shizonic shizonic

Using Blind SQL Injections to Retrieve Access Credentials of a Website

In this gist I show how I leveraged a boolean-blind sql injection to gain access to a protected website. The injection allowed me query the website database and retrieve a valid pair username/password. Using the retrieved credentials I was able to login into the protected section of the website.

Software Used

To perform the attack I used:

sqlmap to discover the website was vulnerable to SQL injections.
Burp Suite to forge and send POST requests to the website login page, carrying payloads opportunely crafted with SQL queries.

Time-Based Blind SQL Injection

Indication of a correct query is based on the time the query takes to complete.
This time delay is introduced by using built-in methods such as SLEEP(x) alongside the UNION statement.
The SLEEP() method will only ever get executed upon a successful UNION SELECT statement.

Base query example

/endpoint?query=admin123'

Attack query example

Linux Desktop on Apple Silicon in Practice

I bought M1 MacBook Air. It is the fastest computer I have, and I have been a GNOME/GNU/Linux user for long time. It is obvious conclusion that I need practical Linux desktop environment on Apple Silicon.

Fortunately, Linux already works on Apple Silicon/M1. But how practical is it?

Two native ports exist.

Nix syntax basics

Intro

Comments

Improve Fonts

Newest

Make your Arch fonts beautiful easily! This is what I do when I install Arch Linux to improve the fonts.

You may consider the following settings to improve your fonts for system-wide usage without installing a patched font library packages (eg. Infinality):

Install some fonts, for example:
sudo pacman -S ttf-dejavu ttf-liberation noto-fonts

Rust Cheat Sheet

Variables & Mutability

Variables are immutable by default. This makes Rust safer and makes concurrency easier.
Immutable means once a value is bound to that variable, it cannot be changed.
For example:

fn main() {
 let x = 5;

Turris

opkg install kmod-veth
opkg install kmod-ipt-extra
opkg install iptables-mod-extra

Install a new container (I created an arch linux container)
Open up the /srv/lxc/containername/config file for editing:

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

	session=lxqt
	geometry=1920x1080
	localhost # comment this out to allow connections from anywhere
	alwaysshared

	<!doctype html>
	<html>
	<head>
	<meta name="viewport" content="width=device-width" />
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
	<title>Simple Transactional Email</title>
	<style>
	/* -------------------------------------
	GLOBAL RESETS
	------------------------------------- */