counter-strike case study - asianlaws.net...counter-strike is a modification (mod.) to valves...
TRANSCRIPT
Counter-StrikeCaseStudy
AsianSchoolofCyberLaws
Stage1:Footprintthesite
Stage2:Signupforanaccount
Stage3:Testtheforms
<formac)on=update_email.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='text'name='email'><br><inputtype=imagesrc=images/go.png></form>
<formac)on=update_password.phpmethod=post><inputtype='hidden'name='username'value='3457'><inputtype='password'name='password'><br><inputtype=imagesrc=images/go.png></form>
Conclusions
1. Whatarethevulnerabili)esintheCSsitethathavebeenmisusedbyhackerstocompromiseusercreden)als?
• Theupdate_emailandupdate_passwordformsarenotwelldesigned.
• Itispossibletochangetheemailorpasswordofanyotheruser.
Conclusions2.HowcantheCStechteamobtainevidencetotrackthehackers?• AnalysethelogstogettheIPaddressesofmemberswhohavechangedtheemail/passwordofotherusers.
• UseWHOISservicetoiden)fytheInternetServiceProviderswhocontrolthoseIPaddresses.
• Getcontactinforma)onofthesuspectsfromtherelevantInternetServiceProviders.