root@localhost:~#

June 2, 2018 | Author: ubaid | Category: Hacker (Computer Security), Password, Phishing, Sql, Computer Network
Share Embed Donate


Short Description

Learn Ethical Hacking from Beginning. Get awareness about latest cyber security threats. From the phishing to RFI everyt...

Description

root@localhost:~#

root@localhost:~# “what they keep secret we expose” By Ubaid (aka) $cr1pt Kid33

1

Copyright Notice Any unauthorized use, distributing, reproducing is strictly prohibited. Without the permission of its author. Liability Disclaimer The information provided in this eBook is to be used for educational purposes only. The eBook creator is in no way responsible for any misuse of the information provided. All of the information in this eBook is meant to help the reader develop a hacker defence attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.

2

Contents Contents..............................................................3 Introduction.........................................................6 What is ethical hacking...........................................................6 Who is a hacker.....................................................................6 Types of hackers ....................................................................6 Who can use this book............................................................7 NETWORKING.......................................................................... 7 a)Concept of networking.................................................................................7 b)Basics about TCP & UDP...............................................................................8

Programming.......................................................9 Do I really need it?..................................................................9 Where should I start?..............................................................9

Backtrack...........................................................10 What is it?............................................................................. 11 2.Installing & Running Backtrack .........................................12 1)Clean Hard drive install..............................................................................12 2)Dualboot Installation..................................................................................17 3)USB installation.......................................................................................... 18

Basic Linux Commands.........................................................19

Password Hacking..............................................20 3

Password Cracking................................................................20 1)Brute Force................................................................................................ 20 2) Dictionary Based attack............................................................................21 3)Rainbow tables........................................................................................... 21 Rainbow tables are a large database of pre computed ciphers with their actual plaintext from which they were calculated. Rainbow table generator are the tools which takes all possible combination of legal characters & calculate their hash using your desired algorithm & store them in a large database. Common Cryptographic algorithm used in CMS’s are...................21

Phishing................................................................................24 1)Demo (How crackers hack your facebook account using phishing)............24

Desktop phishing..................................................................28 Social Engineering...............................................................29 Keylogging............................................................................30 Demo: How to hack using Ardamax Keylogger..............................................31

RAT (Remote Access Trojen).................................................34 Malware................................................................................35

Web Hacking......................................................35 Footprinting..........................................................................35 Port Scanning........................................................................ 39 SqlInjection...........................................................................41 Authentication Bypass..........................................................50 XSS.......................................................................................51 CSRF.....................................................................................53 Buffer Overflow.....................................................................54 RFI........................................................................................ 57

4

LFI......................................................................................... 58 Open Redirection.................................................................61

About.................................................................62

5

Introduction What is ethical hacking Ethical Hacking is the process of finding vulnerabilities in a computer system by using programming or non programming skills (just like rooting an apple device without any software) & then exploiting these vulnerabilities.

Who is a hacker A hacker is someone who uses his computer knowledge to find vulnerabilities in computer systems & then exploit it for any reason including Patriotism, malicious purpose, or some personal problems with the owner of that system.

Types of hackers There are basically three types of hackers:1-: Grey Hat They are the combination of both Black Hat & White Hat hackers. They Sometime work as defensive & sometime offensive. 2:-White Hat Their sole purpose is to test websites individualy or for a company & report them about their vulnerabilities. 3:-Black Hat They break system security for malicious purposes including identity theft, credit card theft, destruction of data etc,. Other Than these there are also some other types:1. Elite Hackers They are highly skilled hackers they are good programmers as well. They create new exploits & also help in cyber security awareness. 6

2. Script Kiddies They are non-expert they usually hack using programmes created by others but they are a rank higher than Neophyte. 3. Neophyte These are the newbies or n00bs who don’t know anything about hacking & other techniques. 4. Blue Hat A person outside some security company or a firm who test security or bug vulnerabilities of their apps. 5. Hacktivists A hacktivist is a hacker who breaks into a system to announce a social, political or religious message.

Who can use this book Anybody who is interested in cyber security including Students, administrators, webmasters, analysts, engineers blah blah in fact everybody who is connected to internet can use its content to get some awareness about latest cyber attacks.

