Skip to main content

Posts

Featured

Playing with XVWA

During this time of isolation I thought that maybe it was a good time to retake some challenges. Not in the "difficulty" aspect, but maybe try to get some stuff that wasn't that hard and automate it, cleaning the dust out of some languages and vulns that I might have left as forgoten. I had come across XVWA in the past and I thought it was nice. It contains a lot of the resources DVWA has, but also a bit more to teach you a bit more of the basics. I didn't do them all, I went for the ones I thought were interesting and offered me game. Error Based SQLi and Blind SQLi ========================= For this section I wanted to find a way to obtain the names of the databases or columns automating them with Python. It would also come in handy when finding real SQL injections while testing. The first type of SQLi didn't end up being a script from my part. I mostly used sqlmap and read through the parameters and using them to gather all the data that i could get fr

Latest Posts

[Poster] Doug Lea's malloc cheatsheet || Heap Overflow visual aid

Null deferences: user and kernel(land) review

Exploiting with unlink() technique by Doug Lea's malloc| Exploit excercises