnerability appear in multiple sites?
yes. You may have the same vulnerability across multiple domains.
Will the same vulnerability appear more than once in a single domain
no. No domain requires you to use multiple exploits of the same kind in a chain. e.g you won't be required to do something like XSS -> CSRF -> XSS -> XXE -> XSS.