Showing posts with label IT. Show all posts

Session Cookie Based SQL Injection

Short Description: SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Did you say a “Cookie” 

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.[1]


Where can I find my cookies?


Here is one way to get your stored cookies using your browser. This method is applied for Mozilla Firefox:


  1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

  2. At the top of the window that appears, click Privacy.

 4. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:


  • To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
  • To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
  • To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
  • To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.

  4. Click OK until you return to the Firefox window.

To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.



Are you talking about a Cookie Poisoning-like attack?


Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.[4]
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

Cookie variables as a vector of SQL Injections:


SQL injection overview

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.

Injecting malicious code in cookie:

Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.



 function is_user($user) {

global $prefix, $db, $user_prefix;

if(!is_array($user)) {

        $user = base64_decode($user);

        $user = explode(“:”, $user);

$uid = “$user[0]“;

$pwd = “$user[2]“;

} else {

$uid = “$user[0]“;

$pwd = “$user[2]“;

}

if ($uid != “” AND $pwd != “”) {

    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$pass = $row[user_password];

if($pass == $pwd && $pass != “”) {

return 1;

}

}

return 0;

}

The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:


  SELECT user_password FROM nk_users WHERE user_id=’12345′ UNION SELECT ‘mypass’

This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?

There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. Forexample, ‘;‘ and ‘,‘ are typically treated as delimiters, so they endthe injection if they aren’t URL-encoded.

Conclusion

Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.

For more Updates Visit: amadahmad.blogspot.com


What Is A DNA computer? How Can It Beat The World’s Fastest Supercomputers?

Short Description: The concept of DNA computing was first introduced in 1994. It deals with the “bio-chips” made of DNA that are able to perform billions of calculations at once by multiplying themselves in number. In other words, a DNA computer grows as it computes. In a recent development, the researchers from the University of Manchester have shown that the creation of this conceptual computer is possible in real life.
   I
ntel is struggling to increase the speed of their CPU's due to the limitations of Moore’s law. The other processor makers are also working hard to beat the speed records. There’s no denying the fact that researchers and scientists need to look for silicon alternatives for faster computing. The silicon-based computers have a finite number of processors and, thus, their capabilities are also finite.

What is a DNA computer? How does it work?

Long back in 1994, the concept of computing with DNA was first proposed to make calculations faster even with a small footprint. Its major highlight was the ability to multiply itself and carry out numerous calculations simultaneously. In other words, unlike a normal computer that performs calculations one after another, a DNA computer does those calculations at once by making multiple copies of itself.
Coming back to the introduction of the concept of DNA computing in 1994, it was invented by the famous cryptographer Leonard Adleman who used DNA to solve the “traveling salesman” problem. The problem aimed at finding out the shortest route between a number of cities by going through each city only once. Adleman showed that billions of molecules in a drop of DNA had so much computational power that can simply overpower silicon and the powerful human-based computers.
In his experiment, the strands of DNA represented 7 cities. The sequences of genetic alphabets A, T, C, and G represented cities and the path. After this, when the DNA molecules were mixed in a test tube, some DNA strands stuck together and the chains of strands were the possible answers. Using some chemical reactions, wrong molecules were removed. You can read more about the process in detail in this paper written by Adleman himself.
These DNA molecules are able to store billions of times more data as compared to tradition storage devices. Due to an abundance availability of DNA, it’s a cheap resource. Also, a DNA computer will be environment-friendly and compact in size.

What’s the latest progress? Is DNA computing going to be a reality very soon?

In 1997, the researchers at the University of Rochester developed basic DNA logic gates, which was seen as a breakthrough. Recently, a major development in the field of DNA computing was made by the researchers from the University of Manchester, which is famous for creating first stored memory electronic computer.
The researchers have shown that it’s possible to build a DNA computer that’ll grow as it’ll compute. This concept is also being called a nondeterministic universal Turing machine (NUTM).
As the DNA molecules are very tiny, a desktop “DNA” computer can utilize more processors than all the electronic computers in the world combined. “And therefore outperform the world’s current fastest supercomputer, while consuming a tiny fraction of its energy,” according to Professor King of Manchester’s School of Computer Science.
In a research paper, they have described the physical design for an NUTM that implements a universal Thue system. This design uses the DNA’s ability to replicate to execute an exponential number of paths. Their paper shows that this design works using in vitro molecular biology experimentation and computation modeling. You can read the research paper to know more details.
Currently, the field of DNA computing is in its nascent stage, and it’ll take a long time to develop a working DNA computer. But, whatever might be the rate of progress, the concept surely sounds exciting.
For more Updates Visit: amadahmad.blogspot.com

