freelancer hackthebox walkthrough

Hackthebox Freelancer walkthrough

Hackthebox freelancer is based on SQL injection. This CTF is pretty straight forward and gives learning about the SQLMap tool. Here is my way to get the flag from this CTF: The website is made out of bootstrap and php. I checked the contact form but couldn’t find anything, I was thinking at first of

Advertisements

SQL Injection on Base64 Encoded String Parameters

This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,

Advertisements
overthewire natas 14-15 3

OVERTHEWIRE NATAS SERIES: 14 – 15 LEVELS

You can find the level before this on this http://www.anonhack.in/2018/09/overthewire-natas-series-level-12-14/ The 14th level of overthewire natas is a typical SQL injection based level. In this level, we have to use SQL injection tactics in order to get the password for the 15th level. Let’s dive in: This screen will appear:  2. If you look in the

Advertisements
Advertisements
Advertisements
Advertisements
Advertisements
Advertisements

SQL Injection part 3: Identifying String Data or Numeric Data

This is my third post on SQL Injection, The first post SQL Injection part 1 was just a basic one to check if the SQL vulnerability exist on a certain website and SQL Injection part 2 shows how to exploit the SQL vulnerability. We inject SQL in three parameters, namely: String Data Numeric Data Query structure In

Advertisements

Kioptrix Level 2 Challenge Solution

Kioptrix Level 2 challenge was quite hard compared to the Kioptrix Level 1. we have to have the understanding the web application and should try different ways to finding vulnerability. Requirements: Vmware Kioptrix level 2 challenge Kali [strictly depends on your choice] So lets dive in: -> Nmap 192.168.0.1/24 So my Kioptrix machine has the

%d bloggers like this: