Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Pages: 12345...LastNext
Current Page: 1 of 9
Results 1 - 30 of 258
1 year ago
lightos
Hello everyone, I want to share a tool I wrote in Python with Miroslav Stampar which can be useful when dealing with LFI type vulnerabilities. Here's the description from the Github repository: "Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary
Forum: Projects
2 years ago
lightos
I will be outside the vendor's area at 12 if anyone wants to meet up!
Forum: News and Links
2 years ago
lightos
Here is the first write-up describing challenge 2A and the solutions used to solve the challenge:
Forum: SQL and Code Injection
2 years ago
lightos
Thanks guys! I will update it sometime this week when I find the time.
Forum: News and Links
2 years ago
lightos
I've transformed the old SQLi Pocket Reference document into a Knowledge Base. I added and updated a lot of information and is now easier to navigate. You can find it at: SQL Injection KB Any feedback is always appreciated. Thanks!
Forum: News and Links
2 years ago
lightos
It is vulnerable to XSS.
Forum: XSS Info
2 years ago
lightos
The Alfa AWUS036NH takes full advantage of 802.11n, but isn't as compatible as the AWUS036H. I have both and would highly recommend them. Buying an extra antenna to go along with them is nice too!
Forum: Wireless Security
2 years ago
lightos
I present to you guys 3 sqli challenges that no one was able to solve at the CTF, but maybe you can? http://50.57.51.240/retos/ Btw, your solution must use sqli (be sure to include the injection when you submit your results). Good luck!
Forum: SQL and Code Injection
2 years ago
lightos
This is a Web Application Security forum, so try to keep your questions related to security if you want them to get answered. You should just use whichever distribution you are comfortable with, it doesn't really make a big difference as long as it does what you need it to do. If you're just installing the OS to learn programming, then anything will do. If you want to learn security, you may wa
Forum: OMG Ponies
2 years ago
lightos
None of the things you mentioned should be tied down with Information Security, it is a vast field and there are many aspects and divisions to it. It all really just depends on how you apply it. I personally view hacking more as mental excercise as it becomes a challenge having to understand how something works better than the developer does and using that knowledge to find its weaknesses. I don't
Forum: OMG Ponies
2 years ago
lightos
Just curious, since you said the word script is stripped out, does scrscriptipt work? Those type of filters always make me giggle.
Forum: Obfuscation
3 years ago
lightos
Thought this might interest some of you. I wrote a few tamper scripts for sqlmap to help bypass WAFs. These scripts modify the request in a way that will try to evade being detected by the firewall, either by changing the encoding, replacing spaces for other valid characters or just doing weird things to injection. For more details, (Spanish)
Forum: Obfuscation
3 years ago
lightos
SELECT TOP 1 column FROM table WHERE column NOT IN(SELECT TOP 1 column FROM table) SELECT TOP 1 column FROM table WHERE column NOT IN(SELECT TOP 2 column FROM table) SELECT TOP 1 column FROM table WHERE column NOT IN(SELECT TOP 3 column FROM table)
Forum: SQL and Code Injection
3 years ago
lightos
Use the same technique you used to extract the tables/columns.
Forum: SQL and Code Injection
3 years ago
lightos
To concat in MSSQL simply use +, so fldUsername + 0x3A + fldPassword and don't forget to URL Encode the plus sign.
Forum: SQL and Code Injection
3 years ago
lightos
I don't think anyone calls anyone a n00b here, but sometimes people hesitate to answer simple questions because the answer can be easily found through google or other sources. Part about what being a hacker is means being able to research and find the information on your own.
Forum: Intro
3 years ago
lightos
It should be the same as other rdbms. SELECT column FROM database.table
Forum: SQL and Code Injection
3 years ago
lightos
<script type="text/javascript" src="/path" onerror="alert(0)" crap="xyz.js"></script>
Forum: XSS Info
3 years ago
lightos
It's how I bypassed Level 2 challenge, with some other tricks of course :)
Forum: SQL and Code Injection
3 years ago
lightos
espartaniac Wrote: ------------------------------------------------------- > but I'm stuck there. what do I do next? > Any ideas? It all depends on what your intentions are. If you already have admin access, what else do you really want?
Forum: SQL and Code Injection
3 years ago
lightos
An alternative solution using ClickJacking:
Forum: CSRF and Session Info
3 years ago
lightos
Why not test open-source software instead? It would be the same thing, except you would actually be contributing something back to the community. The whole process of setting up and configuring a server/database/application and then hacking it will result in a much greater learning experience than just doing a black-box attack on some website.
Forum: OMG Ponies
3 years ago
lightos
Very interesting and a good reference. However, I did notice an error. dummy2;waf bypass: http://localhost/?a=x[y if(strpos(“_”,$_SERVER*‘query_string’+) === false) , system(key($_GET)); } Apache/PHP will only convert [ to _ when it's in the parameter name, not the value. Thanks for sharing! :)
Forum: Full Disclosure
3 years ago
lightos
A few bypasses in this bad boy str'=version() UNION# # # # SELECT group_concat(table_name)# ## /*!FROM*/ information_schema.tables WHERE '1
Forum: Projects
3 years ago
lightos
The request must get decoded somewhere along the way, otherwise it will not work.
Forum: SQL and Code Injection
3 years ago
lightos
Did you try column_name or columns_name?
Forum: SQL and Code Injection
3 years ago
lightos
Give this a try: ' UNION SELECT ALL TABLE_NAME,2 FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN (SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES)--
Forum: SQL and Code Injection
3 years ago
lightos
The test sites use different DBMS, so if you get stuck on one you can always try a different site. I'm close to solving level 2 using the Acuart site. Haven't really tried any of the other ones yet.
Forum: Obfuscation
3 years ago
lightos
I'll share this SQLi-WaF-Bypass tool I wrote awhile back, but never got around to finishing it. I've been thinking of bringing it back to life and giving it a complete rewrite, since it's pretty crappy at the moment. Any feedback is appreciated. To get started, you can simply run: python idsfuzz.py http://localhost/test.php?id=1 "string" Where test.php?id=1 is vulnerable to SQ
Forum: SQL and Code Injection
3 years ago
lightos
Hey fellow slackers, I just wanted to share with you this SQLi Challenge sponsored by Modsecurity. The challenge consists of two levels, the first one is a speed test which is pretty straight forward - Be one of the first 4 to extract the required data and you're a winner. The second challenge is where it gets juicy, here you'll have to extract the same data, but without triggering an Inbound aler
Forum: Obfuscation
Pages: 12345...LastNext
Current Page: 1 of 9