In this post we will walk step by step on how to solve SQL injection vulnerability in WHERE clause allowing retrieval of hidden data on PortSwigger. This labs difficulty is Apprentice and is the first lab in the SQL Injection labs on Portswigger. Link to lab: https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data To begin the
Continue readingCat Pictures 2: Write-Up (TryHackMe)
This is a WriteUp on how to complete the room Cat Pictures 2 on TryHackMe. Note* I used Kali Linux to complete this room. The IP address of my room was 10.10.82.163, so that will be the IP you see in the write-up. Replace 10.10.82.163 with the IP of your
Continue readingCross-Site Scripting WAF and Filter-Evasion Bypassing
This blog post contains information on tips and techniques to help bypass filters and Web Application Firewalls (WAFs) with Cross-Site Scripting (XSS) Payloads. We can leverage a simple pop-up to show a proof-of-concept in the examples. I will use DVWA, Kali Linux, and Burp Suite in this tutorial. While I
Continue readingFinding Vulnerabilities with Burp Suite Intruder and Repeater (Community Edition)
Burp Suite is a set of tools used to perform Web Application Pentesting. In this guide I will show you how to leverage the free (community) edition to help find vulnerabilities in web applications. We will utilize Burp Suites Repeater and Intruder functionality along with word lists from SecLists. I
Continue readingFree Resources To Learn Pentesting
TryHackMe TryHackMe is a online service that offers paid and free rooms. The highlight for TryHackMe is that it offers beginner friendly and advanced rooms for pentesting, malware analysis, digital forensics, and much more related to cyber security. If you are just getting into Cyber Security, this is a great
Continue reading