Hai folks,
This article gives you an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI.
Brute Force attack using Burp Authentication is the process of making sure that the right person is accessing the service or the right person is logging in, using different techniques like access tokens, passwords, keys, etc. The use of passwords is highly common in everyday life. HackerSploit here back again with another video, in this video series we will be learning web application penetration testing from beginner to adva. Burping is one of the simplest and fastest ways to relieve bloating, especially when it's concentrated in the stomach. Here are some tips to help you burp. If you're using Kali Linux then Burp Suite is Pre-installed with the free version, for other operating systems you can download and install Burp Suite from the Portswigger website. However the installations process is very easy, you have to choose your operating system and Download Burp Suite on Official Portswigger website. BurpSuite is a collection of tools to carry out pen testing or security auditing. This tutorial focuses on the Community version, the free one, which features Proxy, Intruder, Repeater, Sequencer, Comparer, Extender and Decoder tools.
What is SQLI?
SQL Injection is a web based attack used by the hackers to steal the sensitive information from the organizations through web applications. It is one of the most common application layer attack used today. This is a kind of an attack that takes an advantage of improper coding of the web applications that allow the hackers to exploit the vulnerability by injecting SQL commands into the prior web application.
Ag element. Underneath fact for the SQL Injection is because of the fields available for the user input in the web application allows SQL statements to pass through and interacts or queries the database directly.
For Example, Let us consider a web application that implements forms-based login mechanism to store the user credentials and perform a simple sql query to validate each login attempt. Here is a typical example.
select * from users where username='admin' and password='admin123′;
If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password.
admin'–
The query in the back-end looks like
Select * from users where username='admin'–‘ and password='xxx';
Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:
Select * from users where username='admin';
So password check is bypassed.
What is SQLMAP?
SQLMAP is an open source penetration testing tool that helps in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full access over the database servers. SQLMAP comes with powerful detecting engine, and many niche features for the penetration tester and wide range of switches lasting from database fingerprinting, data fetching from the database, accessing the underlying file system and executing the commands on Operating System via Out-of-band Connections.
Since SQLMAP is developed in python it is a portable application, meaning that it will work in any operating system that supports python.
What is SQLMAP burp plug-in?
When we audit a web application, we normally configure an intermediate proxy to have more control over the request and response parameters.
SQLMAP plug-in is an add-on feature that we can configure to the burp through which we can redirect a URL or a request directly to the SQLMAP with a single mouse click
How to download the plug-in:
You can download the zip file from the following URL:
Unzip the file and keep it in the same folder where burp proxy is located.
Then execute the following command to run the burp with plug-in
Using Burp Suite
LINUX:
Java –classpath burpplugins.jar:'burpsuite_v1.4.0.1.jar' burp.StartBurp
Windows:
Java –classpath burpsuite_v1.4.0.1.jar;burpplugins.jar burp.StartBurp
Replace the burpsutie with the appropriate version that you are using. In my case I am using burpsuite_v1.4.0.1.jar
You need to download the SQLMAP as you need to give the executable to the plug-in
Setting up SQLMAP:
On Windows:
- Download and Install python 2.7*(http://www.python.org/getit/) official website for downloading python
- Download sqlmap(https://github.com/sqlmapproject/sqlmap)
- Unzip the name.zip file to sqlmap directory.
On Debian or Ubuntu
- Sudo apt-get install python-tk python2.7
- git clone git://github.com/sqlmapproject/sqlmap.git
- cd sqlmap
- wget http://gui-for-sqlmap.googlecode.com/files/sqm-60712.zip
- unzip sqm-60712.zip
Setting up the environment:
- If you are using OWASP broken web application, then simply access one of the vulnerable site from your local browser where you are running SQLMAP
- If you don't use OWASP broken web application, then you need to set up a virtual machine that has a web server to host the vulnerable web application.
- Configure another VM with ubuntu where the attacker runs SQLMAP
Configuring the Proxy:
- If you are using Mozilla Firefox, then go to Edit > Preferences > Advanced > Network > settings and select 'Manual Proxy Configuration' by enabling the radio button. Run the HTTP proxy with local-host and the port in which the proxy is running
- If you are using Chrome, then go-to settings > Show Advanced Options > Network > Change proxy Settings > Connections > Lan settings.
How to use the plug-in:
Once you load the plug-in, then it is very easy to make use of it. Run the burp proxy with loaded plug-in. In the 'site map' tab under the 'target' you can see the particular domain that you are trying to test for SQLI and all the crawled pages related to the domain.
On the right side click on the URL that you want to test, you can see the request parameters of the URL in the bottom panel. Right click on the request parameters and you can see the option 'Send to sqlmap' as shown in the figure (I).
Figure (i)
Then you can see a new window (SQLMap wrapper) that will allow you to configure sqlmap. Below Image gives you a clear view of the wrapper. Let's observe figure (ii),
Now let us have an over view of configuration features of the wrapper. In the 'Target' textbox specify the URL that you are willing to test. (Normally it will be filled by default as you have sent the request parameters previously, if needed you can change the URL).
Specify the method on which the domain is accessible (GET/POST). In the 'Bin-path' give sqlmap executable.
If you are aware of the DBMS of the web application, specify the database by selecting one of the options listed in the dropdown list. By default 'auto' is selected which means that the SQLMAP wrapper tries with all the databases listed in the dropdown list to find out the database used by the application.
You can enumerate the database users, passwords, roles, privileges, databases etc by selecting the appropriate option from the Action dropdown list. By default it is set to 'auto' which means it will try to enumerate all the options listed in the dropdown list in the sequential order.
If you are aware of the databases, users, tables, or columns, you can enumerate it by simply specifying it in the Database options.
Tampers are a kind of special characters or symbols that you are willing to insert into the query while pen-testing the application.
Once we configure the SQLMAP click on the 'RUN', this will open a new tab with execution of the program with the configuration that you have given to the wrapper or the SQLMAP. We can make any number of simultaneous execution tabs with difference instances.
Below image shows the output tab. Let's observe figure (III),
Figure (III)
Bored with theory, now let us see an example, the below URL is a vulnerable site for practicing the SQLI. You can also find the SQLI practice URL's by goggling.
How To Burp Yourself
Id parameter in the above URL is vulnerable to SQLI; let us find it out through our SQLMAP wrapper (Burp suite plug-in).
Open the URL in the browser for which the proxy has been configured. In the proxy (burp) go to the 'site map' and click on the URL and send it to the sqlmap by right clicking on the response parameters of the website, as I mentioned previously. Figure (IV) shows you the wrapper opened for the above mentioned URL.
The target specifies the URL we are testing, cookie specifies the cookie or session id. Wrapper automatically identifies the positions in the URL where SQLI can be injected and specifies list of the parameters in 'Parameters to test' text area (in our case we have only one possibility for injection which is 'id' parameter). Ableton live intro.
In this example I have configured the SQLMAP wrapper to enumerate the list of databases that are configured in the backend database.
Figure (V)
Figure (V) shows you the output tab which intend displays you how the plug-in tried to exploit the SQLI vulnerability in different ways
We can see that initially the wrapper tried to exploit the vulnerability by using 'Boolean-based blind SQLI' by using AND operator. The payload shows how the tool tried to exploit the vulnerability. Here we can see the payload: id=22 AND 4626=4626, which is equivalent to the following URL:
http://www.eastodissa.ac.IN/news-and-events.php?id=22 AND 4626=4626
As the URL is always true, the above URL returns the same page as of the original URL.
In the second trail it tried 'error-based SQLI'. Later by using UNION operator
From the figure (VI) we can observe more server details like web server, Operating System, back-end DBMS.
' Information_schema' and 'nilakantatrust' are the two databases that are used by the web application.
Now let us try to enumerate all the tables and the columns of the tables from the above databases. To do so configure the SQLMAP wrapper Action field with the option 'Enumerate database tables and columns'. Figure (VII) shows you the same.
Figure (VII)
Figure (VIII) shows us the tables of the database 'nilakantatrust'
Let us see the columns of these tables. Figure (IX) shows the columns and their data types of two tables 'est_notice' and 'est_news' of nilakantatrust database.
