-
Posts
1838 -
Joined
-
Last visited
-
Days Won
31
Everything posted by M2G
-
This is an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI. What is SQLI? SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application. The underlying fact that allows for SQL Injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly. For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt. Here is a typical example: select * from users where username=’admin’ and password=’admin123?; If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password. admin’– The query in the back-end looks like: Select * from users where username=’admin’–’ and password=’xxx’; Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to: Select * from users where username=’admin’; So password check is bypassed. What is SQLMAP? SQLMAP is an open source penetration testing tool that helps in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full access over the database servers. SQLMAP comes with a powerful detecting engine, along with many niche features for the penetration tester and a wide range of switches lasting from database fingerprinting, data fetching from the database, accessing the underlying file system, and executing the commands on Operating System via out-of-band Connections. Since SQLMAP is developed in Python it is a portable application, meaning that it will work in any operating system that supports Python. What is SQLMAP burp plug-in? When we audit a web application, we normally configure an intermediate proxy to have more control over the request and response parameters. SQLMAP plug-in is an add-on feature that we can configure to the burp through which we can redirect a URL or a request directly to the SQLMAP with a single mouse click. How to download the plug-inYou can download the zip file from the following URL: Downloads - gason - BurpSuite Plugin's Project - Google Project Hosting Unzip the file and keep it in the same folder where burp proxy is located. Then execute the following command to run the burp with plug-in. LINUX: Java –classpath burpplugins.jar:”burpsuite_v1.4.0.1.jar” burp.StartBurp Windows: Java –classpath burpsuite_v1.4.0.1.jar,burpplugins.jar burp.StartBurp Replace the burpsuite with the appropriate version that you are using. In my case I am using burpsuite_v1.4.0.1.jar You need to download the SQLMAP as you need to give the executable to the plug-in. Setting up SQLMAP: On Windows: Download and install Python 2.7* (Download Python) official website for downloading Python Download SQLMAP (https://github.com/sqlmapproject/sqlmap) Unzip the name.zip file to the sqlmap directory. On Debian or Ubuntu Sudo apt-get install python-tk python2.7 git clone git://github.com/sqlmapproject/sqlmap.git cd sqlmap wget http://gui-for-sqlmap.googlecode.com/files/sqm-60712.zip unzip sqm-60712.zip Setting up the environment If you are using OWASP broken web application, then simply access one of the vulnerable sites from your local browser where you are running SQLMAP. If you don’t use OWASP broken web application, then you need to set up a virtual machine that has a web server to host the vulnerable web application. Configure another VM with Ubuntu where the attacker runs SQLMAP. Configuring the Proxy If you are using Mozilla Firefox, then go to Edit > Preferences > Advanced > Network > Settings and select “Manual Proxy Configuration” by enabling the radio button. Run the HTTP proxy with local-host and the port in which the proxy is running. If you are using Chrome, then go-to Settings > Show Advanced Options > Network > Change Proxy Settings > Connections > LAN Settings. How to use the plug-in Once you load the plug-in, then it is very easy to make use of it. Run the burp proxy with the loaded plug-in. In the “site map” tab under the “target” you can see the particular domain that you are trying to test for SQLI and all the crawled pages related to the domain. On the right side click on the URL that you want to test, you can see the request parameters of the URL in the bottom panel. Right click on the request parameters and you can see the option “Send to sqlmap” as shown in the figure (I). Then you can see a new window (SQLMap wrapper) that will allow you to configure sqlmap. The below image gives you a clear view of the wrapper. Let’s observe figure (II): Now let us have an overview of the configuration features of the wrapper. In the “Target” textbox specify the URL that you are willing to test. (Normally it will be filled by default as you have sent the request parameters previously, if needed you can change the URL). Specify the method on which the domain is accessible (GET/POST). In the “Bin-path” give sqlmap executable. If you are aware of the DBMS of the web application, specify the database by selecting one of the options listed in the dropdown list. By default “auto” is selected which means that the SQLMAP wrapper tries with all the databases listed in the dropdown list to find out the database used by the application. You can enumerate the database users, passwords, roles, privileges, databases, etc. by selecting the appropriate option from the Action dropdown list. By default it is set to “auto” which means it will try to enumerate all the options listed in the dropdown list in sequential order. If