How to Protect Your Site Against SQLi

0 Comments
Hi all users, This is simple tutorial for beginners on how to protect your site against  SQL Injection and this tutorial will also help you check if your site is vulnerable to SQLi and how to make it resistant to SQLi.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:
x' or 'a' = 'a
If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:
x' or 1=1--
Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.

If you were able to log in, then the code which generates the SQL for the login looks something like this:
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of $username and secret is put in place of $password. The SQL that is generated then looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'
But when you enter x' or 'a' = 'a as the password, the SQL which is generated looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'
Notice that the string: x' or 'a' = 'a has injected an extra phrase into the WHERE clause: or 'a' = 'a' . This means that the WHERE is always true, and so this query will return a row contain the user's details.

If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random.

How to resist against SQLi?

Fixing this security loophole is not so difficult. There are several ways to do it. If you are using MySQL,, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:
$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";
Now when the SQL is built, it will come out as:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'
Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.
Read More ->>

How to Detect Anonymous IP Addresses

0 Comments
As the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address.

Following are some of the examples where fraudsters use the proxies to hide their actual IP:

1. Credit Card Frauds

For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

2. Bypass Website Country Restrictions

Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.

Proxy Detection Services

So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind and FraudLabs to detect the usage of proxy or spoofed IP from users participating online.

Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?

Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.

The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Tell Whether a given IP is Real or a Proxy?

There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.

So for all those who think that they can escape by using a spoofed IP, this post is the answer. I hope this information helps. Pass your comments.
Read More ->>

How to Create Your Own Customized Run Commands

0 Comments
The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that:

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below:

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.

I hope you like this post! Pass your comments.
Read More ->>

How Antivirus Software Works

0 Comments
Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.

How Antivirus Works

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk. 

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.

Issues of concern

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released everyday, it is most essential to update the antivirus software so as to keep the virus definitions up-to-date. Most softwares will have an auto-update feature so that the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user education is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.
Read More ->>

Hack Websites Database Using XPath Injection

0 Comments
Everyday many website gets hacked by hackers but most of the hackers are hacking those website just for popularity nothing else. Today i am writing this tutorial on XPath Injection, in which i will explain you, How Hackers Hack Website Using XPath Injection.

In a typical Web Application architecture, all data is stored on a Database server. This Database server store data in various formats like an LDAP, XML or RDBMS database. The application queries the server and accesses the information based on the user input.

Normally attackers try to extract more information than allowed by manipulating or using the query with specially crafted inputs.Here, in this tutorial we’ll be discussing XPATH Injection techniques to extract data from XML databases.

XPath Injection Tutorial To Hack Websites Database

Before we go deeper into XPATH injection lets take a brief look at what XML and XPath.

What is XML?

XML stands for Extensible Markup Language and was designed or used to describe data. It provide platform for programmers to create their own customized tags to store data on database server. An XML document is mostly similar to an RDBMS Database except for the way data is stored in them. In case of a normal database, data is stored in a table rows and columns and in XML the data is stored in nodes in a tree form.

What is XPath?

XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database.
XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Doing so would allow a malicious user to bypass authentication (if an XML-based authentication system is used) or to access restricted data from the XML data source.

Lets learn with the help of examples that will show how XPath works, Let's assume that our database is represented by the following XML file:
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<username>example</username>
<password>123</password>
<account>admin</account>
</user>
<user>
<username>cutler</username>
<password>jay</password>
<account>guest</account>
</user>
<user>
<username>ronie</username>
<password>coleman</password>
<account>guest</account>
</user>
</users>
The above code show how username, password and user account details stored in XML file.

Following XPath query is used to returns the account whose username is "example" and the password is "123":
string(//user[username/text()='gandalf' and password/text()='!c3']/account/text())
If the application developer does not properly filter user input, the tester or hacker will be easily able to inject XPath code and interfere with the query result. For instance, the hacker or tester could input the following values:
Username: ' or '1' = '1
Password: ' or '1' = '1
Using these above parameters, the query becomes:
string(//user[username/text()='' or '1' = '1' and password/text()='' or '1' = '1']/account/text())
As in most of the common SQL Injection attack, we have created a query that always evaluates to true, which means that the application will authenticate the user even if a username or a password have not been provided.

