YCEP Day 2: Hacking and Finding vulnerabilities

Notes:

- Jobs: for e.g., hacking into a target (only can be done one at a time)

- Port: something like a portal

- SQL injection: check if something is vulnerable or to hack in

- E.g., SELECT id FROM users WHERE username=’Chris’ and password=’mypass1’

- XSS: injecting JavaScript into html using <script></script> to find vulnerability

- apache2 to start server

- mysql to start database

- Sing health breach was an SQL vulnerability

- Man in the middle: stationed between client and server

- Python dicts: consist of a key and corresponding value

When hacking into a target:

1. Do a port scan

2. Find a target

3. Load msf console

4. Find backdoor using “search”

5. Fill up RHOST

6. Show usable payloads then run

7. “ip a” to see which ip address it is

8. Background session using ctrl+Z

Using SQL Injection:

~16 June 2021