Tag: Hacking

PortSwigger: SQL injection attack, querying the database type and version on MySQL and Microsoft

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 6. This lab requires you to return the database type on MySQL with Microsoft. I’m not sure if that means, a MySQL database on Microsoft Windows or whether…


PortSwigger Web Security Academy: SQL injection attack, querying the database type and version on Oracle

XeZ is looking at the 5th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to perform a UNION-based SQL injection to retrieve the database version string. We can use the same techniques that we have developed so far….


PortSwigger Web Security Academy: SQL injection 4

ello friends and today HaXeZ is looking at the 4th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the third lab. However, this time there is only one column that supports text. We will need to concatenate the results in order to complete the lab….


PortSwigger Web Security Academy: SQL injection 3

Hello friends and today HaXeZ is looking at the 3rd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the second lab, and extend it. This time we’re going to retrieve the contents of the username and password columns from…


PortSwigger Web Security Academy: SQL injection 2

Hello friends and today HaXeZ is looking at the 2nd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the first lab, and extend it. Instead of just identifying the number of columns, we’re going to test which columns can hold text. In order to do this, we will use the same methodology for the first one but then replace one of the NULL values with a string. …


PortSwigger Web Security Academy: SQL injection 1

Hello friends and thanks for coming to HaXeZ where today we’re looking at the first SQL injection lab on Portswigger Web Security Academy. In order to keep things simple, I will be doing the labs in the order that they apepars on the all-labs page. While this doesn’t make much sense from a difficulty perspective,…


Burp Suite Certified Practitioner – Getting Started

Hello and welcome to HaXeZ, today we’re going to be talking about the Burp Suite Certified Practitioner certification. For those new to Cybersecurity, you may not know that Burp Suite is probably the best web testing tools available. You may also not know that Portswigger (the parent company) offers certification for Burp Suite. Furthermore, you may also not know that the exam to get the certificate is currently only $99! Additionally, if you pass it before December 10th, 2021, they will refund you!!!…


Book Review: Foundations of Information Security

Hello friends and welcome to HaXeZ, Foundations of Information Security is probably one of the first books I should have reviewed. This is a great book for anybody new to information security. It’s written by Jason Andress and published by no starch press. While there are many books out there that cover the material in this book, they can sometimes be too cold and factual to enjoy. The author of this book brings a great balance of warm humor and information. For example, the author quotes the phrase “With great power comes great responsibility” and even goes as far as referencing it to a particular Spiderman comic book. Furthermore, the author explains how hacking a heart rate monitor could be heart-breaking… …


Hack This Site: Extended Basic – Mission 2

Hello friend and welcome to HaXeZ where we will be covering Hack This Site Extended Basic Mission 2. This challenge is fairly simple provided you have an understanding of application structures. It requires us to slightly modify the provided script in order to access the index.php page at the root of the web application. In…


Hack This Site: Extended Basic – Mission 1

Hello and welcome to HaXeZ where today we’re looking at Hack This Site Extended Basic Mission 1. The mission is titled “Over and Over?” and requires you to perform a buffer overflow to complete it. Upon navigating to the mission we are greeted with a message that explains that we have a C program that calculates the length of the user input. It goes on to explain that we need to crash the program. …