you are aware of the databases, users, tables, or columns, you can enumerate it by simply specifying it in the Database options. Tampers are a kind of special characters or symbols that you are willing to insert into the query while pen-testing the application. Once you configure the SQLMAP, click on “RUN”, this will open a new tab with execution of the program with the configuration that you have given to the wrapper or the SQLMAP. We can make any number of simultaneous execution tabs with different instances. The below image shows the output tab. Let’s observe figure (III): Bored with theory, now let us see an example. The below URL is a vulnerable site for practicing the SQLI. You can also find the SQLI practice URLs by Googling. Eastern Academy of Science & Technology (EAST) The id parameter in the above URL is vulnerable to SQLI; let us find it out through our SQLMAP wrapper (Burp suite plug-in). Open the URL in the browser for which the proxy has been configured. In the proxy (burp) go to the “site map” and click on the URL and send it to the sqlmap by right clicking on the response parameters of the website, as I mentioned previously. Figure (IV) shows you the wrapper opened for the above mentioned URL. The target specifies the URL we are testing, the cookie specifies the cookie or session ID. The wrapper automatically identifies the positions in the URL where SQLI can be injected and specifies a list of the parameters in the “Parameters to test” text area (in our case we have only one possibility for injection which is “id” parameter). In this example I have configured the SQLMAP wrapper to enumerate the list of databases that are configured in the backend database. Figure (V) shows you the output tab which displays how the plug-in tried to exploit the SQLI vulnerability in different ways. We can see that initially the wrapper tried to exploit the vulnerability by using “Boolean-based blind SQLI” AND by using the operator. The payload shows how the tool tried to exploit the vulnerability. Here we can see the payload: id=22 AND 4626=4626, which is equivalent to the following URL: http://www.eastodissa.ac.IN/news-and-events.php?id=22 AND 4626=4626 As the URL is always true, the above URL returns the same page as of the original URL. In the second trail it tried “error-based SQLI”, and later by using UNION operator. From the figure (VI) we can observe more server details like web server, Operating System, and back-end DBMS. “Information_schema” and “nilakantatrust” are the two databases that are used by the web application. Now let us try to enumerate all the tables and the columns of the tables from the above databases. To do so configure the SQLMAP wrapper Action field with the option “Enumerate database tables and columns”. Figure (VII) shows you the same. Figure (VIII) shows us the tables of the database “nilakantatrust”. Let us see the columns of these tables. Figure (IX) shows the columns and their data types of two tables “est_notice” and “est_news” of the nilakantatrust database. We can also dump the complete database by selecting the option “dump dbms databases”. And also store complete data into a file by using the option “save to file” in the output tab. Figure (X) shows the dumped data of the table “est_admin” from “nilakantatrust” database and storing it into a file. Conclusion SQLMAP is a powerful tool which is used to automate the process of detecting and exploiting the SQLI. Sursa
-
Din hacker, paznic la serverele unei firme IT.
M2G replied to sicilianul's topic in Stiri securitate
In articol scrie ca supravegheaza serverele, nu ca le pazeste. La asta se referea. E o diferenta totusi... -
sunt inca activ
-
Da-mi PM sa vad despre ce este vorba si in cazul in care consider ca e necesar iti dau add.
-
Stergi codul de la button click si pui verificarea asta. Daca vrei delay, pui ca dupa ce ai facut click pe buton sa incrementeze valoarea la progress bar la un anumit interval de timp. De exemplu jumate de secunda dar e cam mult si asa. if (ProgressBar1.Value == ProgressBar1.Maximum) Then generateKey() msgbox1.show("key generated") End If private Sub generateKey() Dim Key As Integer Key = (Rnd() * 10) Select Case Key Case 1 TextBox1.Text = "GJKSA-AGS3-GH3SG-54JH" Case 2 TextBox1.Text = "H45HD-J5H4D-H4KN6-DJJ4" Case 3 TextBox1.Text = "MBEGA-GASGA-GASG3-J6J6" Case 4 TextBox1.Text = "MVHFG-AHDY2-HAYDH2-AHDW" Case 5 TextBox1.Text = "LAM3J-84JFH-4YS6D-2H282" Case 6 TextBox1.Text = "MAK2L-DSFAG-WHTOF-WHTS" Case 7 TextBox1.Text = "LAKFG-WJALS-GWITG-AWFS" Case 8 TextBox1.Text = "MAK2L-DSFAG-WHTOF-WHTS" Case 9 TextBox1.Text = "LAM3J-84JFH-4YS6D-2H282" Case 10 TextBox1.Text = "MBEGA-GASGA-GASG3-J6J6" End Select end sub
-
Din hacker, paznic la serverele unei firme IT.
M2G replied to sicilianul's topic in Stiri securitate
De parca era mai bine sa ramana infractor... Prea multe filme aveti in cap. -
Conform Google search, xp suge
-
Cred ca data trecuta cand sa discutat era diferita abordarea, in sensul ca cei care postau des chestii de calitate primeau VIP sau custom title, ceva de genul, nu mai retin. Abordarea aceasta mi se pare super buna. Sa se faca niste categorii si staff-ul sa aleaga in fiecare an "purtatorul coroanei" pentru acea categorie. As zice sa facem poll, daca sunt si adminii de acord.
