LFI to shell – exploiting Apache access log

Local file inclusion (LFI) is normally known to be used to extract the contents of different files of the server the site is hosted on. This includes files like passwd, hosts, etc. But have you ever thought about how you could take this to another level? A level where you can initialize reverse shell, get a browser shell on the server (c99, b374k, etc).

Well, this is what I am going to explain in this post ๐Ÿ™‚ So let’s no waste any more time, and let’s get hacking instead! (more…)

SQL Injection challenge #2 – The Details & Solutions


That’s it for my 2nd realistic SQL injection challenge ๐Ÿ™‚ It took a few days from I released it, but not nearly as long as I had thought which was a pleasant surprise.

Congratulation to saxx @ #vulnhubย (freenode) for being the first one to solve this! (more…)

SQL Injection challenge #1 – The Details & Solutions

I was supposed to wait for a couple of days with posting this, but I see in the logs that the only requests coming in now is from the blog post written by the guy who first solved this.

About a week ago I wrote an sql injection ย challenge that was posted on a couple of forums, #vulnhub (freenode) and on Twitter. After several days of people destroying my server with sqlmap, Havij, iMacro and sql ninja a solution was provided, but not by one of the tool users ๐Ÿ™‚ This was solved using the good old manual approach. So now that the challenge has been solved, I decided to publish the source, and a few different solutions to this challenge.

If you want to give it a go, you can find the challenge here.

This challenge was a great proof that manual > tools! ๐Ÿ˜€

First, I want to congratulate DiabloHorn who was the first one to complete the challenge. He also wrote a “how-to” post explaining how he solved my challenge. You can read his post here.