Counter-StrikeCaseStudy

AsianSchoolofCyberLaws

Stage1:Footprintthesite

Stage2:Signupforanaccount

Stage3:Testtheforms

<formac)on=update_email.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='text'name='email'><br><inputtype=imagesrc=images/go.png></form>

<formac)on=update_password.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='password'name='password'><br><inputtype=imagesrc=images/go.png></form>

Conclusions

1.  Whatarethevulnerabili)esintheCSsitethathavebeenmisusedbyhackerstocompromiseusercreden)als?

•  Theupdate_emailandupdate_passwordformsarenotwelldesigned.

•  Itispossibletochangetheemailorpasswordofanyotheruser.

Conclusions2.HowcantheCStechteamobtainevidencetotrackthehackers?•  AnalysethelogstogettheIPaddressesofmemberswhohavechangedtheemail/passwordofotherusers.

•  UseWHOISservicetoiden)fytheInternetServiceProviderswhocontrolthoseIPaddresses.

•  Getcontactinforma)onofthesuspectsfromtherelevantInternetServiceProviders.