tags: SQL / SQLi / MariaDB
Write-up: appointment_write-up.pdf
System: linux
Tasks:
- SQL: Structured Query Language
- One of the most common type of SQL vulnerabilities: SQL Injection
- PII: Personally Identifiable Information
- OWASP Top 10 classification name for SQL Injection: A03:2021-Injection
- Stadanrd port for the Https protocol: 443
- One luck-based method of exploiting login pages: brute-forcing
- Folder name in web-application terminology: directory
- Not Found errors response code: 404
- Switch used with Gobuster to discover directories and not subdomains: dir
- Symbol to comment part of the code: #
tags: SQL / MariaDB / Weak Password
Write-up: sequel_write-up.pdf
System: linux
Tasks:
- SQL: Structured Query Language
- Common port for the SQL service: 3306
- Community-developed MySQL: MariaDB
- Switch to specify a login username for the MySQL service: -u
- Username allowing to log into MariaDB without providing a password: root
- Symbol to query everything inside a table: *
- Symbol to end each query with: ;
tags: PHP FTP
Write-up: crocodile_write-up.pdf
System: linux
Tasks:
- nmap switch to use the default script during a scan: -sC
- FTP code for the "Anonymous FTP login allowed" message: 230
- Command to download files on an FTP server: get
- Web site analysis browser plug-in: Wappalyser
- Switch used with gobuster to specify specific filetypes: -x
tags: Enumeration / SAMBA / Apache / WinRM
Write-up:
System: windows
Tasks:
- Example of a value exploiting a Local File Include (LFI) vulnerability: ../../../../../../../../windows/system32/drivers/etc/hosts
- Example of a value exploiting a Remote File Include (RFI) vulnerability: //10.10.14.6/somefile
- NTLM: New Technology Lan Manager
- Flag to specify the network interface in the Responder utility: -i
- Tools that take a NetNTLMv2 challenge/response and try millions of passwords : John the Ripper
- Windows service to remotely access the Responder: 5985 - WinRM 2.0 (Microsoft Windows Remote Management)
tags: PHP / Web Fuzzing
Write-up: ignition_write-up.pdf
System: linux
Tasks:
- 3-digit HTTP status code returned: 302 (Resource temporarily moved to the URL given by the Location header)
- Full path to the host file on a Linux computer: /etc/hosts
tags: SMB / Javascript / SSTI
Write-up: bike_write-up.pdf
System: linux
Tasks:
- Name of the vulnerability tested by submitting {{7*7}}: Server Side Template Injection
- Name of the BurpSuite tab to encode text: Decoder
- To send special characters in an HTTP request, the type of encoding for the payload is: URL
- Top level scope variable in NodeJS: global
tags: Java / Attacks/Weak Password
Write-up: pennyworth_write-up.pdf
System: linux
Tasks:
- CVE: Common Vulnerabilities and Exposures
- CIA: Confidentiality, Integrity, Availability
- Type of script accepted as input on the Jenkins Script Console: Groovy
- If the Target VM was running Windows, the "String cmd" variable from the Groovy Script snippet would be: cmd.exe
- Other command than "ip a" to display the network interfaces' information on Linux: ifconfig
- Netcat switch for UDP transport mode: -u
- Term used to describe making a target host initiate a connection back to the attacker host: reverse shell
tags: SMB / Weak Password
Write-up: tactics_write-up.pdf
System: windows
Tasks:
- Nmap switch for enumerating machines when the packets are blocked by the Windows firewall: -Pn
- SMB: Server Message Block
- SMB port: 445
- List shares with smbclient: -L
- Character at the end of a share name indicating an administrative share: $
- Command for downloading the files on the SMB Share: get
- Tool part of the Impacket collection to get an interactive shell on the system: psexec.py