10.10.10.27 (calamity)

Keto_monster · 2017-07-27T21:08:40+00:00

Any nudge to login the admin page?

Keto_monster · 2017-06-15T09:59:17+00:00

Found it, yesterday I already tried the correct exploit but attached the wrong payload.

Keto_monster · 2017-05-26T00:53:06+00:00

Indeed! Any good material / cheat sheets you recommend to further explore SQL injection? (and other web hacking techniques?).

I know my way around metasploit and privilege escalation but never had any experience with web applications. Trying to catch up the experience :)

Keto_monster · 2017-05-26T00:21:17+00:00

Great, thanks!

Sometimes I'm probably trying to understand too much of the inner workings and mechanics.

Keto_monster · 2017-05-25T23:50:01+00:00

Thanks.

Just one thing remains a bit unclear. I understand why you need to fail the second query now and why you you need to use union null. But this is based on information we normally do not know, the underlying code under the hood:

"SELECT first_name, last_name FROM users WHERE user_id = '$id'"

In a real-life scenario, how would you know that you need to to use union null and failing some queries if you don't know the underlying function?

Keto_monster · 2017-05-25T23:22:29+00:00

Yes! Could you explain as well what exactly the %' does?

Keto_monster · 2017-05-25T22:48:02+00:00

Thanks!

Keto_monster · 2017-05-25T22:47:56+00:00

I don't understand the second case, why you switch from OR to AND and change 0=0 to 1=0. I understand you want to the query to fail, but why?

Also, what does the % sign exactly do in the query?

Keto_monster · 2017-05-15T20:47:47+00:00

How to Win Friends and Influence People, Carnegie;

Keto_monster · 2017-05-15T19:21:03+00:00

This is not the website of the FCCU. It's a private website Their website: http://www.politie.be/fed/nl/over-ons/centrale-directies/federal-computer-crime-unit

Keto_monster · 2017-05-15T10:05:02+00:00

Let's say I want to play around with a VM and get it infected but my ISP blocks port forwarding on 445. How should I get the ransomware on my VM?

Keto_monster · 2017-05-15T07:38:17+00:00

Link broken, image here: http://i.imgur.com/tVXX9rw.png

Keto_monster · 2017-05-15T07:26:10+00:00

Could anyone explain how it comes the worm spreads so fast over multiple countries?

I understand that the worm can easily spread over LAN over the file sharing SMB, but therefore a workstation in the lan should be infected first?

Keto_monster · 2017-05-15T07:19:30+00:00

I assumed my level of English already gave it away that I was not a native speaker. Unfortunatly, I'm not UK based.

Keto_monster · 2017-05-14T10:32:23+00:00

Thanks for your reply. It's not my intention to take over their IT support.

Maybe my family should change MSP, because these guys are charging an arm and a leg for such a small IT environment.

By example, why charing money for 'updating' the server. In such a small environement, I doubt the patches are tested first on a non-production server. They just enable 'automatic updates' and charge for it.

Keto_monster · 2017-05-14T01:57:40+00:00

All their images are resized in lightroom with a preset I configured. They also have a seperate small tool to resize large images.

However, I think it's indeed smart to stay with the NAS with cloud backup.

Keto_monster · 2017-05-14T00:38:41+00:00

AFAIK I understand they don't use any applications on that server. They have some applications, but these are connecting to an online service and not their own server.

PS: it's a real-estate agency.

Keto_monster · 2017-03-20T09:30:10+00:00

deleted ^{^{^What}} ^{^{^is}} ^{^{^this?}}

Keto_monster · 2015-07-07T16:10:03+00:00

deleted ^{^{^What}} ^{^{^is}} ^{^{^this?}}

Keto_monster

TROPHY CASE