Javascript ES6 — const vs let # 2

As a reminder from the previous video, you already know that the keyword var
is supposed to create global variables that can be accessed from the global scope, and you learn also that the var keyword is function scoped.

Now we’ve to deal with two new keywords, let and const which are block scoped,
that means that if you create any variable within a block, as an example a
function, a condition, or a for loop, it will be accessible only within its
scope, still there are some differences between let and const that we’ll
discover on this video.

Read More

Javascript ES6 — var scoping # 1

lets understand how the var keyword works to create variables, so let’s start by creating a number variable using the keyword var that have a value of 10, accessing to the value of number after the declaration will display as a result the number 10, now if I take the same variable number and without redeclaring it I change its value to 20, now accessing the value of number before declaring it will still the same, however accessing to the same variable after changing its value will give me the updated value which it’s 20. from that, we assume that the variable number can update its values through the program, until now, noting is alerting.

Read More

How to use VIM as an Hex Editor

I want to display the hex format of a compiled binary from an helloworld.c program using vim.

The source code of the helloworld.c:

#include < stdio.h >
int main()
{
   // printf() displays the string inside quotation
   printf("Hello, World!");
   return 0;
}

So after you generate the binary helloworld using gcc:

gcc helloworld.c -o helloworld

You’ve to edit the executable using vim:

vim helloworld

The last step is to use the xxd command to transform the result to the hex presentation by doing :%!xxd.

How to set up Metasploitable 3 on macOS Mojave

Today we’ll set up an environment of a list of virtual machines (ubuntu and windows) that includes some intentional vulnerabilities ready to exploit using Metasploitable 3 as the target machines and Kali as an attacker, but before that, there is the list of requirements you need:

Software requirements

You can install VirtualBox, Packer and Vagrant manually from the links below, or you can use brew:

brew cask install virtualbox
brew cask install vagrant
brew install packer

System requirements

  • VT-x/AMD-V Supported Processor recommended
  • 65 GB Available space on drive
  • 4.5 GB RAM

Our environment, in the end, will have these 2 virtual machines, one running Ubuntu metasploitable3-ub1404 and one running Windows metasploitable3-win2k8.

Read More

Use ctrl + w to delete a word with MySQL Cli

By default, and while you’re using mysql CLI the combination ctrl + w delete the enter line, so if you type a long query and you want to delete the word before the cursor the combination ctrl + w will not work and you have to use the backspace instead, and the only configuration to solve this problem is by creating the file ~/.editrc if it doesn’t exist and add this line of code:

bind "^W" ed-delete-prev-word

How to access the MySQL CLI With MAMP

First, you’ve to start MAMP or MAMP PRO, and you open your terminal and type:

/Applications/MAMP/Library/bin/mysql -uroot -p

Enter the password, by default the password, is root:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 254
Server version: 5.6.35 MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

If you want to use the command mysql by default without typing the entire command line you can edit one of these dot files ~./bashrc if you’re using bash or ~/.zshrc in case of using zsh and add this alias:

alias mysql=/Applications/MAMP/Library/bin/mysql -uroot -proot

After editing the file using Vim or Nano save the dot file, and run the source to validate the modification:

If you use zsh:

source ~/.zshrc

If you use bash:

source ~/.bashrc

Now you can run the command mysql from the terminal without typing any extra word.

Blind SQL Injection # bit-by-bit Inference

In the last example we use binary search technique to get each character of the SYSTEM_USER by infering a grouped 8-bits(1 byte) through a selected requests.

Now you’ll use another technique when you’ve to select a single bit from a selected position on each request.

If you’ve as an example the character s which have a presentation in decimal of 11310 and in binary 0110 01112, to use bit-by-bit technique you’ve to use bitwise AND against a byte that has the most significant bit at some position, if the predicate returns true the bit is 1 otherwise the bit is 0.

Let’s start the 8 requests for each significant bit set corresponding to6410, 3210, 1610, 810, 410, 210 and 110.

Read More

Blind SQL Injection # Inference Techniques

Blind SQL Injection is the kind of attack based on inference because you’ve no displayed error and no message indicating warnings, in this article, you’ll use inference techniques for a use case of getting the current MySQL username and hostname from a vulnerable code.

You’ll use the same tables and data from the previous example setup, and this is the code of the count-cars.php page:

Read More

SQL Injection VS Blind SQL Injection

So far you learn how to trigger a SQL error sending some SQL code from the client(Browser) to the server, however, sometimes the web application doesn’t show any error message from the database but doesn’t mean the code is not vulnerable, and this is why you’ve to pay attention to the detail.

A normal SQL injection is closely similar to a Blind SQL Injection, the only difference is that blind injection will not display any error message from the database server warning you that your SQL Query syntax is not correct, plus you’ve to ask true or false questions and watching the responses, in the other hand a normal SQL Injection will show a generic error message making exploiting the vulnerability less difficult.

Environment Setup

You’ll set up an environment to test both cases, so our examples will be executed on a database including two relational tables users and cars using a cardinality One-to-many(1:n) when a car can have multiple users.

Read More