Skip to content

dagpunk/warsloth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
com/capstone
com/capstone
 
 
logs
logs
 
 
public
public
 
 
.gitignore
.gitignore
 
 
Deployment Process.pdf
Deployment Process.pdf
 
 
README.md
README.md
 
 
capstone_cobra-semifinals-round1.sql
capstone_cobra-semifinals-round1.sql
 
 
capstone_cobra-semifinals-round2.sql
capstone_cobra-semifinals-round2.sql
 
 
capstone_cobra.sql
capstone_cobra.sql
 
 
capstone_decepticons-semifinals-round1.sql
capstone_decepticons-semifinals-round1.sql
 
 
capstone_decepticons-semifinals-round2.sql
capstone_decepticons-semifinals-round2.sql
 
 
capstone_decepticons.sql
capstone_decepticons.sql
 
 
capstone_footclan-semifinals-round1.sql
capstone_footclan-semifinals-round1.sql
 
 
capstone_footclan-semifinals-round2.sql
capstone_footclan-semifinals-round2.sql
 
 
capstone_footclan.sql
capstone_footclan.sql
 
 
capstone_motherbrain-semifinals-round1.sql
capstone_motherbrain-semifinals-round1.sql
 
 
capstone_motherbrain-semifinals-round2.sql
capstone_motherbrain-semifinals-round2.sql
 
 
capstone_motherbrain.sql
capstone_motherbrain.sql
 
 
capstone_redfalcon-semifinals-round1.sql
capstone_redfalcon-semifinals-round1.sql
 
 
capstone_redfalcon-semifinals-round2.sql
capstone_redfalcon-semifinals-round2.sql
 
 
capstone_redfalcon.sql
capstone_redfalcon.sql
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
settings.php
settings.php
 
 

Repository files navigation

warsloth

Patriot Games Web Assets Repo for the Web Ops Team of Capstone, Inc.

This project was created for educational purposes and was used in the 2017 Cyber Patriot Games (CPG) at UT Tyler.

Design Goals

The design goals of the project were to create a set of websites with a variety of features that could be susceptible to hacking. Best practices in security were in many places ignored or outright opposed. This created the opportunity for CPG participants to identify and exploit these vulnerabilities. They also had the ability to harden their own websites, patching some of the glaring security holes.

Site Features

The features of the sites include:

  • username / password login system
  • 4-digit pin code login system
  • review system
  • file upload feature
  • search functionality that queried the database

Vulnerabilities

Some of the vulnerabilities of each system are identified below. There are many more possible that are not listed.

Username / Password Login System

Possible exploits:

  • SQL injection
  • Brute force attacks

4-Digit PIN Code Login System

Possible exploits:

  • Browser inspector code modification
  • Reverse engineering of hashing system to decode pin hashes
  • Brute force attacks

Review System

Possible exploits:

  • SQL injection
  • JavaScript code injection
  • XSS attacks

File Upload Feature

Possible exploits:

  • Overwriting of site files to vandalize or deliver malicious payloads

Search functionality

Possible exploits:

  • SQL injection

About

Patriot Games Web Assets Repo for the Web Ops Team of Capstone, Inc.

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages