Forum Replies Created
- Posts
Hi!
I don’t get what you mean by page by page, databases don’t have pages, so can you explain?Thanks!
DiegoHi!
Basically if you know SQL syntax (like being a web developer) then the queries have a lot of sense, it’s not like “let’s see what happens if I add UNION here”, this injections are based on knowledge. Getting the correct number of columns is guessing indeed.
And it also depends on how the web application works, but yeah, basically you can use a,b,c,d,e instead. And as mentioned in the lecture we are adding our code to the original query by the web application, that’s why the UNION statement is used, to join both queries.Greetings!
DiegoHi!
No, those 1,2,3,4,5 are just the columns needed for the query to be valid, some of them are being printed on screen and some of them aren’t. This has been explained by Zaid in the lectures, maybe watch them again.
I know that sql can be a bit confusing in the beginning so look for information in internet, here’s an example:
https://portswigger.net/web-security/sql-injectionGreetings!
DiegoHI!
Ok, there’s no snapshot but I get the point. Yeah, it might be only in the Pro version. The only option I see is to make a copy of the .vmvmware folder but, depending on the software you have installed on kali, it might be like 15GB or so. In any case you can store it in an external device.Greetings!
DiegoHi!
To backup files you can do it as you normally do, for more privacy use a physical device like a USB or external hard drive, also you can use any cloud service you want.To backup Qubes you can read this article:
https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/I’ll suggest to read the Qubes documentation, it’s very extensive and well explained, they have answers for lot of questions as well in their website.
Greetings!
DiegoHi!
Each software is different, with VMware NAT is the same as NAT Network in VirtualBox. I don’t use windows and in the mac version is possible to take snapshots in the free version, are you sure it is not possible? Can you explain a bit? I mean like if there’s no button to do it or if it’s grayed out, etc.
Zaid changed to change to VMware because it is running smoother than VirtualBox and many windows users were having issues with it, so after some tests he decided to change.
Greetings!
DiegoHi!
It hasn’t passed the 15 hours since your last reply, so if you add more to the replay the timer will be reset.Also the latest custom kali will only work in VMware, so I’ll suggest to use it, then install metasploitable on it as well and try it again, if it still doesn’t work then share some screenshots with the metasploitable error.
Greetings!
DiegoHi!
You are not initializing the parser object, I’ll suggest to watch the lecture again as it seems that a very important step is not clear for you yet.
Greetings!
DiegoHi!
First you are missing the last semicolon, as mentioned in the lecture each sql query should end with it. Then if you haven’t created a database then you won’t able to see any. Run the commands in metasploitable as it contains some databases already.Greetings!
DiegoHi!
Ok, I saw the screenshot, and the gateways ip and mac address are there, it’s 10.0.2.2. In any case it looks like both machines are in different networks, double check the Network Setting in VirtualBox for both machines, they have to use the same NAT Network.
Hope it helps!
Diego
