Do things a little bit different if you find a way that works for you

 Ok so today's is one of those things where I am not proud it took so long but I am proud that I finally came up with a solution. 


On pentesterlab I have been trying for a couple hours to use burp repeater to do a file upload injection but for some reason it wouldn't work. So, I decided to switch to using OWASP Zap to try on that tool and it didn't work.  I started getting frustrated and decided I would step back and try and think about a different way to do things.

Then I realized all I was trying to do was rename a file from test.php to test.php3 and upload it and repeater was just stopping me from having to rewrite the file on my desktop. SO, I figured I had already written the php code, so I went in copied what was in the file and created a new file with the test.php3 name and uploaded it the regular way. Now I know this is not the way pentesterlab has it set up BUT....

I would argue this. I spent probably 3 hours trying to do it their way. And time and again in the learning material you hear people say that sometimes you have to figure out a way to achieve the hack, and that, how you hack will not always be how someone else hacks.

So, if I were on a job and I couldn't figure out one way, but I knew another way that would take me less time and achieve the same results, don't you think my employer/client would want the one that achieved the results in the timeliest manner so I could move onto the next objective. 


I would argue that a hacker's real job isn't to copy and paste what other people have done to get a result but rather to achieve the objective any way that makes sense to them. copy and pasting that code took me less than 2 minutes in VI. then uploading to objective whereas trying it the other way took up 3 hours. So, in the future my plan is to learn what the core of being taught, learn the objective so that way I can learn the next thing and not get hung up on exact methods. Now it frees me up to learn more, achieve the next objective and consult someone a little more knowledgeable on what i was doing wrong when I get the chance. 


One thing I am trying to get is use my notes and screenshots to be able to show exactly what I am talking about with my lessons, but I need to get better using the tools and its hard cause I use 2 different computers so for now I am just writing the lessons I learn every day and sharing my struggles.


Don't get stagnant, move forward  

Comments

Post a Comment

Popular posts from this blog

BlackPearl Exploit

Image
 Now this exploit for my rig was a little hard just because I do not have the most RAM and it required slightly more than the others. So I took less screenshots  This again is the same step as the others. Figuring out what ports were available  Here we are using "ffuf" again Now I believe this is the first time we used "dnsrecon" And here we add the dns to our machine so we can perform the attack Follow me at  LinkedIn  or  Twitter
Read more

My first Exploit

Image
So In this I am going to show how I used metasploit to gain access to a machine we set up. Remember this is my first exploit so if you are looking for advanced techniques this is not the post for you. One thing I have learned so far that I believe is an advantage to me is that you need to do a lot of research. And why I think that's an advantage is because the company I started originally was designed to do research to find programs to help veteran business owners succeed, based on their demographics. This gave me a lot of experience in google search for one and for another thing I chose to do that because I actually enjoy the hunt of google. Getting lost in searches I don't know why I enjoy it, maybe because it gives me a chance to hyperfocus on something, I don't know. But anyways I am going to show some pictures on how I did it. I understand some think I go overboard on pictures but remember this blog is partially a note taking thing for me. I am using this as a way for ...
Read more

Sockets, Hydra and My very first port scanner

Image
 So we touched on Sockets on briefly, but we built our first port scanner. Now I decided to try both the 50-85 like the lesson taught then I went back and scanned all of them just out of curiosity. Let me tell you it took a while with as little processing power as my laptop has. But it was a fun lesson.  Socket above and Hydra Below Then below here is my first port scanner Feel Free to reach out on  LinkedIn  or  Twitter
Read more