NETWORKING a) Concept of networking

Networking is the process of connecting two or more computers in order to communicate & share resources such as printers,data etc. a)LAN A Local Area Network (LAN) is a network that is confined to a relatively small area. It is generally

7

limited to a geographic area such as a writing lab, school, or building. b)WAN Wide Area Networks (WANs) connect networks in larger geographic areas, such as Kashmir, the Palestine, or the world. Dedicated transoceanic cabling or satellite uplinks may be used to connect this type of global network. c)MAN A Wide Area Network or WAN is a type of networking where a number of resources are installed across a large area such as multinational business. Through WAN offices in different countries can be interconnected. The best example of a WAN could be the Internet that is the largest network in the world. In WAN computer systems on different sites can be linked d)Peer to Peer(P2P) A peer-to-peer (abbreviated to P2P) computer network is one in which each computer in the network can act as a client or server for the other computers in the network, allowing shared access to various resources such as files, peripherals, and sensors without the need for a central server. b) Basics about TCP & UDP Transmission Control Protocol It is a connection oriented protocol Message delivery is guaranteed Data arrives in order Packets are sent as Stream There is retransmission of packets It is Slow because of extensive error checking which make it slow E.g. include HTTP, SMTP, FTP, SSH

8

User Datagram Protocol It is a connection less protocol Message delivery isn’t guaranteed There is no order in data arriving Packets are sent individually There is no retransmission of packets It allows only basic error checking making it faster than TCP but less robust E.g. include DNS, VOIP,SNMP,BOOTP

Programming Do I really need it? To Become a good hacker you should possess a good programming skills. Its the only way you will create your own exploits & tools which will help you a lot in your way to become a good hacker. “Eat, Drink & code, Or your system will overload” – Microsoft*(Hack Marathon)

Where should I start? The most important question every newbie asks, the easiest way is to start reading books, clear the basics then go into advance & the important thing take references from the programmers. Type Compiled

Description Those which are processed by a compiler

Multiparadigm

They allow a program to use more than one programming style

E.g C,C+ +,C#,VisualBasic,Vis ual Fox Pro etc PHP,Python,Perl etc

1) Always take languages which are easy to understand. 2) Try to make your own programs as soon as possible. 9

3) Look at your code & try to understand every example, how & what do these codes do, why we need them & blah blah 4) Learn how to use a debugger. 5) If you are not able to understand clear your ideas from various online forums like Stack overflow. 6) All languages are almost same the only difference is that the syntax changes, that’s why take only that language which you think you can understand, so that it will be easy for you to understand other languages too. 7) Keep Coding, Coding & Coding

Backtrack

10

What is it? BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use.The current version is BackTrack 5 R3. It consists many tools. BackTrack arranges tools into 12 categories:



Information gathering Vulnerability assessment



Exploitation tools



Privilege escalation



Maintaining access



Reverse engineering



RFID tools



Stress testing



Forensics



Reporting tools



Services



Miscellaneous



Some of the well known security tools which it includes are: Metasploit for integration  RFMON, injection capable wireless drivers  Aircrack-ng  Kismet  Nmap  Ophcrack  Ettercap  Wireshark (formerly known as Ethereal)

Download it here

11

2.Installing & Running Backtrack There are 4 ways by which you can install backtrack, depending on you i.Clean Hard drive install: whole drive is used for backtrack ii.Dual Boot Installation:Your system already have a windows o/s which is taking up all the space in your hard drive, now you are resizing or partitioning your drive to install dual o/s i.e window + Backtrack iii.USB installation: Installing backtrack either clean hard drive or dual boot with a USB drive instead of a DVD

1) Clean Hard drive install

 Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.  Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.

12

13

14

 Select your geographical location and click “forward”. Same for the Keyboard layout

15

The next screen allows you to configure the partitioning

layout. The assumption is that we are deleting the whole drive and installing BackTrack on it. Accept the installation summary and client “Install”. Allow the installation to run & complete.

16

Restart when done Log into BackTrack with the default username and password root / toor. Change root password. Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot.

2) Dualboot Installation

 Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.  Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.  Select your geographical location and click “forward”. Same for the Keyboard layout.  The next screen allows you to configure the partitioning layout. The assumption is that we are resizing the Windows 7 partition and installing BackTrack on the newly made space.  Grub should allow you to boot both into BackTrack and Windows. 17

 Log into BackTrack with the default username and password root / toor. Change root password.  Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot.  Accept the installation summary and client “Install”. Allow the installation to run and complete. Restart when done. 3) USB installation

 Plug in your USB Drive (Minimum USB Drive capacity 2 GB)  Format the USB drive to FAT32  Download Unetbootin from http://unetbootin.sourceforge.net/  Start Unetbootin and select diskimage (use your backtrack ISO)

18

 Select your USB drive and click “OK” for creating a bootable BackTrack USB drive  Log into BackTrack with the default username and password root / toor.

Basic Linux Commands Startx:To start GUI in backtrack Halt:Shudown Sleep:sleep Reboot:Restart Cd:change directory Ls –la: Listing directory Mv $folder $newfolder:Change the name of a directory Pwd: Print working directory Find / love: Find file named love in rot directory Rm –r:Remove an existing directory Cp:copy files Killall program:Kill all Processes Ps aux:show running process Ifconfig:Ipconfig Gcc in_file –o out_file: For compiling c files Sudo:To give super user rights Ping host:Sends an echo request via TCP/Ip to a specified host Id:To which user you are logged in cat /etc/passwd:To show account list uname –r:Show released info uname –a:Show kernel version dpkg -l:To get list of all the installed programs last -30: Show’s log’s of last 30 ip’s useradd: To add user account usermod: To modify useraccount w:show logged users locate password.txt:Show location of password.txt in current directory rm –rf/: To remove all chmod ### $folder: change permission of a folder lsmod:Dump kernel modules dmesg:To check Hardware info

19

For the beginners there are a lot of websites which teach linux for free check it out this on http://www.beginlinux.org/ or just google it

Password Hacking The Process of stealing password or credentials from the legitimate user is called password hacking. There are many ways by which we can get the password of device, email, router, account blah blah.

Password Cracking The process by which we get a password by giving a range of characters or predefined words is called password cracking. Password can be cracked by the following ways:a) Brute force Attack b) Dictionary Based attack c) Rainbow tables

1) Brute Force

Brute Force is a technique used by a application program to decode any encrypted data (encoded using an algorithm). What a Brute Force program actually do is, it take all possible combination of legal characters i.e. Alphabets (both uppercase & lowercase), Numbers, & Symbols & proceeds with them. If the password length is 4 & contains only alphabets in lowercase & no special character or number therefore it will starts brute force like this “a”,“aa”,“aaa”,“aaaa”,”aaab”,aaac” blah blah. These programs can attempt many strings per minute. For a strong encrypted data (consisting Alphabets both uppercase & lowercase, Numbers, & Special Characters 20

i.e. Symbols) can take many days to get decrypted. These programs can overcome any encrypted data (password/hash). Some of the Commonly Used Programs Are Cain & Abel, Brutus, John The Ripper etc. Backtrack contains many brute force tools.

2) Dictionary Based attack

In this technique a program uses an English Dictionary to decrypt an encrypted cipher. In this type a program uses all possible legal words contained in a dictionary to decrypt a password/hash known as cipher. Cain & Abel, Brutus, John The Ripper are some of the tools used to launch a dictionary based attack. 3) Rainbow tables

Rainbow tables are a large database of pre computed ciphers with their actual plaintext from which they were calculated. Rainbow table generator are the tools which takes all possible combination of legal characters & calculate their hash using your desired algorithm & store them in a large database. Common Cryptographic algorithm used in CMS’s are

21

22

Cryptographic Length Hash MD5 128 bits MD5 Salted

128 bits : Any Length

SHA1

160 bits

SHA256

256 bits

MySql 5

164 bits

MD5 (wordpress)

136 bits

Note 32 char Hexadecimal Contains two blocks 32 char Hex:Random 40 char Hexadecimal 64 Char Hexadecimal 41 char All Char Capital Starts with Asterik * 34 Char Starts with $P$ Variable case alpha numeric

MD5 (phpBB3)

