init

report/chapters/introduction.tex

@@ -0,0 +1,28 @@
+\phantomsection
+\addcontentsline{toc}{section}{Introduction}
+\section*{Introduction}
+\label{sec:introduction}
+
+This document is the result of the \gls{http} Response Splitting challenge \citep{website:challenge} resolution, proposed by the \textit{Root-Me} online platform\footnote{\url{https://www.root-me.org/}}.
+
+It contains all content that concerns the resolution of the challenge, including the reflections we had, the  problems we encountered and the attack definition with its exploitation. 
+
+We will start with the discovery of the initial conditions of the challenge, then we will do a technology check in order to find initial leads. After that, we will take a decision for the attack direction, and finally execute it. We will close this report by some mitigation techniques that could be useful to avoid such attacks for a sysadmin.
+
+Having organized a \gls{ctf} this year at the High-school of Engineering of Fribourg, I did not try a smaller challenge before the real one.
+
+\phantomsection
+\addcontentsline{toc}{subsection}{Context}
+\subsection*{Context}
+\label{subsec:Context}
+
+This report is the result of a practical work requested for the \textit{Ethical Hacking} course. It is given at the HES-SO MSE curriculum. The purpose or a \gls{ctf} challenge is to exploit or defend a vulnerability in a machine. A \textit{flag}, which is often a chain of characters, must be found in order to achieve the challenge. 
+
+Such exercise is useful for the Ethical Hacking course because it allows students to apply the theoretical topics studied.
+
+\phantomsection
+\addcontentsline{toc}{subsection}{Goal of the challenge}
+\subsection*{Goal of the challenge}
+\label{subsec:goal}
+
+There is just one goal for this challenge: we have to obtain an administrator access to the exposed website. This would prove to the developers that their website is not as secure as they think!