Week 3

• Overview
  • Lab 9.1
  • Lab 9.2

Overview

Did Labs 9.1 and 9.2

Lab 9.1

Was able to breeze through this one, and don't have much to say. It was an SQL injection lab, and I had already gone through it last semester.

Lab 9.2

This one was far more difficult, and far more fun. I had to hack into a target, with no real guidance.

Given the context of the previous lab, it was no surprise that a major part of the process involved SQL injection.

At one point, I had managed to get a password hash, and I wanted to see if it already was computed - I figured simply searching for the md5 checksum of a password that can be found in rockyou.txt would get the password. It did, but in a way that felt kind of cheaty - it was exclusively in the tech journals of students who had previously gone through this lab, and had posted their answers publicly. Whoops.