Posts

Showing posts from January, 2013

Creation of a Simple CTF Scoreboard and DB

I created a simple PHP/MySQL Capture the Flag Scoreboard / Flag Submission web app.  It is simple and vulnerable to web exploits.  I designed this for a CS4740 class that I am teaching as we are learning Metasploitable.

Create MySQL Database and Tables for the CTF
create database ctf;




create table flagsFound(flagID VARCHAR(8) NOT NULL PRIMARY KEY, finderID INT);




create table students (studentID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(40));




create table flagsDB(flagID INT NOT NULL AUTO_INCREMENT PRIMARY KEY, studentID INT, flagChecksum VARCHAR(50));
Populate Table with Participants insert into students VALUES (1,"Ann");

insert into students VALUES (2,"Bob");

insert into students VALUES (3,"Curt");

insert into students VALUES (4,"Dan");


Create Text File with Flags and Call it flags.txt Make it with 2 columns of data the owner of the flag and the keyword 1 Asteroid 2 You 3 Red 4 Blue …
Create and Run Simple Bash Script to Populate SQL File for f…

Python or Perl Quick Notes on Creating a String

To use python from the command line to create a string of characters:

python -c 'print "A"*5' - This will print a string of 5 A's

To use perl from the command line to create a string of characters:

perl -e 'print "A"x5 - This will print a string of 5 A's


Comparing 2 Nessus Scans

I had to face a challenge today of comparing 2 nessus reports and identifying the progress made towards fixing the vulnerabilities.

First, I used nessus to export each report respectively to a csv file.

Second, I removed the first line of the csv file.

Third, I built 2 tables to accept the input with the following sql respectively:

create table nessusScan1(pluginID INT, CVE VARCHAR(40), CVSS VARCHAR(40), risk VARCHAR(40), ip VARCHAR(40), protocol VARCHAR(40), port INT, name mediumblob, synopsis mediumblob, description mediumblob, solution mediumblob, pluginoutput mediumblob);

create table nessusScan2(pluginID INT, CVE VARCHAR(40), CVSS VARCHAR(40), risk VARCHAR(40), ip VARCHAR(40), protocol VARCHAR(40), port INT, name mediumblob, synopsis mediumblob, description mediumblob, solution mediumblob, pluginoutput mediumblob);

Forth, I inserted the data from the csv file into the respective table:

load data local infile 'Nessus1.csv' into table nessusScan1 fields terminated by ',…