136 bits

23

34 Char Starts with $H$ Variable case alpha numeric

Phishing The most common way to acquire personal information such as username, password, email id, credit card info, etc. If you too lazy to inspect some basic info just like seeing your url while clicking on any link, then you will soon lose access to your account’s. Here is a demo how to hack into any account using phishing. 1) Demo (How crackers hack your facebook account using phishing)

1. Go to facebook.com 2. Right click anywhere on the page & click on view page source

3. Copy all source code into notepad or any editor. 4. Inspect the source code & find “action=” as shown in fig.

24

Change “action=https://www.facebook.com/login.php? login_attempt=1” to “action=next.php” & method=”post” to method=”get” & save whole page to anything say hello.php 5. Now open a new page in notepad & write the following code into it

& save as next.php in the same directory I will not go into deep what these pieces of lines

do. 6. Now again open a new page in Notepad & save as passes.txt (Keep the page blank) 7. Create a hosting account at any free hosting website say bytehost & get your domain say XXXXXX.bytehost.com. 8. Now open your dashboard & click on filemanager.

25

Under file manager click on public_html

9. Upload all three files to the public_html folder. 10. Now your Urls will be like this XXXXXX.bytehost.com/index.php XXXXXX.bytehost.com/next.php XXXXXX.bytehost.com/passes.txt 11. Give your url XXXXXX.bytehost.com/index.php to your victim & try to convince him to login with his credentials. (I am kidding dnt try to pwn any one, it’s only for educational purpose)

In image I logged in with username=aa & password=aa 12. When anybody login to that website with his email id & password, the credentials will be saved at 26

XXXXXX.bytehost.com/passes.txt & he will be redirected to real facebook login page.

Whoo you have got the credentials of your victim. This tutorial is only for educational purpose, & will make you aware about how hackers hack into your profiles by phishing.

How to Prevent yourself from being a victim of phishing The best way to prevent phishing is that you Always double check (if your eye site is weak :P lol) the url of facebook website & always use secure connection “https://” instead of “http://” i.e https://www.facebook.com. Hackers always use domain names similar to facebook like facebok,facebuk,face-bok blah blah

27

Desktop phishing Host file is a system file used by the operating system to map hostname to their ip addresses. It is %windir %\System32\drivers\etc. Things you need 1. Static ip or you can use a vpn which assign you a static ip like Strong Open VPN Download It Here 2. A webserver wamp or xampp 3. Facebook phisher (Already built in simple phishing above this tutorial) 4. Desktop phishing script 5. & Binder google them. Install Wamp & VPN Now copy phishing files i.e (hello.html, next.php, & passes.txt) to the root directory of your webserver for wamp it is %installation directory/wamp/www

Now open Notepad & enter this Desktop phishing script

Replace 0.1.2.3 in Desktop phishing script with the ip address you got from the vpn, to check ip address goto http://cmyip.com & save file as anything.bat This file could look like suspicious to the persom you are sending through email or by data transfer medium. So we will bind it with another file using binder’s Google them you will find loads of binders out there. 28

After the victim executes your .bat file his host file adds some thing like this

& whenever he enter www.facebook .com he will be redirected to you ip address hosting phisher.

Social Engineering Its one of the biggest threat to our privacy. It’s an act by which an attacker manipulates with the mind of people so that they can give their confidential information to the attacker. They usually trick people by reading their body language. Biggest scam’s like fake lottery, money transfer etc are the result of social engineering. It plays a vital role in any type of phishing. It is the biggest threat to the companies. They (attacker) usually trick employees of the company resulting in the theft of financial information/confidential information. An attacker usually call or email people tell them he is from the customer care/support & ask them some personal question’s like their Name, D.O.B, Residence, email id, Password & usually most of the people give their personal information including their 29

password thinking that they are getting that call/email from a legitimate source. After collecting some information they get access to your secret information/accounts. And Bang! Victim gets Social Engineered.