-
A mai trebuit sa platesti ceva?
-
Daca s-ar posta acolo chestiile de incepatori, cu tot cu intrebari, tutoriale si chestii de genul acesta, atunci DA. Ar creste calitatea celorlalte sectiuni daca lucrurile de incepatori sunt tinute intr-o sectiune separata. Dezavantajul ar fi ca moderatorii trebuie sa fie mai "alerti".
-
CryptoObfuscator.2012.R2.Build.120910.Cracked.by.y oza[UpK]
M2G replied to io.kent's topic in Programe hacking
Eu rog un admin/mod sa il mute la stuff tools. Descarcati de pe primul link. La linkul de pe zippyshare nu merge parola. parola: humlevel23biz -
Salut si bine ai venit. Poti sa imi zici firma? Si eu lucrez tot la Cluj.
-
Intel researchers believe they have a workable manufacturing method for 10nm processors, paving the way for future chips that consume less power and have greater performance than their forebears. Intel researchers think they have cracked the 10nm manufacturing problem, paving the way for advanced chips which consume very little power. The chip company's Ivy Bridge and Haswell chips are due to be built onto its 22nm tri-gate process. After that, the company will move to 14nm and is expecting to start making chips with that process in late-2013 or early 2014. On Wednesday at the Intel Developer Forum, the company revealed that it thinks if knows how to build to 10nm as well. The process a chip is made to dictates the density with which transistors can be packed together and the efficiency with which they use power, so new manufacturing methods at finer detail levels allow for better chips. "The 14nm technology is in full development mode now and on track for full production readiness at the end of next year," Mark Bohr, director of process architecture and integration for Intel's technology manufacturing group, said. "Right now I'm spending my time personally on 10nm pathfinding and it looks like we have a solution there." The 10nm solution may rely on a number of experimental technologies (pictured) potentially based around photonics, graphene, materials synthesis, dense memory, nanowires, extreme ultra violet lithography (EUV) and updated tri-gate transistors, Bohr said. When it comes to how the 10nm chips will be manufactured, Intel has an immersion lithography method that works, though it would prefer to use EUV. "I'd like to have EUV for 10, but I can't bet that it would be ready in time," Bohr said, hinting at the difficulties in using this method. EUV has much higher costs than immersion lithography. Intel's research group are also exploring technologies for 7nm and 5nm solutions, though these are a very long way off as 10nm is not expected to go into production qualification until 2015. Bohr capped off his talk by noting that Intel, unlike chip rivals AMD and ARM, owns and operates its manufacturing facilities. "Yes, [process development] requires huge investments, but it also provides huge economic advantages," he said. ARM licenses its chips and they are predominantly made in foundries operated by Samsung, the Taiwan Semiconductor Manufacturing Company, and GlobalFoundries. AMD uses GlobalFoundries. Intel has a three year lead over these companies in terms of process, and with the news on Wednesday it looks like it could maintain that far into the future. Sursa
-
E unul de vreo 4Gb pe docs. L-am urcat eu pe docs.rtfm.us dar nu la mutat inca tex pe index. edit: pe cel de 18GB l-am vazut cand a fost urcat. Se poate descarca de aici: http://docspedia.org/details.php?id=11708 Daca nu aveti cont dau o invitatie la primul venit.
-
Wtf is this shit?
-
cauta aici: Index of /
-
Am comandat si eu unul. Sper sa nu ma futa la transport.
-
Eu votez cu ENCODED. God help us all.
-
@ENCODED Mie imi place @sTarT. Poti pleca la capsuni! Daca e Romanian Security Team ce steag vrei sa fie? Al frantei? Poate ca sunt tingani si hoti care fac tara asta de rusine dar cu siguranta nu e o rusine sa zici ca esti roman. Cel putin mie nu imi e.
-
Gata bai programatorilor! Se discuta despre header intr-un mod conceptual nu despre codul care vine scris la implementare. Sa se puna pe treaba astia tari in photoshop.
-
In general fetele nu prea au o experienta placuta pe aici. Citeste regulamentul: https://rstcenter.com/forum/3968-regulile-forumului-cititi-cu-atentie.rst Bun venit.
-
Nu zic ca nu e o metoda buna. Doar ca din punct de vedere tehnic nu e nimic nou/inedit. Evident, o sa mearga pe orice sistem windows care are instalat java.
-
Pun pariu ca cel care a facut videoul e indian. Numa aia is asa prosti. E absurd, ala e doar un driveby. De ce nu ar merge pe win 8 ca si pe celelalte? Nu e vulnerabilitate din windows. Daca nu ai java instalat nu o sa functioneze. E aceasi chestie ca si pana acum doar ca e facuta pe win 8.
-
Le poti accesa de aici: Index of /Users/M2G/Electronics/Electronica/