Exploit Development for Beginners

2:30 - 4:00 PM

Scoreboard


Workshop Description

Participants will hack into a series of vulnerable servers and get onto Winners boards. These challenges require nothing but a Web browser, Java, and Burp, so you can use any OS.

Equipment Students Will Need to Bring

Participants need a computer that run a Web browser and Java.

Challenges

Easy

Command Injection Projects
1. Ping Form (10) Winners
2. Buffer Overflow (20) Winners
3. ImageMagick (30) Winners

Intermediate

4 & 5. SQL Injection (30, 50) Winners 4
Winners 5
6. Client‑Side Validation (30) Winners 6.1
Winners 6.2
Winners 6.3
7. SAML Forgery (50) Winners
8. Blind Injection (10, 5, 15, 30) Winners 8.1
Winners 8.2
Winners 8.3
Winners 8.4
9. Logic (10) Winners

Other Projects

Basic SQL

CodeCademy SQL Lesson

SQL Injection Attack and Defense

Installing SQLol
SQLi: Attacking with Havij and Defending with Input Filtering
Exploiting SQLi with sqlmap
Fixing MySQL with Parameterized Queries

Games and Cybercompetitions

Password Guessing Games
PicoCTF
Bandit Challenges
CTFTime

Updated 4-7-18 3:56 am
Links fixed 5:58 pm 4-7-18