0xshinPro0xshin.hashnode.dev·Apr 19, 2024SQLi Series - Intro to SQL Union Injection II - 041.Understanding Union-Based SQL Injection a) Explanation: Union-based SQL injection allows attackers to retrieve data from different tables within the database by appending a UNION SELECT statement to the original query. The UNION operator combines...DiscussCPTS Journeypentesting
Sky Davispayloadgiovanni.hashnode.dev·Apr 12, 2024Hydra-Password Hacking (Tryhackme Write Up)It's been awhile since I've done a TryHackMe room but I'm back ! I'm currently in school for Cyber Crime and Digital Investigations , however how can I solve a cyber crime if I don't know how criminal think ? Pentesting will give me the critical thin...Discusspentesting
0xshinPro0xshin.hashnode.dev·Apr 11, 2024SQLi Series - Intro to MySQL and SQL Injection - 01What is MySQL? MySQL is a popular open-source relational database management system (RDBMS) that uses Structured Query Language (SQL). SQL Injection SQL Injection is a code injection technique that exploits vulnerabilities in the database layer of an...DiscussCPTS Journeymysql tutorial
Jeremiah Liscummrliscum.com·Apr 10, 2024Subdomain Reconnaissance Made EasyThe information gathering phase of penetration testing is probably the most important part. This is where we build our understanding of the target, and get a general idea of how we may wish to attack. Subdomain reconnaissance is a critical skill to h...Discuss·35 readsWeb Development
0xshinPro0xshin.hashnode.dev·Apr 10, 2024Bruteforce Series - Bruteforce attack SSH and FTP - 03SSH Attack Overview Objective: Understand and execute a brute force attack on an SSH service using Hydra. Key Concepts and Skills Brute Force Attack: An attempt to crack passwords or keys through trial and error. Hydra: A powerful, multi-platform t...Discuss·72 readsCPTS Journeybruteforceattack
0xshinPro0xshin.hashnode.dev·Apr 9, 2024Brute-Force Series - Using Hydra to Brute Force Login Forms - 021. Understand the Target a. The example target is a login form for administrators on the website http://www.inlanefreight.htb b. Gaining access to the admin panel could allow executing OS commands on the server c. Want to find valid credentials wh...DiscussCPTS Journeypentesting
0xshinPro0xshin.hashnode.dev·Apr 8, 2024Brute-Force Series - Basic HTTP Authentication and Brute-Forcing /w Hydra - 01A. Basic HTTP Authentication Scheme Concept: It’s a method for an HTTP server to request authentication from a client, using a username and password. The credentials are sent in headers, encoded with Base64. Process: The client sends a request wit...DiscussCPTS Journeybruteforceattack
0xshinPro0xshin.hashnode.dev·Apr 7, 2024Fuzzing series - Parameter(GET/POST)/Value Fuzzing with Ffuf - 04Introduction to Parameter Fuzzing Parameter fuzzing is a technique used in web security to uncover hidden or undocumented parameters within web applications. These parameters, which can be part of either GET or POST requests, often reveal insights in...Discuss·1 likeCPTS Journeywebhacking
0xshinPro0xshin.hashnode.dev·Apr 6, 2024Fuzzing series - Vhost Fuzzing and filtering with Ffuf - 03Vhost fuzzing is a crucial technique for identifying both public and non-public sub-domains and virtual hosts (VHosts) that are served from the same server but do not have public DNS records. This document is structured to ensure clarity and thorough...DiscussCPTS Journeyfluf
Niccolo Lampathedatalife.com·Mar 31, 2024Hack The Box - UnifiedThis article discusses the solution for Hack the Box Unified Challenge tasks so proceed with caution. I would suggest that you try to solve it on your own as you will learn a lot in the process of attempting. Try to give it your all until you feel th...DiscussCTF