Brief introduction of what SQL injection(SQLi) is, how it works, its effects, and a few preventive measures against SQLi. — What? SQL injection is a web security vulnerability, in which an attacker injects malicious code or query which poisons SQL statements to comment out certain parts of the statement or appending a condition that will always be true (1 = 1) to modify the database or retrieve data that a normal…

Complete walkthrough of HackMyVm machine — Pwned. — URL: https://hackmyvm.eu/machines/machine.php?vm=Pwned First, let’s start off by doing a nmap scan to check the open ports. nmap -sV -oA /home/kali/Pwned_scan.txt 192.168.0.1/24 -sV : User to get the service/version info of the open ports -oA : Outputs the nmap scan results in the given file location So 3 ports are open…

Complete walkthrough of HackMyVm machine — Gift. — URL : https://hackmyvm.eu/machines/machine.php?vm=Gift Let’s start off by running a network scan using nmap. nmap -sV 192.168.0.107 -sV : Probe open ports to determine service/version info We can find 2 ports open Now let’s start with the ssh port To find out the password we have to brute force, for this, we can use hydra. hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.0.107 ssh

HackMyVM venus — wargame HOW TO with images Mission 21 now let’s copy the file to our home directory in our local system scp -P 5000 iris@venus.hackmyvm.eu:~/eloise ~/

Venus — Mission 10 to 20, HOW TO with images — Mission 10 cat passy | grep -i "^a9HFX" grep is used to find strings in a text file -i is used to match strings irrespective of the case(lower or upper) ^ used to denote the start of the string

Chapter 1: Venus — Mission 1 to 10 — This can be found here Host: venus.hackmyvm.eu Port: 5000 User: hacker Pass: havefun! let's login using ssh hacker@venus.hackmyvm.eu -p 5000 description ssh user@host -p (port number) after logging in: Mission 1

A brief about Cross-Site Scripting (XSS), what it is, how it is caused, types, and a few ways of preventing it. — Introduction Cross-Site Scripting (XSS) is a web security vulnerability, where an attacker injects inserts malicious scripts into legitimate websites. It is a client-side code injection and can exist wherever there is a user input to the website. What? A successful XSS can be carried out when there are flaws in the written…

Complete solution and explanation of natas level 8 — Level 7 → Level 8 URL: http://natas8.natas.labs.overthewire.org/ here we find a box, where we can input some data (numbers, alphabets, symbols) let’s try what it does by giving a random input say “passwd”, it says Wrong secret now let’s view the source code Oops, we can see the steps or ways in which our input…

Complete solution with the explanation of natas level 6and level 7 — Natas Level 5 → Level 6 URL: http://natas6.natas.labs.overthewire.org now this time we have something different, an input field. so to test what this does, let’s just click submit….this throws a “wrong error” message. okay, now let’s view the source code so we can find a php code, which takes in values from the input field (form)…