BurpSuite on Chief Dennis' Bloghttps://chiefdennis.github.io/tags/burpsuite/Recent content in BurpSuite on Chief Dennis' BlogHugoenSun, 18 May 2025 13:07:16 +0100Cockpit Offsec Walkthroughhttps://chiefdennis.github.io/posts/offsec_cockpit/Sun, 18 May 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_cockpit/<p><img src="https://chiefdennis.github.io/posts/offsec_cockpit/image0.png" alt="image"></p> <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="sql-injection-vulnerability"> SQL injection vulnerability <a class="heading-link" href="#sql-injection-vulnerability"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>A SQL Injection (SQLi) vulnerability is one of the most critical threatsin web applications that interact with databases. This vulnerability occurs when an application does not properly validate and sanitize user input before using it in SQL queries, allowing an attacker to manipulate these queries to access, modify, or delete data in the database.</p>Usage HTB Walkthroughhttps://chiefdennis.github.io/posts/htb_usage/Wed, 29 May 2024 13:07:16 +0100https://chiefdennis.github.io/posts/htb_usage/<p><img src="https://chiefdennis.github.io/posts/htb_usage/Scr_20.png#centre" alt="image"></p> <p>The Usage HTB machine is a madium difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:</p> <pre><code>- Blind SQL injection with SQLmap - Burpsuite - Hash cracking with JohnTheRipper - 7z Wildcard Spare exploitation </code></pre> <h2 id="reconnaissance"> Reconnaissance <a class="heading-link" href="#reconnaissance"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We start a broad Nmap scan by executing the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">sudo nmap -sS -T5 -vvv -p- 10.10.11.18 -Pn -oG nmap_inicial </span></span></code></pre></div><p>Where the arguments mean:</p>