And as in a common SQL Injection attack, with XPath injection, the first step is to insert a single quote (') in the field to be tested, introducing a syntax error in the query, and to check whether the application returns an error message.

If there is no knowledge about the XML data internal details and if the application does not provide useful error messages that help us reconstruct its internal logic, it is possible to perform a Blind XPath Injection attack(i will explain that in next tutorials), whose goal is to reconstruct the whole data structure. The technique is similar to inference based SQL Injection, as the approach is to inject code that creates a query that returns one bit of information.
Read More ->>

What is Denial of Service Attack | Dos Attack?

0 Comments
Hello everyone, by reading our previous post you might know that what is Ddos attack and how does it work? so today I want to share you a detailed tutoriallon denial of service attack and it's technique so lets get started Denial of Service or (DoS) or sometime referred as Distributed Denial of Service (DDos) attacks have matured from mere annoyances to severe high-profile attacks to e-commerce sites. When performing DoS attacks there are alot of approached techniques, including the famous but old "Ping of Death" which will be covered in this tutorial. DoS has been raging on since the 90's, getting more advanced and more serious. This tutorial is going to explain the jist of it to you.

We will start at the beginning and I will start by saying that if you plan to bring down a site with DoS its probably going to take more than 1 computer. The rage which has hit with DoS is DDoS (distributed denial of service) which is a DoS attack, but not done by one user, done by many users or a bot armie. A famous DDoS attack is the one done to GNR.com the attack completely took up all the sites bandwith within seconds. There site was recorded to have been attack by 456 Windows users. Now that you understand the god like power of this raging and more feared attack. Lets move on to the different types of DoS attacks.

Fragmentation overlap

By forcing the OS to deal with overlapping TCP/IP packet fragments, this attack caused many OSs to suffer crashes and resource starvation. Exploit code was realeased with names such as bong,boink, and teardrop.

Oversized Packets

This is called the "Ping of Death" (ping -1 65510 192.168.2.3) an a Windows system (where 192.168.2.3 is the IP adress of the intended slave). What is happening is the attacker is pinging every port on the victims computer causing it to echo back 65510 requests. Another example is a jolt attack a simple C program for OSs whose ping commands wont generate oversized packets. The main goals of the "Ping of Death" is to generate a packet size that exceeds 65,535 bytes. Which can abrubtly cause the slave computer to crash. This technique is old!

Nuke Attack

Yet another old form of attack this is related to a Windows vunlnerablity of some years ago that sent out-of-band(OOB) packets. To the consenting computer causing it to crash.

SYN floods

A newer technique of DoS is SYN floods, basically this is done through a 3 step process, better known as the three way handshake. When a TCP connection is initiated this occurs. Under some normal circumstances, a SYN packet is sent from a specific port on system 1 to a specific port on system 2 that is in the LISTEN state. Then the potential connection on system 2 is in a SYN_RECV state. At this stage system 2 will attempt to send back a SYN/ACK packet to system 1.If all works out, system 1 will send back an ACK packet, and the connection will move to an ESTABLISHED state. Now thats what happens most of the time, but a SYN flood is different it creates a half open connection. Most systems can sustain hundreds of connections on a specific port, but it will only take a few half open connections to exhaust all the resources on the computer.

Smurf Attack

The smurf attack was one of the first to demonstrate the use of unwitting DoS amplifiers on the Internet. A smurf takes advantage of directed broadcasts and requires a minimum of three actors: the attacker, the amplifying network, and the slave. What happens is the attacker sends out spoofed ICMP ECHO packets to the broadcast address of the amplifying network. The source address of packets is forged to make it appear as if the slave system has initiated the request. Then all hell breaks loose!!! Because the ECHO packet was sent to the broadcast address, all systems on the amplifying network will respond to the slave. Now take a thought if the attacker sends just a single ICMP packet to an amplifying network which contains 500 systems that will respond to a broadcast ping, the attacker has now succeeded in multiplying the DoS attack by a magnitude of 500!

Fraggle Attack

A fraggle attack is the same as a smurf attack, but it uses UDP ports instead.

