This is the 2nd blog out of a series of blogs I will be publishing on retired HTB machines. Let’s get started! Enumeration As the first step, let’s run an initial nmap scan to find which ports are open and which services are running on the open ports. nmap -sC -sV…

This is the first blog of the series of blogs I will be publishing on retired HTB machines. Let’s get started! Enumeration As the first step, run a nmap scan to find which ports are open and which services are running on those ports. nmap -sC -sV 10.10.10.68 We get the…

As we discussed in preceding Lab exercise, Blind SQL injection is a type of SQL injection attack that asks the database true or false questions and determines the answer based on the application’s behavior.In some cases, you may be injecting a subquery or a batched query whose results are not…

In many cases of SQL injection, the application does not return the results of the injected query to the user’s browser, nor does it return any error messages generated by the database. In such a situation you can use many techniques to retrieve arbitrary data from the database. …

Your ultimate goal of attacking a web application is to extract interesting data from the database. To do that, you must gather some information about the database. Such as, Database type and version Names of the tables and columns that contain the data you want to access. Different databases have…

Consider a situation where the original query returns multiple columns from the target table. Instead of checking each column to determine which column contains the data type string, You can easily retrieve multiple values within a single column by concatenating the values together. …

Once you have identified the number of columns required in your injected query, and have found which column can hold string data, you are in a position to extract interesting data. However you need to know the column names and table name containing the data that you are targeting to…

Having identified the required number of columns in the previous blog, your next task is to discover a column that has a string data type so that you can use this to extract arbitrary data from the database. You can do this by injecting a query containing NULLs, as you…

UNION Operator UNION operator used in SQL to combine the results of two or more SELECT statements into a single result set. When an application contains a SQL injection vulnerability that occurs in a SELECT statement and the results of the query are returned within the application’s response, you can use the…