SQL Injection on Chief Dennis' Blog

Cockpit Offsec Walkthrough

Sun, 18 May 2025 13:07:16 +0100

Introduction Link to heading

SQL injection vulnerability Link to heading

A SQL Injection (SQLi) vulnerability is one of the most critical threatsin web applications that interact with databases. This vulnerability occurs when an application does not properly validate and sanitize user input before using it in SQL queries, allowing an attacker to manipulate these queries to access, modify, or delete data in the database.

Usage HTB Walkthrough

Wed, 29 May 2024 13:07:16 +0100

The Usage HTB machine is a madium difficulty level HackTheBox Machine. The main techniques and tools used to crack this machine are:

- Blind SQL injection with SQLmap
- Burpsuite
- Hash cracking with JohnTheRipper
- 7z Wildcard Spare exploitation

Reconnaissance Link to heading

We start a broad Nmap scan by executing the following command:

sudo nmap -sS -T5 -vvv -p- 10.10.11.18 -Pn -oG nmap_inicial

Where the arguments mean:

Monitored HTB Walkthrough

Sat, 17 Feb 2024 13:07:16 +0100

The Monitored HTB machine is a medium difficulty level HackTheBox Machine. The main tools and techniques used to crack this machine are:

 - Dirsearch
 - CVE-2023-40931
 - NMAP UDP scan
 - SNMP enumeration with SNMPwalk
 - JohnTheRipper
 - SQL injection with SQLmap

Reconnaissance Link to heading

We start a broad Nmap TCP scan by executing the following command:

sudo nmap -sS -T5 -vvv -p- 10.10.11.248 -Pn -oG nmap_inicial

Where the arguments mean:

Clicker HTB Walkthrough

Mon, 27 Nov 2023 13:07:16 +0100

The Clicker HTB machine is a medium difficulty level HackTheBox Machine. The main techniques used to crack this machine are:

- SQL Injection
- CRLF Injection
- Parameter Tampering
- PHP Reverse Shell
- Perl_startup Local Privilege Escalation

Reconnaissance Link to heading

We start a broad Nmap scan by executing the following command:

sudo nmap -sS -T5 -vvv -p- 10.10.11.232 -Pn -oG nmap_inicial

Where the arguments mean: