AK/Wri/Breaking Things On Purpose

Breaking Things on Purpose

1 min read

3rd year.

I picked a pathway elective around penetration testing and security because it sounded different from regular coding labs. The idea was simple: find weaknesses before someone bad finds them.

We used lab VMs and were told not to try anything outside the lab network. Fair rule. I followed it because I did not want to explain myself to anyone official.

First lab was recon and basic scanning concepts:

Bash
# lab only - authorized network
nmap -sV 192.168.56.101

I typed too fast once and scanned the wrong IP in notes but nothing exploded. The instructor had isolated machines.

now we talked about SQL injection in a controlled example:

two examples are shown below i.e vulnerable login and input: admin' OR '1'='1

SQL
-- vulnerable login (lab example)
SELECT * FROM users WHERE username = 'admin' AND password = 'pass';

-- input: admin' OR '1'='1
-- query breaks open (lab demo)

I wrote that in my notebook three times until the quote marks made sense.

PYTHON
# my weak password checker from a side practice script
def check(pw):
  if len(pw) > 6:
    return "strong"  # wrong. length alone is not strength
  return "weak"