Rana, Thank you for your efforts. this is omar, and i have a question. when i use the sniper attack in intruder it returns the enumerated password letter by letter, so i follow you again and i use the cluster bomb attack in intruder with two variable $1$ in the substring function and the $a$ in the end for comparison. and i follow exactly the same config as you do, the weird thing is: sniper attack works and returns a letter with welcome back message, cluster bomb never returns any welcome back messages and and all responses returned in cluster bomb attack are all of same length!! is there a bug in my birpsuite? because i can not imagine another reason!! please guide me here :) thank you

update: thank you Rana, I got the Catch! watch for the payload you chose from the list, and for what the cluster bomb actually fills in during the attack. I choose Numbers for payload 1, but during the attack burpsuite was filling mix of letters and other things! seems like a burpsuite problem. the fix: changed the payload type from Numbers to simple list and added integers from 1 to 20 to the list. worked like a charm!

thanks for this tip ill try it out too

i was thinking something similar as well!

Can you explain this better, please?

Tib3rius has several videos about buffer overflow: kzbin.info/www/bejne/Z4mVe3p8lJ59fa8

@@RanaKhalil101 Jazakallah hu khair

Nothing is stopping you from sending HTTP requests using Python

you can use the same substring() function for those fields like "database name", "user table name" or "username" if you have access to information_schema.tables with the injection. but it is the same way.

She mentioned so she wouldn't get a syntax error which cant be in the SQLi since you don't need it in this situation so my only guess would be so Obsidian (the note app she's using) doesn't throw up a syntax error.

Thank you! Here's a link to the video: kzbin.info/www/bejne/Z5-tmKimlrqDe7M&ab_channel=RanaKhalil

@@RanaKhalil101 I appreciate that thanks and Ramadan mbark

I was thinking the same thing.

You cannot do Python scripting in Burp. She is saying if you only have access to the Community edition a clusterbomb attack would take too long and she would rather write a Python script to perform the attack, because it has no built-in throttling like Burp Community Edition.

Links to scripts are in the description of the video :)

@@RanaKhalil101 oh ya I found those eventually... LOVE IT! Thanks so much for all your work!

both doesn't work for me do u have any idea ? i use burpsuite community edition

@@victornicol2136 try this: and(Select 'a' from users where username = 'administrator and LENGHT(password)>1)='a (make sure to encode it as url by pressing ctrl+u)

@@anirudhsaxena9214 doesnt work aswell 😕 but i think thé error com from the lenght command function because i tried with other values and it never work that weird : ' and (select 'a' from users where username='administrator' and lenght(administrator)>1)='a i feel like im missing something really stupid haha

@@victornicol2136 you are not getting welcome back message through this or getting protocol error

@@victornicol2136 broo thatsss notttttt lenght(administrator) that's LENGHT(password )🥲🥲🥲🥲

Well try and do that. Try brute-forcing a password, that is 20 characters long. In this lab, you have a specification, that the password is made up using only lowercase characters. That is 26 characters per slot. That is 20^26. The number is so large, you can not put it into a scale, that the human brain could comprehend. A modern computer can hash let's say 70k hashes a second. It would take 3040011596723926000000 years to break this password. Good luck with that.