HacktoLearn

When an application is vulnerable to SQL injection and the results of the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in a SQL injection UNION attack. When performing a SQL injection UNION attack, there are 2 effective methods to determine how many columns are being returned from the original query. The 1st method involves injecting a series of ORDER BY clauses and incrementing the specified column index until an error occurs. The 2nd method involves submitting a series of UNION SELECT payloads specifying a different number of null values: ' UNION SELECT NULL-- ' UNION SELECT NULL,NULL-- ' UNION SELECT NULL,NULL,NULL-- 💙💙💙💙💙💙💙💙💙💙💙💙 FREE CYBER SECURITY LEARNING RESOURCES : The Cyber Mentor --- https://academy.tcm-sec.com Nathan House --- https://www.stationx.net John Hammond --- https://johnhammond.org Loi Liang --- https://loiliangyang.com HackerSploit --- https://hackersploit.org David Bombal --- https://davidbombal.com Professor Messer --- https://www.professormesser.com w3schools --- https://www.w3schools.com #hacktolearn #websecurityacademy #unionselect #sqli

If the query returns the details of a user, then the login is successful. Otherwise, it is rejected. In this lab an attacker can log in as any user without a password simply by using the SQL comment sequence -- (double-dash) to remove the password check from the WHERE clause of the query. By submitting the username administrator'-- the password results in the following query: SELECT * FROM users WHERE username = 'administrator'--' AND password = '' Ignoring the password field, because it comes after the comment sequence (double-dash) This query returns the user whose username is administrator and successfully logs the attacker in as that user. 💙💙💙💙💙💙💙💙💙💙💙💙 FREE CYBER SECURITY LEARNING RESOURCES : The Cyber Mentor --- https://academy.tcm-sec.com Nathan House --- https://www.stationx.net John Hammond --- https://johnhammond.org Loi Liang --- https://loiliangyang.com HackerSploit --- https://hackersploit.org David Bombal --- https://davidbombal.com Professor Messer --- https://www.professormesser.com w3schools --- https://www.w3schools.com #hacktolearn #websecurityacademy #sqli #commentsequence #doubledash

This lab contains a SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out a SQL query like the following: SELECT * FROM products WHERE category = 'Gifts' AND released = 1 To solve the lab, perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased. Follow along with this video to learn how to sql inject the application. Links from video W3Schools URL Encoding - https://www.w3schools.com/tags/ref_ur... 💙💙💙💙💙💙💙💙💙💙💙💙 FREE CYBER SECURITY RESOURCES : The Cyber Mentor --- https://academy.tcm-sec.com Nathan House --- https://www.stationx.net John Hammond --- https://johnhammond.org Loi Liang --- https://loiliangyang.com HackerSploit --- https://hackersploit.org David Bombal --- https://davidbombal.com Professor Messer --- https://www.professormesser.com w3schools --- https://www.w3schools.com #hacktolearn #portswigger #burpsuite #portswiggeracademy

This is a beginner level Capture The Flag (CTF) This room will teach you the beginner methodology and mindset required to become an ethical hacker. This room teaches: * reconnaissance * finding hidden directories * getting a shell on the target * escalating your privileges to root on the target machine Follow along to learn more! #hacktolearn #tryhackmelazyadmin #ethicalhacking

This is a beginner level Capture The Flag (CTF). Learn how to do reconnaissance on a target, get a shell on the target, plus escalate your privileges to root on the target system. Follow along with this video to learn more. #hacktolearn #tryhackme #tryhackmesimplectf

This is a beginner friendly CTF challenge. This room will teach you the following skills: * reconnaissance * getting a shell * privilege escalation Follow along with this video to learn more #hacktolearn #tryhackme #tryhackmerootme #rootme

This is a beginner entry level walk through of the TryHackMe room Learning Cyber Security. Get a short introduction to a few of the security topics you'll be learning about. * Why Web Application Security is so important? * Why is Network Security crucial in understanding ethical hacking? #hacktolearn #tryhackme #learningcybersecurity

Hack your first website (legally in a safe environment) and experience an ethical hacker's job. #hacktolearn #introtooffensivesecurity #tryhackme

Learn about the various options/career paths you can channel your studies toward. What Cyber Security role are you interested in? Check this video out for some cool suggestions, channels etc... to get you into Cyber Security. Cyber Security Careers are becoming more in demand and offer lucrative salaries. There are many different jobs within the security industry, from offensive Pentesting (hacking machines and reporting on vulnerabilities) to defensive security (defending against and investigating cyber attacks). Follow along with this video to learn more! 💻 #hacktolearn #tryhackme #tryhackmecareersincyber #beginnercybersecurity

To understand the job responsibilities for a Junior (Associate) Security Analyst, (a.k.a SOC Analyst). Allow me to show you what a day in the life of the Junior Security Analyst looks like and why this is an exciting career path. Play through a day in the life of a Junior Security Analyst, their responsibilities and qualifications needed to land a role as an analyst. Follow along with this video to learn more about SOC Analyst's. #hacktolearn #tryhackmejuniorsecurityanalystintro #soclevel1 #socanalyst