DDoS Attack

This is a much harder to block kind of attack, it has been used against big sites such as E-Trade, Ebay, and countless others. The problem with these attacks there very hard to trace. Most traces can link back to @Home users! The new DDoS attacks are termed Zombies or Bots. These bots rely heavily on remote automation techniques borrowed from Internet Relay Chat (IRC) scripts of the same name. A group of zombies under the control of a single person is called a zombie network or a bot army. The master of these armys or networks can do full fledged DDoS attacks or SYN floods. The basic estimate size of zombie networks are from a few systems to 150,000 systems. Even a few hundred machines could prove very dangerous.
Read More ->>

What is Ddos Attack and How Does It Work?

0 Comments
Many of  people in illusions that Website hacking and Attacking is very Difficult and only some hackers and professionals can Do It... Now that's absolutely wrong thinking... Its as Easy as alphabetic.

Ddos Attack

First of all We all should know What are the Different Methods Of attacking Websites...
There are Generally Three Methods of Attacking an Website...
  • Ddos Attack
  • Shell Scripts Attack
  • Javascript Attack or Attack through Scripting
Note: SQL and other techniques comes in the Hacking Websites Part Not in attacking Part. Attacking is simply for fun or intentionally causing damage to the Website...

What is a Distributed Denial of Service (DDoS) attack?

Have you ever tried to make a telephone call but couldn't because all the telephone circuits were busy? This may happen on a major holiday and often happens on Diwali, New year etc.

The reason you couldn't get through is because the telephone system is designed to handle a limited number of calls at a time.

So upto now you will Got an Idea What is Ddos(Distibuted Denial of Service) Attack.
Basically Ddos attack is an attack which makes the Network So congested such that no further Requests are delivered.

This is Done by making a number of connections to the Websites through Different Computer or Networks. Also can be done from One Computer by making Connections through Different Ports as there are 64k ports available in Windows OS.

How Attacker Launch a Ddos Attack?

Over past years Denial of service attack has made huge amount of damage, Many of the have been victimed of this attack.

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

This attack also recently hit twitter on 6th August 2009,lot of people had trouble on logging on twitter,It was brought down by denial of service attack,They tired up there server so no one can get on log on it.Websites like facebook, eBay etc have also been victim of this attack.

First, Attackers build a network of computers that will be used to produce the volume of traffic needed to deny services to computer users. We'll call this an "attack network".

 To build this attack network, Attackers look for computers that are poorly secured, such as those that have not been properly patched, or those with out-of-date or non-existent anti-virus software. When the Attackers find such computers, they install new programs on the computers that they can remotely control to carry out the attack.

These days, however, the process of building an attack network has been automated through self-propagating programs. These programs automatically find vulnerable computers, attack them, and then install the necessary programs. The process begins again as those newly compromised computers look for still other vulnerable computers.

Once an attack network is built, the intruder is ready to attack the chosen victim or victims. Some information security experts believe that many attack networks currently exist and are dormant, passively waiting for the command to launch an attack against a victim's computers. Others believe that once a victim has been identified, the attack network is built and the attack launched soon afterward.

So guys i think this is enough for today hope you all now familer with Ddos attack in future post will we show how to do Ddos attacks with various hacking tools like Serve Attack Pro and LOIC (Low Orbit Ion Cannon) and other exploits.
Read More ->>
 
  • band Icons and buttons

    Icons and Buttons

    Our resources have been successfully downloaded over 10K times and found almost every where. Get yours!

  • choosing webhost for a blog

    Why HostGator?

    Learn Why we chose HostGator as our Web Host and find discount coupons to kick start your blog today!

  • SEO Settings for blogger

    ALL IN ONE SEO PACK 2012

    Learn every single SEO tip that will boost your blog's ranking and organic traffic. We got them all!

  • Blogger widgets and plugins

    Visit band's Blogger LAB

    Why not take a tour of all great Blogger widgets published so far? You Name it we have it!

  • become a six figure blogger!

    Become a SIX FIGURE BLOGGER

    Learn what it takes to become a successful entrepreneur and build a living online!

| Live Hack Tools © 2012. All Rights Reserved | Contact | About |