Figure (IX)
We can also dump complete database by selecting the option 'dump dbms databases'. And also store complete data into a file by using the option 'save to file' in the output tab.
Figure (X) shows the dumped data of the table 'est_admin' from 'nilakantatrust' database and storing it into a file.
Conclusion:
SQLMAP is a powerful tool which is used to automate the process of detecting and exploiting the SQLI.
Hello ethical hackers and bug bounty hunters. Today, you will learn the top 10 Burp Suite extensions I found myself using over and over again. They assist me in different areas, such as pretty-printing data, actively testing for specific vulnerability classes, parsing API definitions and brute-forcing.
Wsdler is your burp extension for SOAP
During your penetration testing or bug bounty hunting, you might encounter SOAP-based APIs. They are web services that you can consume according to a file which describes the actions they expose and how to call them. Ableton live 10 pc. This file is based on the Web Services Description Language (WSDL).
Whenever you find one, you can parse it using Wsdler. Additionally, this Burp extension constructs the HTTP requests as the API expects them.
JSON Beautifier
Before Burp Suite rolled its Pretty button feature, this was the first extension I needed to install after any fresh Burp Suite setup. Nowadays, the majority of web application use RESTful APIs which generally use JSON objects to transfer data between the client and the server. JSON Beautifier prettifies the inline JSON data to make your life easier.
This Burp extension is free and can be used in either Burp Suite Community Edition or Professional.
J2EEScan is a great burp extension for Java EE applications
In my penetration testing assignments, I usually test J2EE web applications, which are Java web applications that support enterprise-level requirements, such as scalability and availability. Therefore, I use J2EEScan to assist me in finding vulnerabilities for the most common CVEs that target J2EE technologies.
The extension adds test cases to the BurpSuite Scanner. Therefore, there no additional configuration after you install it. All you have to do is run a scan and wait for vulnerabilities in the Issue Activity panel in the Burp's Dashboard tab.
JSON WEB Tokens, the Burp extension, not the standard
According to jwt.io, JSON Web Token is:
[…] an open standard […] that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
When you do bug bounty hunting or web application penetration testing, it is a pain to manually copy the tokens from Burp Suite and paste them into your favourite parsing tool, such as jwt.io. This extension allows you to parse the token within Burp, the same way JSON Beautifier prettifies inline JSON objects.
SAML Raider
For those of you who don't know what SAML, it's a standard used in Single Sign-On (SSO) for authentication. Here is a brief definition from Wikipedia:
Security Assertion Markup Language (SAML) […] is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions.
Since SAML requests contain long base64 encoded XML data, it is impractical to manually parse them. SAML Raider automatically performs the parsing within Burp Suite. Additionally, you can use it to perform known attacks against your target web application. In fact, it comes with pre-configured exploitation techniques, such as signature wrapping, that you can easily run to test for weaknesses in SAML implementations.
AuthMatrix burp extension for broken access control
Hai folks,
This article gives you an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI.
Brute Force attack using Burp Authentication is the process of making sure that the right person is accessing the service or the right person is logging in, using different techniques like access tokens, passwords, keys, etc. The use of passwords is highly common in everyday life. HackerSploit here back again with another video, in this video series we will be learning web application penetration testing from beginner to adva. Burping is one of the simplest and fastest ways to relieve bloating, especially when it's concentrated in the stomach. Here are some tips to help you burp. If you're using Kali Linux then Burp Suite is Pre-installed with the free version, for other operating systems you can download and install Burp Suite from the Portswigger website. However the installations process is very easy, you have to choose your operating system and Download Burp Suite on Official Portswigger website. BurpSuite is a collection of tools to carry out pen testing or security auditing. This tutorial focuses on the Community version, the free one, which features Proxy, Intruder, Repeater, Sequencer, Comparer, Extender and Decoder tools.
What is SQLI?
SQL Injection is a web based attack used by the hackers to steal the sensitive information from the organizations through web applications. It is one of the most common application layer attack used today. This is a kind of an attack that takes an advantage of improper coding of the web applications that allow the hackers to exploit the vulnerability by injecting SQL commands into the prior web application.
