Breaking Things on Purpose
1 min read
3rd year.
I picked a pathway elective around penetration testing and security because it sounded different from regular coding labs. The idea was simple: find weaknesses before someone bad finds them.
We used lab VMs and were told not to try anything outside the lab network. Fair rule. I followed it because I did not want to explain myself to anyone official.
First lab was recon and basic scanning concepts:
Bash
# lab only - authorized network
nmap -sV 192.168.56.101
I typed too fast once and scanned the wrong IP in notes but nothing exploded. The instructor had isolated machines.
now we talked about SQL injection in a controlled example:
two examples are shown below i.e vulnerable login and input: admin' OR '1'='1
SQL
-- vulnerable login (lab example)
SELECT * FROM users WHERE username = 'admin' AND password = 'pass';
-- input: admin' OR '1'='1
-- query breaks open (lab demo)
I wrote that in my notebook three times until the quote marks made sense.
PYTHON
# my weak password checker from a side practice script
def check(pw):
if len(pw) > 6:
return "strong" # wrong. length alone is not strength
return "weak"