Zark Arnold Morales sat hunched over his keyboard, the glow from the monitor casting sharp shadows across his face. His fingers tapped lightly against the desk, a rhythm that helped him think.
A message buzzed on his phone.
A freelance client.
"Zark, I need you to take a look at the vulnerabilities in the site. Payment upon delivery, as usual."
Zark sighed, cracking his knuckles before replying.
"On it."
He opened a terminal and typed out a command to scan the website. He mumbled to himself, his words barely audible.
"This should check which doors are open on the site and what's running behind them…"
The command was straightforward for Zark, but powerful for someone trying to find weak spots in a system.
bash
nmap -sV -sC -oN scan_report.txt client_website.com
He was using a tool called nmap, which is like a digital detective—it checks a website's "doors" (ports) to see which ones are open and what programs (services) are running behind those doors. It even uses some built-in tricks (scripts) to find common weaknesses. The results would be saved in a file for later.
As the scan started, Zark's foot tapped lightly on the floor. Waiting wasn't his style—there was always something else to do.
He switched tasks, opening another window to run a Python script for a different client. This one cleaned up a messy log file—basically a record of everything happening on a server, but cluttered with extra details that weren't needed.
"Just stripping out the junk, so the log is readable," he muttered.
The script was designed to remove unnecessary bits, like timestamps and other noise.
python
import re
log_file = open('logfile.txt', 'r')
cleaned_file = open('cleaned_log.txt', 'w')
for line in log_file:
cleaned_line = re.sub(r'\[.*?\]', '', line) # This removes the timestamps
cleaned_file.write(cleaned_line)
log_file.close()
cleaned_file.close()
He wrote a short program that scanned through the log file and removed everything between brackets—mainly timestamps and clutter. Once done, he sent the cleaned-up file back to the client.
bash
scp cleaned_log.txt user@clientserver:/var/logs/
That job out of the way, Zark leaned back in his chair, stretching as he glanced at the scan results.
Port 80 was open.
"Of course… SQL injection. Always SQL injection," he sighed. It was a common issue, and one that could easily be exploited.
SQL injection is when someone tricks a website into spilling its secrets by entering harmful commands where the site expects regular text. Zark wasn't surprised to find it, but he needed to dig deeper.
He fired up another tool, SQLmap, designed to test websites for this exact problem.
bash
sqlmap -u "http://client_website.com/product?id=1" --dbs
"This should show me the list of databases they're hiding," he murmured.
SQLmap would poke around the website's weak spots, looking for ways to pull out its internal database—essentially the place where all the website's important information was stored. As the tool did its work, Zark turned to another project.
He opened a desktop application he had been tweaking for a client. Just a few more adjustments to the buttons—making sure they did what they were supposed to when clicked.
"Let's see if this thing doesn't break," he muttered, focusing on the code.
vbnet
Private Sub btnSubmit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnSubmit.Click
If txtInput.Text = "" Then
MsgBox("Please enter a value.", MsgBoxStyle.Exclamation) ' Shows an error if no input is given
Else
lblOutput.Text = "Input received: " & txtInput.Text ' Processes the input when it's valid
End If
End Sub
The code was basic. If the user didn't enter anything, the program would tell them to fill in the blank. If they did enter something, it processed the information and displayed a message. He tested the app and it worked smoothly, so he packaged it up and sent it off.
Zark turned back to his main task. The SQLmap scan had finished.
As expected, the database was wide open.
He cracked his knuckles and stared at the screen. It was serious, but nothing he couldn't handle.
"Time to close this hole before someone else gets in," he whispered.
He quickly wrote a Python function to prevent any malicious commands from slipping through the website's input fields.
python
def sanitize_input(user_input):
return user_input.replace("'", "''").replace(";", "")
What he had done was simple, but effective—he replaced characters like single quotes and semicolons, which hackers used to inject harmful commands. This way, no one could trick the website into revealing its secrets. Once satisfied, Zark added the changes to the site's backend and committed the fix to the client's code repository.
bash
git add .
git commit -m "Patched SQL injection vulnerability and added input sanitization."
git push origin master
With the push complete, Zark leaned back again, rubbing his eyes. His foot resumed its soft tapping against the floor. The silence of his apartment pressed down on him, heavier now. His eyes drifted to the shelf where old programming books gathered dust.
"Feels like a lifetime ago," he whispered, almost unconsciously.
Once, he had devoured those books. They had been everything. Now, they were just tools—part of the routine.
His stomach growled, a reminder that it had been hours since he'd eaten. Zark grabbed leftovers from the fridge, eating in silence, his mind drifting back to his days at Lumenis Institute. Back then, he was surrounded by people with bright futures. People who had dreams.
"That was a different life," he muttered.
When he finished eating, Zark tossed the container aside and returned to his desk. Another message buzzed on his phone, but he ignored it. His eyes flicked once more to the books before settling back on the screen.
There was always more work to do. More code. More bills to pay.
"Maybe tomorrow," he whispered, though he didn't believe it.
For now, survival was enough.