Cybersecurity
Think of this as an APA version of the manual assessment portion of a pentest report.
Required for Submission:
- Make up an organization that you want to target. It can be anything you want - be creative! -
- Discuss the initials steps taken to gain access to the system
- Phishing?
- Exploited Technical Vulnerabilities?
- Insider Threat?
- Write about your fake company and how you got access.
- Once you have access, use what was done in this lab to discuss post-exploitation. You must have at least five screenshots that illustrate you using Star Killer and what the objective of each step is.
Company is shopping site that uses the SQL query as the search to serach user query and the site was vulnerable to SQL injection attacks. I started to look in the source code of the site and got to know that a single query could result in total admin control and could change the prices of the all the product on the websites and this can be done by simply changing the data of the WHERE clause and setting it to 1 , 0 or -1 and i crafted a query where the where clause contained condition as 1 , so every was true and it returned a large amount of user details from the websites and i exploited this vulnerability further by adding myself as a admin user and transferred all user detail from website to myself.
Get Answers For Free
Most questions answered within 1 hours.