Recent Posts



Category Archives: What Did I Learn Today

One Rule to Rule Them All

Password cracking is a staple part of pentesting and with a few exceptions, dictionary/rule based attacks are the predominant method in getting those ever-elusive plain text values. Cracking rigs have afforded pentesters and blackhats alike the ability to throw a few graphics cards at some hashes and achieve phenomenal speeds,

Read more

SQL Injection And UTF 7 encoding

Query:- There is a web application vulnerable to SQL Injection, but the web server has added protection like magic_quotes or the application calls the function add_slashes, which means i can't insert  a single quote and thus cant exploit a SQL Injection. The injection point is in a string field. Does

Read more

Ten Cents

Some information about MS-SQL server. You may find this info useful for exploiting SQL injection: Finding Table Names: Donot use:- Select name from sysobjects where xtype=’U’ Use:- SELECT table_name FROM INFORMATION_SCHEMA.TABLES [WHERE table_schema = ‘db_name’] [WHERE|AND table_name LIKE ‘wild’] The first query will only return the table names which belong

Read more

MySql default [insecure] installation in debian

i recently updated my MySql server and i am currently using the version.5.0.38-Debian_1-log If you ever wondered how MySql saves data on your hard disk, then this is best explained here. I will quote from the same website “Each database is a directory, with each table stored in a separate

Read more

Abusing Trackback utility

I was researching a bit into the wordpress trackback utility. This is how it works: You submit a post with trackback urls, and when you publish the post, the wordpress sends out a request to the URL you mentioned in the trackback URLs. Essentially this happens in the background. You—–>

Read more