-
August 31st, 2014, 03:45 AM
#1
Junior Member
A pleasant pentest experience
My friends chose a target for me to practise several days ago, acturallyI never thought that I can succeed because I was totally a green hand . Luckily ,I got the webshell of the website in the end ,I was excited and I knew it meant a lot to me.,so I just wanted to take a note about it and noticed the victim that its website was under high risk .
My target was a website of nextmedia ,which is a famous company of media in HongKong., It was unbelievale that I found an injection point after a general scan , I just could not believe that it really exsited ,especially in such a large and popular website. I sent it to sqlmap but it was intercepted so I had to do it personerly ,I got some sensitive information and got into its backgroud successfully,here’s the capture of the sql injection.
Luck was very importent during the penetest because I found a point where was able to upload files without any restrictions ,as a result I upload my webshell and got the authority of system .I was surprised when I check its database because nextmedia kept all the data without any encryptions, including members’ password ,It was a doubt for me to understand that it was so careless for such a big campany.Well,overall,I never had such a fluent experience like this ,it was so splendid,wasn’t it? I was pleasant to provide a capture of the webshell as below.
-
August 25th, 2016, 09:05 AM
#2
Junior Member
I'm probably just a douche but I hate pentests like that I want to figure out ways to bypass the waf, I don't want a sql injection vuln I want to perform ssti on whatever templates they are using, or eli, xxe, csv injections, padding oracle attacks, I want to have to port cves, I want to read mountains of developer documentation. I don't know running a scanner and just sqlmaping it or using burp to audit the same crappy kind of crud apps don't get me off anymore to be honest that's why I really never became a pentester even though I love the offensive side of sec. Yeah I'm a total douche.
Similar Threads
-
By Black Cluster in forum Tech Humor
Replies: 0
Last Post: June 14th, 2006, 03:56 PM
-
By gore in forum Operating Systems
Replies: 15
Last Post: March 18th, 2006, 06:15 AM
-
By valhallen in forum Cosmos
Replies: 11
Last Post: March 11th, 2002, 12:27 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|