MS SQL Server is a Relational Database Management System (RDBMS). One simple way to think of a relational database is a group of tables that have relations. This was a pretty basic lab. My key learnings were how to use the sqsh command to connect to MS SQL. Syntax – sqsh -S server -U username…
Category: Penetration Testing
Try Hack Me – Advent of Cyber 3 – Day 10 – Port Analysis using Nmap
IP Addresses Every computer (host) that connects to a network needs to have a logical address. For instance, a host can be any system with network access, such as a laptop, a smartphone, or a Raspberry Pi. We refer to this address as logical because it’s assigned by software and could change over time, for…
Try Hack Me – Advent of Cyber 3 – Day 9 – Packet Analysis using Wireshark
Packet analysis is a technique used to capture and intercept network traffic that passes the computer’s network interfaces. Packet analysis may also be called with different terms such as packet sniffer, packet analyzer, protocol analyzer, or network analyzer. As a cybersecurity individual, gaining packet analysis skills is an important requirement for network troubleshooting and communication…
Try Hack Me – Advent of Cyber 3 – Day 8 – Windows Logs, Powershell, and Directories
Packet analysis is a technique used to capture and intercept network traffic that passes the computer’s network interfaces. Packet analysis may also be called with different terms such as packet sniffer, packet analyzer, protocol analyzer, or network analyzer. As a cybersecurity individual, gaining packet analysis skills is an important requirement for network troubleshooting and communication…
Try Hack Me – Advent of Cyber 3 – Day 7 – NoSQL Injection
What is NoSQL? A NoSQL database refers to a non-relational database that is short for non SQL and Not only SQL. It is a data-storing and data-retrieving system. NoSQL databases are commonly used nowadays for big Data and IoT devices due to their powerful features such as fast queries, ease of use to developers, scale…
Try Hack Me – Advent of Cyber 3 – Day 6 – Local File Inclusion
What is a Local File Inclusion (LFI) vulnerability? It is a web application vulnerability that allows the attacker to include and read local files on the server. These files could contain sensitive data such as cryptographic keys, databases that contain passwords, and other private data. An LFI vulnerability happens due to a developer’s lack of…
Try Hack Me – Advent of Cyber 3 – Day 5 – XSS
What is an XSS vulnerability? Cross-Site Scripting (XSS) is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. If you can get JavaScript to run on a victim’s computer, there are numerous things you can achieve. This can range from stealing the victim’s…
Try Hack Me – Advent of Cyber 3 – Day 4 – Fuzzing
What is Fuzzing? Fuzzing is an automated means of testing an element of a web application until the application gives a vulnerability or valuable information. When we are fuzzing, we provide information as we would typically when interacting with it, just at a much faster rate. This means that we can use extensive lists known…
Try Hack Me – Advent of Cyber 3 – Day 3 – Content Discovery
Content Discovery Content discovery allows us to find things that we aren’t supposed to see. For example, we may be able to find the following by traversing the web server as long as we know the names: Configuration files Passwords and secrets Backups Content management systems Administrator dashboards or portals Dirbuster is a tool that…
Try Hack Me – Advent of Cyber 3 – Day 2 – Cookies
HTTP(S) For your computer and a webserver to communicate with each other, an intermediary protocol is required. This is where the HTTP (Hypertext Transfer Protocol) is introduced! The HTTP protocol is a client-server protocol to provide communication between a client and a webserver. HTTP requests are similar to a standard TCP network request; however, HTTP adds specific…