Skip to content

Instantly share code, notes, and snippets.

@simonemainardi
simonemainardi / D-Link camera sending video in clear over the Internet.md
Last active December 31, 2020 08:04
D-Link camera sending video in clear over the Internet
@simonemainardi
simonemainardi / boolean-based-blind-sql-injection.md
Last active August 31, 2023 16:59
Using Blind SQL Injections to Retrieve Access Credentials of a Website

Using Blind SQL Injections to Retrieve Access Credentials of a Website

In this gist I show how I leveraged a boolean-blind sql injection to gain access to a protected website. The injection allowed me query the website database and retrieve a valid pair username/password. Using the retrieved credentials I was able to login into the protected section of the website.

Software Used

To perform the attack I used:

  • sqlmap to discover the website was vulnerable to SQL injections.
  • Burp Suite to forge and send POST requests to the website login page, carrying payloads opportunely crafted with SQL queries.
@simonemainardi
simonemainardi / disassemble-and-modify-a-binary-to-change-a-function.md
Last active January 18, 2024 18:05
Disassemble and Modify an Binary To Change a Function

Disassemble and Modify an Binary To Change a Function

In this gist I show how to disassemble and modify a Linux executable binary to change the body of a function. This will allow you to control how a binary behaves, even when you don't have access to the source code and you can't recompile it.

In my case, I was asked to try and bypass the protection mechanism implemented. The protection mechanism implemented was meant to only allow a binary to be run in presence of a valid license.

So basically my activity involved:

  • Finding the function which performs the protection check
  • Disassembling the binary