Keylogging Keylogging is the method of tracking the keys struck on keyboard. It can be done by two ways either using Software Keylogger or Hardware Keylogger. Both these keylogger’s store the keys struck on the keyboard in the memory in the form of logs. Later these logs can be send to the email id, or the ftp of the attack. Software Keylogger: They usually consist of two files i.e. “.dll” & “.exe” file. The .exe file executes the dll file & makes the keylogger work. They are binded & encrypted, making an anti-virus hard to find any evidence. They usually work in stealth mode making victim even more hard to find them. They have many features like:1. They work in stealth mode. 2. They capture screenshots. 3. They consist remotely deploy wizard. 4. Registry entries are hidden. 5. Website visited tracks. 6. Application used tracks. 7. Capture HTTP Post operation. 8. Capture video of victim using webcam. 9. Record sound of surrounding using a microphone connected. 10. They can be exported using txt or html. 11. User friendly interface. 12. Can track your location. 13. Automatic delivery of logs after interval set by attacker. 14. Capture chat logs. 15. Password authentication.

30

Demo: How to hack using Ardamax Keylogger.

1. Buy ardamax Keylogger from their site or just Google it if you don’t want to spend money. You will get a pro version

with remote deployment wizard.Install the setup. Now register your keylogger.

31

2. After registering click on remote Installation

3. Click Next until you Security dialog, Click on enable & set password. After that click on Next. Now you will get Options dialog here set your magic keys.Click next. Now Comes the first part of Control section Select the method & time interval through which you want to receive the logs as shown in image “4”.Click next. Now comes the heart of this tutorial if you make some mistakes here your keylogger will not work enter the details as shown in image “5”. Click next. After clicking next you will get another Control dialog as shown in image “6”.Keep your desired settings here. & click next. Note: Keep you Anti Virus Disabled

32

4.

Keep clicking next until you get destination dialog Select your path, change icon & click next until the wizard gets completed & you will get a success build message.

33

5. After building you need to crypt it so that it will not get detected by anti virus. Download any good FUD(Fully UnDetectable) Crypter(google it), which will crypt your keylogger & Now can bypass anti virus. Note: This file will get detected by most of the anti virus, so keep your anti virus disabled until you make your keylogger. 6. Now share your keylogger through your Social engineering talent :P :D

RAT (Remote Access Trojen) Its is a type of trojen which is used to control over the victims machine. Once installed it can do whatever an attacker wish, can create files, folders, open cd-drive, play popup, use you files, upload & download files on you machine. After installing on your machine an attacker can do all these things remotely:1. Create, Open & delete Files & Folders. 2. Format complete hard disk 3. Install malicious programs. 4. Overload your memory RAM or ROM 5. Can use your system for malicious purposes like DDOS 6. Hide files, & folders 7. Control your peripherals & start or kill your processes. 8. Record music & video 9. Steal passwords 10. Print rich contents & view your screen. Some of the commonly used RAT are Cybergate, Darkcomet,LAN filtrator, Spy-Net.

34

Malware Malware is a piece of script which is used to destroy/disable computers, gather sensitive data, gain access to private networks, create backdoors or to interrupt a private computer network. They include worm, Trojans, adwares, spywares, rootkits & viruses. In short when we combine all type of computer threats then they are known as Malware. It is usually used to spy on foreign networks, government organizations, or corporate sectors. It can be either a piece of script, software or active contents. They usually copy itself from one network to another using removable disks. They are distributed through social networking sites, file sharing websites, or infected websites. Once the file is installed on your device it then connect to internet & download other modules of it.

Web Hacking Website hacking is the process of penetrating into a web application by exploiting a vulnerability in it. Below are some of the techniques used by attackers

Footprinting This is the first step of ethical hacking. Before a pen tester goes into deep, the most important thing is to gather some information about the machine. It includes checking open ports, whois, nslookup etc a) Open Ports:- Firstly we need to know what are Networking Ports? A port is a specific software either application or process, acting as a end point of a computer’s host operating system. E.g. Port 80=HTTP, 21=FTP, 443=SSL . To find the Open Port in A End User system we have many tools available, Most widely tool is Nmap which help us to detect ports on a remote system. Also there are many online websites which help you find the open ports on a

