Day 69 ⚜️
- Password hashing and salting. Encryption vs hashing. Vulnerable hashing algorithms. purpose built password hashing algorithms and developer mistakes
#cybersecurity#websec#sendhelp
SQLi UNION attack — retrieved data from another table and logged in as administrator. ✅
The payload:
' UNION SELECT NULL,'yB7TTZ',NULL--
First find the column that accepts strings. Then pull whatever you want from any table.
Databases talk too much when you know how to ask.👀
Solved my first SQLi lab on @pwncollege 🎉
Bypassed a login by injecting into the username field.
The server literally printed the query it was running in debug mode
WHERE username = 'admin' 1=1--
Always TRUE. Authentication dead.
#Cybersecurity
Started learning SQL injection on @PortSwiggerAcademy today.
First thing that broke my brain a little:
Adding '-- to a URL can comment out the rest of a SQL query.
category=Gifts'--
One vulnerable input. The entire query logic rewritten.
This is just the beginning. 🔍
Day 38/39
Explored a Windows Forensics room and honestly It was challenging and had me stuck the entire day😂but every challenge made the investigation process more interesting.
The deeper I got into the investigation process, the more interested I became in digital forensics.
Day 48 ⚜️
- Still on IDORs. Today i learned what a secure authorization design looks like
- Installed owasp juice shop and played around with it. I think dvwa focuses more on the vulnerabilities then juice-shop is more about security testing in general.
#cybersecurity
Day 35 of my cybersecurity journey.
Today I worked with Metasploit and realized it’s not just about running exploits.
It’s about understanding payloads, options, and how each step fits together.
Still learning, but it’s making sense the deeper i go,
Day 33⚜️
- Almost done with xss. Today was about what xss vulnerabilities look like in modern apps and apis, react, vue and other frameworks
- More labs
#cybersecurity#xss#lockedin