http – Uploading php webshell using Burp Intruder

I am using Burp Intruder to upload a webshell to different directories.
enter image description here

enter image description here

These 400 responses tell me the requests are bad. I should be getting mostly 403 responses or maybe if I’m lucky the goal would be to get 1 200 response.

What is wrong with the requests I am making? If I make just 1 request with Repeater then I get the proper response which is 403.

send dual request in burpsuite intruder (series)

I want to send two requests to two separate end-point which the second one is dependent on the former…

end-point 1: submit a phone number (requirements: phone number)

end-point 2: signup (requirements: submit username + password + phone number)

Is there any way to fuzz a HTTP response field via Burp Intruder?

I found a privilege escalation bug in a HTTP response page and I want to fuzz one of the field with ID value that define the admin role and see if any other viable ID comes up. Is there a way to do this?

sql injection – Why intruder number of threads has an effect on the time delay of indiviual requests

I was solving SQL injection lab on Portswigger, and the lab was asking to exploit blind SQL injection by triggering time delays, using that to retrieve administrator password.

I was making 720 requests by Burp intruder, to test (a-z, 0-9) payload on each position of password whose length was 20. If my condition is true, ex. substring(password, 15, 1) = 'g') , then make a 2000 ms delay by executing pg_sleep(2).

The solution of the lab mention that you will need to make these requests using only one thread instead of 5 (the default). That’s my question, why number of threads matters here, I think it will matter if we are calculating the whole delay of all requests, but it will not matter on the delay of the 5th request for example.

If the request take 100 ms, and the number of threads was 5 or 1, the delay of this request alone will not change.

The point is, I made it with 5 threads to see how it will work, but I found that the requests that have a subtring(password, 20, 1) = 'q' and substring(password, 20, 1) = 'c', both have a delay exceeds 2000 ms, although it was supposed to have only one of them is exceeding 2000ms, as only one of them is true and pass the condition and execute pg_sleep(2).

Can someone explain to me why number of threads matters here?

Can an intruder use a Docker Desktop installation to run the keyboard or other capture (audio / video, network) on a Windows 10 system?

I am not looking for a tutorial for a feat.

"LostVicking" in a Docker forum post seems to be trying to mount its webcam device in a Docker container, but it is unsuccessful:

Is it possible to forward the webcam video to an image that can be coupled from Windows
10? I have seen the same question for Linux and the solution seems
be to use:

docker run –privileged -v / dev / video0: / dev / video0

Is there any similar trick when I am running Docker on Windows 10?
Presumably, isn't there an equivalent mount point that can be linked?

This made me wonder if Docker Desktop could facilitate the installation of the keyboard capture or other capture (audio, video, network), either by an adversary user with physical access to a shared machine (university computer lab, cyber café) or an intruder online. Or can Windows USB devices not be shared with Docker containers through Docker Desktop?

it's possible?

Is there an obvious countermeasure besides uninstalling Docker Desktop?

Obviously, someone with physical access to a Windows machine can install native Windows malware. This question implies whether Docker Desktop adds an additional, less monitored vector.

Bitcoin Core: what happens if an intruder modifies the scriptSig to get the same hashMerkleRoot from a block?

I guess you mean scriptPubKey In the exits of the coinbase transaction.

Assuming that what you are describing is popularly known in cryptography as a collision. If you can find two different texts in such a way that they both produce identical hashes, then you will have a collision. If you change the scriptPubKey in the output of the coinbase transaction, assuming no collision occurs, the txid and therefore change the merkleroot, which in turn would change the block header hash.

The SHA-256 algorithm generates 32 bytes, which means that there is a total of 2 ^ 256 (or 10 ^ 77 combination). SHA256 is a one-way mathematical function, as a result, you will have to use brute force to produce hash similar to the previous one. Executing that type of brute force is not only computationally impossible, but also impossible due to the energy it consumes (verify this).

web application – How do I extract the data from the response and use it in the URL for the next request in Burp Intruder?


When the previous url is requested, an answer comes with < a > tag that contains a new URL with different session values ​​like:

As you can see, the value of the session has changed and has changed in each request.

So, my question is, how can I use the Burp intruder to make repeated requests?

The workflow must be:

Burp> request sent> get response> take url or response session value> send request with session value updated in url> loop continues.