Showing posts with label SQL Injection. Show all posts
Showing posts with label SQL Injection. Show all posts

Sunday, January 29, 2012

Ethical Hacking Lab to Test and Learn SQL injection,XSS, CSRF Vulnerability

So far i have provided few Web Application Pen Testing tutorials .  Now it is time to for practicing your hacking / pentesting skills in legal way. Last time , i explained about the Damn Vulnerable  Web Application(DVWA). 

Now, i've come with different web application that will help you to improve your knowledge in web app pentesting.

The BodgeIt Store
Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing.

With this Vulnerable Application , you can practice the Following attacks:
  • Cross Site Scripting (XSS)
  • SQL injection (SQLi)
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities
There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.

How to setup the Pen Testing Lab?

Download the file and extract the zip file . Now you will get a WAR file(bodgeit.WAR).

step 1:Install the Tomcat
Install the Tomcat in your system.  If you don't know how to do install the tomcat , do google search.

Step 2: Start the server
Start the tomcat server.

In Ubuntu, type the following command in Terminal:
 sudo /etc/init.d/tomcat6 start
For windows users, just click the tomcat server in all programs.

Step 3:
Open the browser and type "localhost:8080". It will show a page "It works !".   There you can access the manager webapp(http://localhost:8080/manager/html) page.  Clicking the link will ask to enter the username and password.  enter your computer username and password.

Step 4:
Now you are in "Tomcat Web Application Manager" page.  Scroll down and there you can see the WAR file to deploy form.

Step 5: Deploying the WAR
click the Browse button and select the bodgeit.WAR file .  Now click the Deploy button.

Yes,  Now the Application successfully installed..

Access the BodgeIt in this location: http://localhost:8080/bodgeit/

Continue   Reading>>

Sunday, December 25, 2011

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

I hope you learned about the Sql injection and XSS from BTS.  But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime.  So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the  "Damn Vulnerable Web App (DVWA)".  It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:

For Installing the this application, you will need XAMPP server.

The installation procedure :

Using this application , you can also practice:

  • LFI /RFI (File Inclusion methods)
  • Command Execution
  • Upload Script
  • Login Brute Force
if you have any doubts, check their wiki page or comment here.
Continue   Reading>>

Monday, November 7, 2011

What is Blind Sql Injection ? Web Application Vulnerability Tutorial

Blind SQL injection technique is used when the web application is vulnerable but the output doesn’t display to the attacker. When hacker tries SQL injection, they will redirect to some other pages instead of error message. Blind SQL Injection is harder to implement when compared with the above Traditional SQL Injection Technique, it will take more time . There are some tools for Blind SQL Injection.

Blind SQL injection can be done by querying the database with sequence of true/false questions.

How to detect the Blind SQL Injection Vulnerability?
Web application gets the clients input and supplied in where clause to retrieve data from Database. For instance, let us say the web application gets id and supplied to the sql query as follows
Statement=”select * from userinfo where id=` “+id+” ` “;
Hope you know about where clause and compound conditions (OR, AND). OR and AND are used to combine two conditions. The attacker can find the vulnerability by entering the compound conditions as input.
For instance, the attacker can enter id value as
1 AND 1=1
The above query will become
Select * from userinfo WHERE id=1 AND 1=1
If the page remains on the same page, then the application may be vulnerable. This type of vulnerability occurs when the developer fails to validate the data type of ID. Here we give true condition (1=1). So if use false condition (1=2), it will raise an error message. We can conclude that if the condition is true, it remains in page. If false, showing error message.

Some Functions to be known
The following function will be useful for Blind SQL Injection.
substring(str, pos, length) is the function that returns the part of the String. sub string of the string is depending on the argument given to the function.

For instance substring(“hello”,2,1) will returns ‘e’. 
Here string is “hello”, character position is 2 (that is ‘e’), and length is 1.

  • lower(str) is the function that converts the character to lower case
  • ascii(c) is the function that converts the character to ASCII value.
  • length(str) returns the length of the string .
  • user() returns the current user(admin)
  • database() returns the database name.
  • version() retruns the version of database

Blind Sql Injection Tools:
When come to Blind Sql Injection vulnerability, it will time consuming process. So Automated tools are better than manual process. Here are list of Automated Tools

Meet you at our Next Article with more details about the Blind Sql Injection Attack.

We are providing this information as a part of our Ethical Hacking Tutorial. This article is created for understanding the Web application Vulnerability. We are not responsible for you illegal activity.

Stop stealing Our contents . I worked harder to create an article, you simply copying from us?! I asked website owners put our site as source at the end of article. Give respect to our hard work. Otherwise we don't have any other choice than report to Google under DMCA Copyrights.
Continue   Reading>>

Tuesday, October 11, 2011

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection:
Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections
Supported Database:
  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle

The tool supports 8 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

This Article is for Education purpose only.  The above mentioned software is developed for Penetration testers to test their own Web application Vulnerability. 
Continue   Reading>>

Wednesday, August 10, 2011

List of Online SQL Injection Scanner Websites
Continue   Reading>>
Older Post Home

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com