Hacking Write-Ups

Lab Environment Attacker's Machine - Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux Vulnerable Machine - SQL injection to shell Proof Of Concept arp-scan --local (to scan for the machines connected to the network) vulnerable machine IP - 172.16.60.160 Now i will use nmap for further scanning the machine's IP   nmap -sSCV 172.16.60.160 It revealed HTTP service on Port 80 in active state. So i just browsed the IP in browser to see the webpage (as Port 80 is running). It showed me many options on which i can click so i choose to click on test. On clicking on test parameter it showed me GET method in url which can lead to SQL injection attack . After that i just confirmed that if SQL injection attack is working or not by placing an apostrophe(‘) after id=1. It gave me the syntax error which confirmed me that SQL injection attack is working . Note: All comman

                                        POC OF HACKTHEBOX(how to take invite code) Lab Environment My Machine Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux Website Involved In The Process https://www.hackthebox.eu Steps involved • Open the official website of hackthebox as mentioned above • click on the join option which is present ont the top • After clicking on join we will be asked to provide invite code which we dont have ,   so just input random code and press enter . • Then view the source of the page saying invalid code • Just observe the source carefully you’ll see src =”/js/inviteapi.min.js” • click on that link you’ll be redirected to a new page containing the code ,which is not easy to understand . • We can see two things in the code i.e makeinvitecode (highlighted) and POST (in same line as of invite code) • it clearly means that there is POST me