The Cluster bomb attack can be very useful when you need to use more than one payload. For instance, we are going to retrieve the administrator password via triggering conditional responses through SQL statement. We already know that the length of the password is 20 characters. Our statement is: ‘ AND (SELECT SUBSTRING(password,1,1) FROM users…
One of the most important things one can learn for hacking is getting comfy with programming. Python is a good language to start. Another very important aspect of hacking is – SEARCH ENGINES. It stands to reason to combine searching and programming. First, install the necessary library: This is how a request to google looks…
When we browse a web site, the first thing we often notice is its login pages. The more amateur hacker may try to brute-force it right away. However, the more experienced tester will think: are there any other authentication points to the same resource? The answer is often resoundingly YES! Modern applications often create alternative…
So what is de-serialization? What are serialization attacks? What is serialization? What is serial? Ok ok, hold your horses, kemosabe…will start from the beginning, this is serial: Now that the hard part is out of our way, lets start dissecting the rest. Common explanation: Serialization is merely representing object as a stream of bits and…
Lets say you found a security issue that allowed you to upload a PHP web shell into the application. We all have been through those simple php web shells: Classic! Or it can be hundreds of lines of more complex code. You then happily gallop to your shell to execute commands: http://your_url.com/?shell.php?cmd=dir And then something…
Often penetration testing engagements start with good old –*port scanning*–. Nmap is often the tool to use for it: nmap -p- [ip-address-here] –open -T3 -T argument is a parameter of time, and it is an important one. Here is the table illustrating different timing modes: Two important details from the table above: When this can…
Git is an open-source distributed version control system that is available to all kinds of users for free. Git tools work in conjugation with Git repositories. OK, now in human language…when you see a .git directory in a web app – it is good. It means the web app developer by mistake (or not?) deployed…
Hi everyone! Here is my second walkthrough. Let’s start with nmap: nmap -A 10.10.10.165 (We use -A flag for OS detection, version detection, script scanning and traceroute) As we can see, two ports are open: 22 – SSH, and 80 – HTTP. And we can notice the interesting web server nostromo 1.9.6. I suggest first…
It’s one of the easiest machines on Hack The Box which is good for beginners. Therefore I will try to explain my every step thoroughly. We will start from port scanning with nmap: nmap -A 10.10.10.242 -Pn (We use -A flag for OS detection, version detection, script scanning, traceroute and -Pn for not pinging the…
In one of the engagements I was assigned an interesting case. The web application was obviously vulnerable to SQL injection, but WAF (web-application firewalls) were blocking any data exfiltration attempts. So the question arose how to get data? But we will start from the beginning. One of the POST search parameters appeared to be vulnerable…
