SQL injection hands-on for CTF beginners
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
app
bootstrap Initial commit May 13, 2018
challenges
config
database
public
resources
routes [update] enable flag submission May 15, 2018
storage
tests
.editorconfig
.env.example
.gitattributes
.gitignore
README.md
artisan
composer.json
composer.lock
package.json
phpunit.xml
server.php
webpack.mix.js
yarn.lock

README.md

Beginner-sqli

SQL injection hands-on for CTF beginners: http://beginner-sqli.m1z0r3.ctf.ryotosaito.com/

This repository consists of Laravel, a php framework.

Requirements

  • Laravel 5.6 Requirements
    • PHP >= 7.1.3
    • OpenSSL PHP Extension
    • PDO PHP Extension
    • Mbstring PHP Extension
    • Tokenizer PHP Extension
    • XML PHP Extension
    • Ctype PHP Extension
    • JSON PHP Extension
  • PHP Composer
  • FPM PHP Extension
  • MySQL Server
  • Nginx

Deployment

Prepare MySQL instance for tutorial7

Edit my.cnf.

cat << EOF > /etc/my.cnf
[mysqld@7.sqli]
datadir=/var/lib/mysqld/mysql.7.sqli
socket=/var/lib/mysqld/mysql.7.sqli/mysql.sock
log-error=/var/log/mysqld.7.sqli.log
pid-file=/var/run/mysqld/mysqld.7.sqli.pid
skip-networking
EOF

Prepare directory.

mkdir /var/lib/mysqld/mysql.7.sqli
chown mysql: /var/lib/mysqld/mysql.7.sqli

Run tutorial7 DB (ex. CentOS).

systemctl start mysqld@7.sqli
systemctl enable mysqld@7.sqli

If you haven't run MySQL server before, run submission DB (ex. CentOS).

systemctl start mysqld
systemctl enable mysqld

Clone repository

# cd to installation directory
git clone https://github.com/ryotosaito/beginner-sqli.git
cd beginner-sqli

Edit .env

cp .env.example .env

Edit .env APP_*, CHALLENGE_URL, CHALLENGE7_*.

  • APP_*
    • Flag-submission server
  • Challenge_URL
    • Problem server
  • Challenge7_*
    • Only challenge 7 uses MySQL that you have installed. So you must specify MySQL connection information.

Sample .env

APP_NAME="Beginners' SQLi"
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://your.submission.server.url

CHALLENGE_URL=http://your.problem.server.url

CHALLENGE7_DSN="mysql:dbname=m1z0r3;unix_socket=/var/lib/mysqld/mysql.7.sqli/mysql.sock"
CHALLENGE7_USERNAME=root
CHALLENGE7_PASSWORD=your_db_password

# This DB (submission DB) is differ from tutorial7 DB.
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=beginner_sqli
DB_USERNAME=root
DB_PASSWORD=your_db_password

Install dependencies

composer install

Install submission DB migration and initialize

php artisan migrate
php artisan db:seed --class=ChallengeSeeder

Generate Laravel app key

php artisan key:generate

Configure Nginx

Problem server

Example /etc/nginx/nginx.conf

server {
        listen 80;
        server_name your.problem.server.url;
        location / {
                root /path/to/beginner-sqli/challenges;
                index index.php;
        }
        location ~ \.php$ {
                root /path/to/beginner-sqli/challenges;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /path/to/beginner-sqli/challenges/$fastcgi_script_name;
                include        fastcgi_params;
        }
        location ~ \.sqlite$ {
                deny all;
        }
}

Submission server

See https://laravel.com/docs/5.6/deployment#server-configuration

Run server

php-fpm
nginx # or nginx -s reload