Dienstag, 7. Juni 2011

Walk-through Kioptrix 1.2

I finally found the time to play with loneferret's Kioptrix (www.kioptrix.com) challenges and thought I would post another solution of the 3rd challenge which does not pull the hash values from the database via SQLi. Instead I decided to leverage the Local File Inclusion vulnerability together with SQLi and the sucrack tool (http://labs.portcullis.co.uk/application/sucrack/)

not very exciting but a different approach.


Another Solution for Kioptrix 1.2 from T0X1C on Vimeo.