There is no excerpt because this is a protected post.
Introduction I attempted this retired machine without reading the htb guides, I went through a lot of rabbit holes and eventually found that the oracle tns port 1521 is the entry point. On testing the silo machine I found that it is susceptible to tns poisoning, searching on the web I found this invaluable article … Continue reading [hackthebox]Silo
Blind SQL injection A web application that is vulnerable to SQL injection may display SQL error that looks like this:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1. This error provide information that this web … Continue reading Test blind sql injection
Target = DVWA version 1.0.7 nmap the target The -sS is to use TCP syn, -sV is to find out the version of the service, -Pn is to disable ping to save time, -v(or multiple vs) is for verbose output. From the nmap we know that the dbms is mysql. SQLmap Manual injection The strange … Continue reading Test for sql injection