- Project Description
In this project, you need to hack Bob’s personal blog, and find his intimate picture. You could visit Bob’s blog at http://
22.214.171.124:xxxxx/blog/. There are some posts and information about Bob, and you may also find some interesting posts related to this project.
- Project Guide
In this paragraph, we provide some useful terms and skills which are highly related to this project.
- txt: We use robots.txt to inform the search engine crawlers or robots about which files or path of the website should not be scanned or accessed.
- Temporary files: Sometimes, the temporary file may leak some important information to the intruders.
- Frequency analysis: Some weak encryption algorithm can be broken by using frequency analysis.
- Hash collision: If we can find an input x for a given hash function h and hash digest d, such that h(x) = d, it’s called hash collision.
- MySQL: MySQL is a very famous SQL database. Bob uses MySQL as the backend database system for his blog.
- PHP: PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world. — PHP Official Website
Each student must work individually and submit a .zip file, named by “<YOUR_STUDENT_ID>.zip”, for example “0656001.zip”, containing:
- Any source code or program you used in your project. (For online tool, please provide the URL of the online tool.)
- The intimate picture you found after you hack into Bob’s blog. (Right click the image and save the original image as a single file. No compression or quality lost is allowed!)
- A report, contains
- The steps and details of your hacking.（Briefly explain the concept and idea.)
- What have you learned?
- How to prevent or patch these vulnerabilities?