-
OVERTHEWIRE NATAS SERIES: 18 – 19 LEVEL Walkthrough
OVERTHEWIRE NATAS level 18-19 is based on session bypass. We have to login as admin without any credentials, in such cases we can look for the session value and try to change it because that’s the only way in after there is no credentials. So let’s do this. The code for the natas 18-19 level…
-
HTML Injection Reflected (POST) Level medium: Bwapp
This article will guide you on how you can bypass the POST reflective HTML injection in Bwapp. This is similar to the GET request and again we don’t need burpsuite as a mandatory tool. It can be easily done with the help of a browser. I have used firefox with hackbar tool called URL encoder,…
-
What to do after SQL injection: Finding Admin Panel
We have already talked about Error Based SQL Injection. If you missed my article on that here is the link: http://www.anonhack.in/2018/04/sql-injection-part-4getting-admin-password/ The question that arises after getting the username and MD5 hash as password is “where do you use those credentials?” The answer to this is simple if there is a user table with password, there…