(as) Non-developer friendly (as possible)
Ph.D. Student @ DIBRIS
Vulnerability Assessment of Web Applications
NEVER TRUST THE CLIENT
Submit a password longer than 10 characters
HyperText Transfer Protocol
Resource exchange over the Internet
Uniform Resource Locator
A reference to a resource on a network
and how to retrieve it.
authority := [[email protected]]host[:port]
Make the server accept your request
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
Challenge: get the original credentials!
Log in as “admin”
The zeneise book shop
“Stay home and send us money”
All challenges available at ZenHackAdemy
This one is really easy, just open the challenge and you’re done!
Purchase item “Barbie - Principessa dell’Isola Perduta” with any valid account.
Purchase the unavailable “Esami di Computer Security” with any valid account.
Purchase Incident Response with the [email protected] account.
Find all the hidden books
HINT: every book has a numeric ID