-
PRACTITIONER – Blind XXE with out-of-band interaction
In this lab, we’re dealing with a blind Server-Side Request Forgery (SSRF) triggered through an XXE (XML External Entity) injection. The attack is considered blind because the application does not return the response from the injected payload in the HTTP response. However, we can still verify the vulnerability by triggering… Continue ⇢
-
APPRENTICE – Exploiting XXE to perform SSRF attacks
When XML input is processed insecurely, it can lead to much more than just file disclosure. In some scenarios, it allows for Server-Side Request Forgery (SSRF) — where the server itself is tricked into making requests to internal services that are otherwise unreachable from the outside world. In this lab,… Continue ⇢
-
APPRENTICE – Exploiting XXE using external entities to retrieve files
Some web applications accept and parse XML input — a structured format often used for data exchange. However, if the XML parser is not securely configured, it may allow attackers to define external entities, opening the door to XML External Entity Injection (XXE) attacks. In this lab, we’ll exploit such… Continue ⇢
-
PRACTITIONER – SQL injection attack, listing the database contents on non-Oracle databases
Begin by launching the lab environment with Burp Suite actively intercepting your traffic. You’ll arrive at the familiar shopping page showcasing various products. Our objective is to identify the SQL injection vulnerability, which resides within the product category filters. Choose any category from the list to start your testing. First,… Continue ⇢
-
PRACTITIONER – SQL injection attack, querying the database type and version on MySQL and Microsoft
This lab can be completed using a process very similar to the previous exercise. However, there’s a key difference: this time we know the underlying database is either Microsoft SQL Server or MySQL. The primary distinction is in the query syntax required for these database systems. In practical engagements, you… Continue ⇢
-
PRACTITIONER- SQL injection attack, querying the database type and version on Oracle
In this exercise, we’ll delve into SQL injection (SQLi) methods to determine which relational database management system (RDBMS) the target website employs. Identifying the specific database technology is essential, as different databases interpret SQL syntax and functions in unique ways, requiring tailored queries. You can refer to the accompanying cheat… Continue ⇢
-
APPRENTICE – SQL injection vulnerability allowing login bypass
The key to solving this lab lies in identifying that the username parameter is vulnerable to SQL injection. To successfully complete this lab, it is essential to recognize that the username parameter is susceptible to SQL injection attacks. A common initial test involves submitting a single quote (‘) in the… Continue ⇢
-
APPRENTICE – SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
In this exercise, you’ll be working with a basic e-commerce platform that lists multiple products. These items are managed through a backend database and can be displayed or organized using different filtering options provided by the site. The goal of this exercise is to manipulate the application so that it… Continue ⇢
-
Getting Started with Kali NetHunter
In the ever-evolving landscape of penetration testing and Red Team operations, having a portable, stealthy, and capable toolkit can be a game-changer. Enter Kali NetHunter — a powerful Android-based penetration testing platform maintained by Offensive Security. Whether you’re looking to run quick scans from your phone, perform HID attacks, or… Continue ⇢
You must be logged in to post a comment.