It’s no secret that the internet can be a dangerous place. Every day, countless cyberattacks are launched against individuals, businesses, and governments. In the face of such threats, there is a growing demand for skilled hackers who can help defend against these attacks. But how does one become a hacker? What tools and resources are […]
The Bug Hunter’s Methodology V4
Since I am participating in Bugcrowd’s October Challenge Month I thought I would present to you the ever awesome @jhaddix’s bug hunter methodology talk from this year’s DefCon Red Team Villiage. He’s been giving and revising this talk for many years and this is an awesome version. As I work on my own project fro […]
Kioptrix Level 1 easy root
I’m taking The Cyber Mentor’s Practical Ethical Hacking Course on Udemy and during the scanning and enumeration chapter, we started scanning Kioptrix Level 1. I’ve played around with Kioptrix before and was already prepared to root the machine in a quick two-step, even though that’s not part of the section. To do this root, you’ll […]
sqlmap full scan plus tamper scripts to evade WAF
Just a small note related to sqlmap culled from working on a CTF style challenge. Not all the tamper scripts in jhaddix’s helpful attack string are still working. Current working command: sqlmap -u http://192.168.1.1 –level=5 –risk=3 -a –text-only –technique=BU –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords –random-agent