Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Counter-StrikeCaseStudy
AsianSchoolofCyberLaws
Stage1:Footprintthesite
Stage2:Signupforanaccount
Stage3:Testtheforms
<formac)on=update_email.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='text'name='email'><br><inputtype=imagesrc=images/go.png></form>
<formac)on=update_password.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='password'name='password'><br><inputtype=imagesrc=images/go.png></form>
Conclusions
1. Whatarethevulnerabili)esintheCSsitethathavebeenmisusedbyhackerstocompromiseusercreden)als?
• Theupdate_emailandupdate_passwordformsarenotwelldesigned.
• Itispossibletochangetheemailorpasswordofanyotheruser.
Conclusions2.HowcantheCStechteamobtainevidencetotrackthehackers?• AnalysethelogstogettheIPaddressesofmemberswhohavechangedtheemail/passwordofotherusers.
• UseWHOISservicetoiden)fytheInternetServiceProviderswhocontrolthoseIPaddresses.
• Getcontactinforma)onofthesuspectsfromtherelevantInternetServiceProviders.