Search results

...September/17/02-03 Log]''' ''Introduction to [[Nmap|network mapping]] Part 1'' - '''[[User:Foo|Foo]]''' ...eptember/25/00-02 Log] ''Advanced [[SQL injection]] [[exploitation]] (Part 1)'' - '''[[User:Hatter|hatter]]'''

string variable sys.argv[1]

http://whois.arin.net/rest/net/NET-206-71-119-0-1.html 02:32 <~hatter> +1

03:10 <@rorschach> it looks like me -> vps 1 -> tor -> -> vps 2 -> tor -> world 03:11 <@rorschach> so, I ssh into vps 1

00:09:20 <hatter> suppose our url is /article.php?id=1 00:11:58 <hatter> /article.php?id=-1

...our main() function two values, string literal "Hello there" and sys.argv[1] (which is the first command line parameter.) 01:54:27 <zzzzzZZZZzzz> print main( "Hello there", sys.argv[1] )

02:22:18 <foo> nmap -vv -sS -e lo 127.0.0.1 02:22:23 <foo> Scanning localhost.localdomain (127.0.0.1) [1000 ports]

20:10 <@pseudo> likewise, setenforce 1 will enable it ...7fff28cbf5b0 a3=7fff28cbf000 items=0 ppid=702 pid=1558 auid=1030 uid=0 gid=1 030 euid=0 suid=0 fsuid=0 egid=1030 sgid=1030 fsgid=1030 tty=pts1 ses=22

<hatter> Query OK, 1 row affected (0.00 sec) <hatter> Query OK, 1 row affected (0.05 sec)

<m4> i would move the value 1 into eax, since 1=exit <m4> both are 1 byte in size

cmpb %dil, (%rbx, %rsi, 1) movb (%rbx, %rsi, 1), %r10b

<hatter> [0x4-0x7] section type - 0 is null, 1 is progbits, 2 is symtab, 3 is strtab

python sqli-slee.py -u "http://target.com/?id=1%27" -i "select database()" ...Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10' }

And [[bit shift|shifted left]] 12 bits (1 shifted left 12 bits will become 0x1000 or binary 00010000 00000000): cmpb %dil, (%rbx, %rsi, 1)

lea -1(%rip), %rax ; the %rax register now contains the address of `pc'. Breakpoint 1 at 0x4000b1

...rray) and may have unpredictable behaviors if an array is passed (e.g. var[1]&#x3d;foo&var[2]&#x3d;bar in the url.)}}

[0x4-0x7] section type - 0 is null, 1 is progbits, 2 is symtab, 3 is strtab xorl (%rax,%rbx,1), %ecx # %rcx = offset to section headers

if (index($username, "admin") != -1) ...

*1) Android doesn't automatically check an application's file permissions. ...ttack is a vulnerability in an Android application called dSploit (version 1.028b)(This has since been patched), which has all the binaries in /data/dat

/articles.php?id=1 ..., for one moment, that there are 255 rows with sequential id's starting at 1 in the articles table. It will rarely ever be this way in the wild.

╰─➤ ./pub-sqli-hap.py http://127.0.0.1/sqli.php\?id\= id users [*] Attacking: http://127.0.0.1/sqli.php?id=

* For testing purposes we've installed MySQL 5.1 locally and created a table called sample: | 5.1.58-log |

and sleep(ascii(substring(@@database,1,1))) -- MySQL and pg_sleep(ascii(substring(current_database,1,1))) is null -- PostgreSQL

# the Free Software Foundation; either version 1, or (at your option) exit(1)

...the lines of [integer][equal sign][integer], or that a request with "AND 1=1" had its connection reset, but the page without the injection continues to Instead of comparing a value like "1=1", compare mathematical expressions. Mathematical expressions may be the ke

* A bit can be 1 or 0 (True or False) 1 row in set (0.00 sec)</source>

| 1 ! scope="row" | 1

| \x48\x6b\x??\x#2\x#1 ...ing is the ability to use the ins and outs instructions to add or subtract 1,2, or 4 against the %rdi register. This still leaves no significant add or

@mysql_query("SELECT * FROM user WHERE user_id = " . $id . " LIMIT 1"); ...integer, this statement is still vulnerable, if a user inputs "id=1%20OR1=1", the statement will not be escaped (since there are no quotes) and still

[user@localhost shellcode]$ generators/socket-reuse-generator.py 127.0.0.1 1234 The standard loader accepts shellcode as a command line argument (argv[1]) and executes it. This can be combined with the shellcode generator to tes

movl $1, %eax movl $1, %eax

@mysql_query("SELECT * FROM user WHERE user_id = " . $id . " LIMIT 1");

...ry = "SELECT * FROM user WHERE pwreset_code= '" . $pwresetcode ."' LIMIT 1"; // SELECT * FROM user WHERE pwreset_code='' LIMIT 1;

$username = $argv[1]; $username = $username . ":1";

{{code|text=<source lang="bash">IGNORECASE=1 find -regextype posix-awk -regex ".*\.(rb|php|pl|py|pm)" -exec grep -HnC2 \

...from lax02s01-in-f8.1e100.net (74.125.224.168): icmp_req=1 ttl=51 time=13.1 ms</source>}}

group_id int foreign key not null default 1, The target software will automatically put new users in group 1 (non-activated users list) on registration. Perhaps on update it would upd

...ay) and may have unpredictable behaviors if an array is passed (e.g. var[1]=foo&var[2]=bar in the url.) if (index($username, "admin") != -1) ...

ip addr add 10.0.0.1/24 dev eth1.10 address 10.0.0.1

Linux hostname 4.0.5-1-ARCH #1 SMP PREEMPT Sat Jun 6 18:37:49 CEST 2015 x86_64 GNU/Linux</pre> This should show you information about the Kernel version being used (4.0.5-1), what date the Kernel was built on (the important part is the year, 2015)

| SHA-1||160||Yes||No||Collision are expensive to generate, but a sufficiently moti