Ag element. Underneath fact for the SQL Injection is because of the fields available for the user input in the web application allows SQL statements to pass through and interacts or queries the database directly.
For Example, Let us consider a web application that implements forms-based login mechanism to store the user credentials and perform a simple sql query to validate each login attempt. Here is a typical example.
select * from users where username='admin' and password='admin123′;
If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password.
admin'–
The query in the back-end looks like
Select * from users where username='admin'–‘ and password='xxx';
Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:
Select * from users where username='admin';
So password check is bypassed.
What is SQLMAP?
SQLMAP is an open source penetration testing tool that helps in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full access over the database servers. SQLMAP comes with powerful detecting engine, and many niche features for the penetration tester and wide range of switches lasting from database fingerprinting, data fetching from the database, accessing the underlying file system and executing the commands on Operating System via Out-of-band Connections.
Since SQLMAP is developed in python it is a portable application, meaning that it will work in any operating system that supports python.
What is SQLMAP burp plug-in?
When we audit a web application, we normally configure an intermediate proxy to have more control over the request and response parameters.
SQLMAP plug-in is an add-on feature that we can configure to the burp through which we can redirect a URL or a request directly to the SQLMAP with a single mouse click
How to download the plug-in:
You can download the zip file from the following URL:
Unzip the file and keep it in the same folder where burp proxy is located.
Then execute the following command to run the burp with plug-in
Using Burp Suite
LINUX:
Java –classpath burpplugins.jar:'burpsuite_v1.4.0.1.jar' burp.StartBurp
Windows:
Java –classpath burpsuite_v1.4.0.1.jar;burpplugins.jar burp.StartBurp
Replace the burpsutie with the appropriate version that you are using. In my case I am using burpsuite_v1.4.0.1.jar
You need to download the SQLMAP as you need to give the executable to the plug-in
Setting up SQLMAP:
On Windows:
- Download and Install python 2.7*(http://www.python.org/getit/) official website for downloading python
- Download sqlmap(https://github.com/sqlmapproject/sqlmap)
- Unzip the name.zip file to sqlmap directory.
On Debian or Ubuntu
- Sudo apt-get install python-tk python2.7
- git clone git://github.com/sqlmapproject/sqlmap.git
- cd sqlmap
- wget http://gui-for-sqlmap.googlecode.com/files/sqm-60712.zip
- unzip sqm-60712.zip
Setting up the environment:
- If you are using OWASP broken web application, then simply access one of the vulnerable site from your local browser where you are running SQLMAP
- If you don't use OWASP broken web application, then you need to set up a virtual machine that has a web server to host the vulnerable web application.
- Configure another VM with ubuntu where the attacker runs SQLMAP
Configuring the Proxy:
- If you are using Mozilla Firefox, then go to Edit > Preferences > Advanced > Network > settings and select 'Manual Proxy Configuration' by enabling the radio button. Run the HTTP proxy with local-host and the port in which the proxy is running
- If you are using Chrome, then go-to settings > Show Advanced Options > Network > Change proxy Settings > Connections > Lan settings.
How to use the plug-in:
Once you load the plug-in, then it is very easy to make use of it. Run the burp proxy with loaded plug-in. In the 'site map' tab under the 'target' you can see the particular domain that you are trying to test for SQLI and all the crawled pages related to the domain.
On the right side click on the URL that you want to test, you can see the request parameters of the URL in the bottom panel. Right click on the request parameters and you can see the option 'Send to sqlmap' as shown in the figure (I).
Figure (i)
Then you can see a new window (SQLMap wrapper) that will allow you to configure sqlmap. Below Image gives you a clear view of the wrapper. Let's observe figure (ii),
Now let us have an over view of configuration features of the wrapper. In the 'Target' textbox specify the URL that you are willing to test. (Normally it will be filled by default as you have sent the request parameters previously, if needed you can change the URL).
Specify the method on which the domain is accessible (GET/POST). In the 'Bin-path' give sqlmap executable.
If you are aware of the DBMS of the web application, specify the database by selecting one of the options listed in the dropdown list. By default 'auto' is selected which means that the SQLMAP wrapper tries with all the databases listed in the dropdown list to find out the database used by the application.
