Exploiting phpMyadmin: How to Get root in 15 Easy Steps
Welcome to the new world in security. It used to be all about network devices and services. However, thanks to the evolution of the firewall and IDS, the concept of border security has changed. In this new world of security, the edge has been redefined. Firewalls: host-based protection; wireless devices: so old school. In the 21st century, hackers are focused on web applications, and that is exactly why we decide to provide you with this real-world illustration of a how a simple overlooked account can lead to root access.
The Collegiate Cyber Defense Competition (CCDC) is designed to give college and university students an extreme taste of what it feels like to be a system/network administrator. The competitors are provided a small network of servers/desktops that host a wide range of applications, many of which are insecure. To raise the stress level and encourage teamwork, the students not only have to update and lock down their systems but they have to do it while a group of hackers are doing their best to infiltrate the network. In addition to all this, the teams are tasked with “business injects” that range from simple chores like the addition of an account to the difficult, such as programming a web application from scratch. For more information on these events and how they play out, check out the following links:
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- A Student-Hacker Rematch at the Second Annual Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
The information discussed in these articles is the result of one such CCDC event in which I served as a member of the red cell. Thanks to Paul Assadorian of Pauldotcom.com and Rob Fuller of mubix.com for their assistance at the CCDC, to White Wolf Security for creating and maintaining the gaming environment, and to CyberWATCH and Baltimore Community College for supporting and hosting the event.