Today we will be solving Chill Hack Room of TryHackMe which is intermediate level CTF.So for this lets join the room and start the room .
Here we will start by scanning the room using nmap.
Command to be used:
sudo nmap -T4 -A ip_address
Today we will be doing Wgel CTF Lab of TryHackMe.
Here our task is to find two flags i.e. user flag and root flag .
Now lets deploy the machine and then scan the machine using either nmap or zenmap.
Here I will be scanning the website ip address through nmap using following command
nmap -A ip_address
Here flag -A means aggressive scan which includes OS detection,version detection, script scanning and traceroute
Here in this lab, we will learn to write our own shellcode so that we can write the shellcode for specific requirements.
Here we are using virtual machine from the SEED labs (Ubuntu 16 32 bit).
In our buffer overflow attack we learned how to use malicious into victim’s program’s memory and how to trigger the code. Today we will learn how to write our own malicious code.
For writing our own malicious code we have to use assembly language.The assembly code for launching a shell is known as shellcode. …
Today we will be doing Mr Robot CTF room of the tryhackme. Mr Robot is the CTF for beginner and intermediate level.
At first we have to download the openvpn file and connect to the tryhackme using openvpn. Process of connecting is shown in the Mr Robot CTF room.
Now first lets scan the given ip address using nmap/zenmap. If you are a beginner I recommend you to use zenmap as it is the graphical tool for nmap.
Here i will be using zenmap as it will be easy to demonstrate it .From …
Till now we have completed up to level 5 of redtigerlab were we have learned about Normal SQL injection,Blind SQL Injection,Login bypass using SQL Injection.
Today we will be looking into different approach of performing SQL Injection known as SQL Injection with nested query here in this type of SQL injection we have to send SQL query within a SQL query to perform the attack.
We will be doing level 6 of redtiger lab which covers the concept of SQL injection with nested query.
Here in level 5 our target is to find the first user in table level6_users with…
Till now we have completed up to level 4 of redtiger lab and learned various ways of performing SQL Injection to extract information.
Today in this part we will be completing level 5 of the redtiger lab.
Now lets first complete level 5 . In level 5 we have to bypass the login system and the hint given is that it is not Blind(which means error can be seen ) and the password is md5-encrypted.
Till now we have completed up to level 3.
Today we will be looking into variant of SQL Injection Known as Blind SQL Injection.
Blind SQL Injection is a type of SQL Injection attack where the HTTP responses do not contain the result of the relevant SQL query or the details of any database errors.
When an attacker exploits SQL injection, sometimes the web application displays error messages from the database complaining that the SQL Query’s syntax is incorrect but in case of Blind SQL injection web application doesn’t display any kind of error. …
Previously we have completed level 1 and 2 of redtiger lab.
Today we will be doing lab 3 .As the level goes up difficulty will also go up.
Here the task is to get the password of Admin and the hint given is try to get an error so we will try to get an error first.
For getting errors at first we click admin then a get request will be sent as shown below.
SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an applications send to its database.Thus allowing attackers to view data that they are not normally able to retrieve.Data might be of the users of the application or any other data that the application can access. SQL injection might be quite severe as attacker can modify or delete the data from the database of the application even can compromise the underlying server.
Today we will be performing basic SQL injection in lab of redtigers.
Here we will be doing level 1 and Level…
Before diving into buffer overflow attack let’s first understand what is buffer overflow.Buffer overflow is the condition that occurs when a program attempts to put more data in a buffer than it can hold . In this case buffer denotes a sequential section of memory allocated to contain anything from a character string to an array of integers.Buffer overflow(writing outside the boundary of allocated memory) can corrupt data,crash the program or can cause the execution of malicious code.
Let’s understand the anatomy of stack .