You can enumerate the database users, passwords, roles, privileges, databases etc by selecting the appropriate option from the Action dropdown list. By default it is set to 'auto' which means it will try to enumerate all the options listed in the dropdown list in the sequential order.
If you are aware of the databases, users, tables, or columns, you can enumerate it by simply specifying it in the Database options.
Tampers are a kind of special characters or symbols that you are willing to insert into the query while pen-testing the application.
Once we configure the SQLMAP click on the 'RUN', this will open a new tab with execution of the program with the configuration that you have given to the wrapper or the SQLMAP. We can make any number of simultaneous execution tabs with difference instances.
Below image shows the output tab. Let's observe figure (III),
Figure (III)
Bored with theory, now let us see an example, the below URL is a vulnerable site for practicing the SQLI. You can also find the SQLI practice URL's by goggling.
How To Burp Yourself
Id parameter in the above URL is vulnerable to SQLI; let us find it out through our SQLMAP wrapper (Burp suite plug-in).
Open the URL in the browser for which the proxy has been configured. In the proxy (burp) go to the 'site map' and click on the URL and send it to the sqlmap by right clicking on the response parameters of the website, as I mentioned previously. Figure (IV) shows you the wrapper opened for the above mentioned URL.
The target specifies the URL we are testing, cookie specifies the cookie or session id. Wrapper automatically identifies the positions in the URL where SQLI can be injected and specifies list of the parameters in 'Parameters to test' text area (in our case we have only one possibility for injection which is 'id' parameter). Ableton live intro.
In this example I have configured the SQLMAP wrapper to enumerate the list of databases that are configured in the backend database.
Figure (V)
Figure (V) shows you the output tab which intend displays you how the plug-in tried to exploit the SQLI vulnerability in different ways
We can see that initially the wrapper tried to exploit the vulnerability by using 'Boolean-based blind SQLI' by using AND operator. The payload shows how the tool tried to exploit the vulnerability. Here we can see the payload: id=22 AND 4626=4626, which is equivalent to the following URL:
http://www.eastodissa.ac.IN/news-and-events.php?id=22 AND 4626=4626
As the URL is always true, the above URL returns the same page as of the original URL.
In the second trail it tried 'error-based SQLI'. Later by using UNION operator
From the figure (VI) we can observe more server details like web server, Operating System, back-end DBMS.
' Information_schema' and 'nilakantatrust' are the two databases that are used by the web application.
Now let us try to enumerate all the tables and the columns of the tables from the above databases. To do so configure the SQLMAP wrapper Action field with the option 'Enumerate database tables and columns'. Figure (VII) shows you the same.
Figure (VII)
Figure (VIII) shows us the tables of the database 'nilakantatrust'
Let us see the columns of these tables. Figure (IX) shows the columns and their data types of two tables 'est_notice' and 'est_news' of nilakantatrust database.
Figure (IX)
We can also dump complete database by selecting the option 'dump dbms databases'. And also store complete data into a file by using the option 'save to file' in the output tab.
Figure (X) shows the dumped data of the table 'est_admin' from 'nilakantatrust' database and storing it into a file.
Conclusion:
SQLMAP is a powerful tool which is used to automate the process of detecting and exploiting the SQLI.
Hello ethical hackers and bug bounty hunters. Today, you will learn the top 10 Burp Suite extensions I found myself using over and over again. They assist me in different areas, such as pretty-printing data, actively testing for specific vulnerability classes, parsing API definitions and brute-forcing.
Wsdler is your burp extension for SOAP
During your penetration testing or bug bounty hunting, you might encounter SOAP-based APIs. They are web services that you can consume according to a file which describes the actions they expose and how to call them. Ableton live 10 pc. This file is based on the Web Services Description Language (WSDL).
Whenever you find one, you can parse it using Wsdler. Additionally, this Burp extension constructs the HTTP requests as the API expects them.
JSON Beautifier
Before Burp Suite rolled its Pretty button feature, this was the first extension I needed to install after any fresh Burp Suite setup. Nowadays, the majority of web application use RESTful APIs which generally use JSON objects to transfer data between the client and the server. JSON Beautifier prettifies the inline JSON data to make your life easier.