35

remote system like yougetsignal, canyouseeme, t1shopper etc b) Banner Grabbing: After finding the open ports now comes the Banner Grabbing. It is the technique by which a attacker can get some really important information about the services running on the remote system like operating system, service application version, developer etc. You Can get information using telnet simply. Open command

prompt & enter as shown in image. Replace google.com with your website

After enter these information you will get some information like this

36

After getting the banner information an attacker finds the exploit for the services running on that remote host. Commonly used exploit database’s are exploit-db, 1337day, metasploit, security vulns c) Other than these methods an attacker can use various other techniques to dig up information from the various online sources like whois, it is the method by which an attacker can get information about the domain name registering organization or individual like his name, address, email etc. Commonly used websites for finding who is are whois.net, whois.com, who.is, network solutions d) Nslookup: It is the technique to get information about name servers of a domain & map dns records. It comes pre installed with windows o/s. To get information about a domain follow these steps: Open command prompt & enter “nslookup anyurl.com”

37

Or you can use online services to find nslookup like Network-tools e) Tracert: It is another important tool, it allows an attacker to find the route & delay time to the remote host. Using simple command “tracertyoururl.ext” e.g., tracert yahoo.com

38

Port Scanning Port scanning is one of the important aspect of ethical hacking. We can scan ports both with/without using a software. One of the best tool used for scan ports is Nmap. For windows Download GUI of Nmap called Zenmap from their official website For linux users, open terminal & type “sudo apt-get install nmap” (without quotes) It comes preloaded with backtrack linux. For windows:After Installing open zenmap.exe GUI of nmap will open in front of you Enter the url in the url field & choose your profile depending upon your needs.

39

Since these tools left a bunch of traces including your Ip address it can sometimes create a problem for the person scanning a remote host. Therefore it is better to use an alternative, & mostly people prefer to do all the things using website without installing such software’s on their machine. Here i have got an alternative ScanPlanner it is a website which detect many useful thing on a remote host including ports, O/S, Remote Services/Versions. Goto ScanPlanner, Enter your url in the input box & select the appropriate check boxes. & click in Run Scan

40

Besides scanplanner there is another site known as yougetsignal which allows us to find many useful information about a website including ports, reverse ip, network location etc

SqlInjection Before Sql Injection we have to know about Sql. Sql or Structured Query Language as the name implies is a programming language responsible for the updating, deleting & requesting information from the database management systems. Sql injection is a flaw in a application which exploits a bug that can allow attacker to get sensitive information from the database. It is one of the deadliest hacking technique by attackers which is caused by the vulnerability when the user input is not filtered properly, the user input is allowed to execute as a sql statement in the database of the application. The attacker inserts a sql command (query) into the entry form or any input field which gets executed in the database application enabling attacker to manipulate database. A successful sql injection can enable attacker to read the data from database or write data into the database. Key Concept of SQL injection

41

• User input is directly sent to database interpreter as a sql query without filtering the input. • Attacker tricks interpreter by using various special sql queries. • By using sql queries an attacker can do whatever an attacker wants to do e.g delete, read, write, update data etc • With the sql injection vulnerability an attacker can deface the website. • Upload malicious files thus can get access to whole server & can execute remote codes on host operating system. Demo:String SQLQuery ="SELECT Username, Password From users where username='" + txtUsername.text + "' AND Password='" + txtPassword.text + "'"; If an attackers inserts ' or '1'='1 as username & password the query will become as

String SQLQuery ="SELECT Username, Password From users where username=' or '1'='1 AND Password=' or '1'='1 “'"; As we know one is always equal to one, thus it will login an attacker as a user, and return data from the database allowing an unauthorised user to view sensitive data. Later an attacker can edit, update, or delete from the database.

Testing SQL injection vulnerability

42

The easiest way is to use an single quote (‘) after the variable of an parameter.

http://vulnerablesite.tld/index.php? id=test’ If you get some error like “ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line “” , or if you notice something went missing from page like picture, text etc or the webpage is taking a long time to open after adding the single quote. Then that website is vulnerable. Or sometimes you will get more generic response from server like HTTP Server status Code 500, that means sql statement is invalid.

Manual Sql Injection Demo (From Xedlgubaid.blogspot.com) 1). Check for vulnerability Let's say that we have some site like this http://www.site.com/news.php?id=5 Now to test if it is vulnerable add quote ' (quote), and that would be http://www.site.com/news.php?id=5' some error like

so if we get

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..." or something similar as discussed above in Testing Sql injection vulnerability 2). Find the number of columns To find number of columns we use statement ORDER BY . We will keep incrementing the number 43

until we get an error. http://www.site.com/news.php?id=5 order by 1/*
View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF