commit 769d5d6835fe46caaeeaa35322c0079bda6e94d0
parent 826d6f76017bd6056636dc18525508c49e8e2a93
Author: Jackson G. Kaindume <kaindume@kwatafana.org>
Date: Thu, 1 Sep 2022 21:21:41 +0200
add book
Diffstat:
6 files changed, 75 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,2 @@
*~
target/
-book/
-case_studies/
-\ No newline at end of file
diff --git a/book/.gitignore b/book/.gitignore
@@ -0,0 +1 @@
+book
diff --git a/book/book.toml b/book/book.toml
@@ -0,0 +1,6 @@
+[book]
+authors = ["Jackson G. Kaindume"]
+language = "en"
+multilingual = false
+src = "src"
+title = "h4"
diff --git a/book/src/SUMMARY.md b/book/src/SUMMARY.md
@@ -0,0 +1,4 @@
+# Summary
+
+- [Apache](./apache.md)
+- [hackthissite](./hackthissite.md)
diff --git a/book/src/apache.md b/book/src/apache.md
@@ -0,0 +1,15 @@
+# Apache
+
+> The Apache HTTP Server Project is an effort to develop and maintain
+> an open-source HTTP server for modern operating systems including
+> UNIX and Windows. The goal of this project is to provide a secure,
+> efficient and extensible server that provides HTTP services in sync
+> with the current HTTP standards.
+
+> The Apache HTTP Server ("httpd") was launched in 1995 and it has
+> been the most popular web server on the Internet since April 1996.
+> It has celebrated its 25th birthday as a project in February 2020.
+
+## Ref
+
+- <https://www.feistyduck.com/library/apache-security/online/index.html>
diff --git a/book/src/hackthissite.md b/book/src/hackthissite.md
@@ -0,0 +1,49 @@
+# CTF Writeups
+
+## Hack This Site
+
+### Realistic
+
+1. [Difficulty rating: Easy](https://www.hackthissite.org/missions/realistic/1/index.php)
+
+> From: HeavyMetalRyan
+>
+> Message: Hey man, I need a big favour from you. Remember that
+> website I showed you once before? Uncle Arnold's Band Review Page?
+> Well, a long time ago I made a $500 bet with a friend that my band
+> would be at the top of the list by the end of the year. Well, as
+> you already know, two of my band members have died in a horrendous
+> car accident... but this ass hole still insists that the bet is on!
+> I know you're good with computers and stuff, so I was wondering, is
+> there any way for you to hack this website and make my band on the
+> top of the list? My band is Raging Inferno. Thanks a lot, man!
+
+If we visit the challenge's [webpage](https://www.hackthissite.org/missions/realistic/1/index.php)
+we see a page. The interesting parts of the page are the 5 sections
+of the 5 bands, the bands are ordered the top to bottom with the best
+band being on top and the worst being at the bottom of the list.
+
+Each section contains an HTML form, here is the form for the top band
+(Imposing Republic):
+
+```html
+<form action="v.php" method="get">
+ <input type="hidden" name="PHPSESSID" value="abcaeadfc31a5c43b2534bf995c0553f">
+ <input type="hidden" name="id" value="4">
+ <select name="vote">
+ <option value="1">1</option>
+ <option value="2">2</option>
+ <option value="3">3</option>
+ <option value="4">4</option>
+ <option value="5">5</option>
+ </select>
+ <input type="submit" value="vote!">
+</form>
+```
+The form sends a `GET` request, this means that the form data will be
+appended to the URL in key/value pairs, this it looks for the first
+form:
+
+</v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=4&vote=1>
+
+Where PHPSESSID is the session ID, id