This Burp extension is free and can be used in either Burp Suite Community Edition or Professional.
J2EEScan is a great burp extension for Java EE applications
In my penetration testing assignments, I usually test J2EE web applications, which are Java web applications that support enterprise-level requirements, such as scalability and availability. Therefore, I use J2EEScan to assist me in finding vulnerabilities for the most common CVEs that target J2EE technologies.
The extension adds test cases to the BurpSuite Scanner. Therefore, there no additional configuration after you install it. All you have to do is run a scan and wait for vulnerabilities in the Issue Activity panel in the Burp's Dashboard tab.
JSON WEB Tokens, the Burp extension, not the standard
According to jwt.io, JSON Web Token is:
[…] an open standard […] that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
When you do bug bounty hunting or web application penetration testing, it is a pain to manually copy the tokens from Burp Suite and paste them into your favourite parsing tool, such as jwt.io. This extension allows you to parse the token within Burp, the same way JSON Beautifier prettifies inline JSON objects.
SAML Raider
For those of you who don't know what SAML, it's a standard used in Single Sign-On (SSO) for authentication. Here is a brief definition from Wikipedia:
Security Assertion Markup Language (SAML) […] is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions.
Since SAML requests contain long base64 encoded XML data, it is impractical to manually parse them. SAML Raider automatically performs the parsing within Burp Suite. Additionally, you can use it to perform known attacks against your target web application. In fact, it comes with pre-configured exploitation techniques, such as signature wrapping, that you can easily run to test for weaknesses in SAML implementations.
AuthMatrix burp extension for broken access control
I've already covered this great extension in a Youtube video. It allows you to test for broken access control vulnerabilities, such as IDOR, unprotected endpoints, etc. The flow is fairly simple. Firstly, you browse your target application and send any interesting requests to this extension. Then, you create the target users, such as the attacker and the victim. Then, for each user, you configure the session cookies, and any HTTP headers containing tokens such as JWT or API keys. Lastly, you hit the run button and let AuthMatrix highlight the suspicious requests in red.
HTTP request smuggler
This is the go-to Burp extension when you want to easily detect and exploit a web application through HTTP Request Smuggling.
It detects whether you have a CL.TE or TE.CL condition and reports it directly into Burp Suite's Dashboard tab, under the Issue Activity menu where all the issues get listed.
If you have no clue about what do CL.TE and TE.CL means, I invite you to read this article from the authors of Burp Suite.
Turbo Intruder
This extension allows you to send large numbers of HTTP requests to a target web application. If you have Burp Community, you know that you can only work with a limited version of the Intruder which does not support multiple threads. Instead, you can use Turbo Intruder.
Since this Burp extension uses a Python snippet that you can edit, I recommend you get familiar with the basics of the Python programming language. That way, you can customize Turbo Intruder to bring more flexibility when you brute force.
Upload Scanner
Whenever you encounter a file upload feature that uses the multipart mime type, I encourage you to give this Burp extension a try. In fact, you can use it to probe the upload features for many security issues.
It fuzzes all the parameters using a set of organized categories that you can choose from. If the application retrieves the uploads, you can configure Upload Scanner to fetch the files to verify cases like XSS.
There are plenty of other features in this awesome Burp extension. I encourage you to learn more about it. Additionally, I prepared this Youtube video to show you how it works.
Java Deserialization Scanner
This Burp extension checks for insecure deserialization issues in Java applications. It uses pre-built serialized java objects to probe the application for a callback. You can configure this feedback to be either a time delay or a callback. If the application sleeps for some time before responding, or if you receive a hit as a callback, the extension highlights exactly what payload has triggered it. Therefore, you can prepare your own payload using tools such as ysoserial.
If you want to learn how insecure deserialization works and how to exploit it with real examples, I invite you to read this article.
Conclusion
There are so many tools, extensions and methodologies available a few clicks away. However, I should mention that you don't have to use them all. Take some time to discover how they work, then pick the ones that suit your taste and your needs.
Hopefully, this episode has shown you some new Burp extensions that might help you in your next assignment.
Until the next episode, stay curious, keep learning and go find some bugs!