Most Popular Programming Languages, Frameworks, Libraries, And Databases | 2017


Stack Overflow has released its much-anticipated Developer Survey 2017. This year, over 64,000 developers took part in the survey and shared their preferences. The survey revealed that for the fifth time in a row, JavaScript was the most commonly used programming language, followed by SQL and Java.
Stack Overflow is the world’s largest online community for programmers where they can learn languages, share code, and help each other. The website also releases its annual developer survey which gives a pretty solid idea of current programming trends, the work lives of developers, their habits and preferences, etc.
Since 2011, Stack Overflow is conducting this survey each year. This year’s survey is the biggest in Stack Overflow’s history with 64,000 developers taking part. Over the course of next few days, I’ll be telling you about some of the major highlights of this survey.

Most popular programming languages:

For the fifth time in a row, JavaScript has topped the list of the most commonly used programming languages. JavaScript is followed by SQL and Java.
The growth of Python is notable. It has overtaken PHP for the first time in five years. Here’s the list of the most popular programming languages:

Most popular frameworks, libraries:

In this category, Node.js and AngularJS continue to be the most commonly used technologies:

Most popular databases:

For the first time in its survey, Stack Overflow asked the developers what databases they were using. MySQL and SQL Server turned out to be the biggest databases:

For more Updates Visit: amadahmad.blogspot.com

Who's Tracking Your Smartphone?


 Safety should always be our top priority. With the help of just a few short codes, you can find out more about the settings of your phone and work out whether or not your messages and information are protected and whether you’re being tracked.

We has gathered together some of the most useful and important codes for smartphones all in one article, together with some instructions for those who’re worried about being tracked.

With this code, you can find out whether your calls, messages, and other data are being diverted. The status of the different types of diversions that are taking place along with the number the information is being transferred to will be displayed on your phone’s screen. This function is most often set up by either jealous partners or parents who are trying to protect their kids from spam or criminals. Elderly people often become victims of this practice when they lend their phone to a stranger to make a single call. If they do so, they risk having information about where they live, who their friends and family are, their habits and daily activities, and even their financial circumstances passed on to criminals.
Dial this code if you want to find out where calls, messages, and data are being redirected to if it seems that no one can get through to you. The chances are in this case that your voice calls are being redirected to one of your cell phone operator’s numbers.
This is a universal code for switching off all forms of redirection away from your phone. It’s a good idea to use this before you have to use roaming. In this case, money won’t be taken from your account for calls that are redirected by default to your voice mail.
With the help of this code, you can find out your IMEI (International Mobile Equipment Identifier). If you know this number, you can find your phone if someone steals it. When switched on, its location is automatically conveyed to the network operator even if a different SIM card is inserted. If someone knows your IMEI number, they can find out the model and technical characteristics of your phone.
Special codes exist that allow someone to track your location and also to determine whether someone is following you. For this, you need the utility net-monitor. Type in one of the following codes:

for iPhone: *3001#12345#* 
for Android: *#*#4636#*#* or *#*#197328640#*#*

Step 1. Go to the section called UMTS Cell Environment, then UMTS RR info, and write down all the numbers under Cell ID. These numbers are the basic stations located nearby. Your phone will connect by default to the one that emits the best signal.

Step 2. Go back to the main menu, and click on the MM info tab, then on Serving PLMN. Write down the numbers under Local Area Code (LAC).

Step 3. With the help of these two numbers and an ordinary website (the fourth tab to the left), you can determine the location on the map of the basic station that your phone is connected to.

The ones to be suspicious of are mobile basic stations — this could be a truck or small bus with a large antenna. These kinds of vehicles are used at rock festivals and in places where Internet coverage is poor. If there’s one of them nearby, seemingly without any logical reason, it’s just possible that someone is engaged in spying.
If you use Android, you should periodically check your phone for viruses. Place Raiders one of the most dangerous ones that can infect your device. Developed by American experts, it was meant to show how vulnerable our devices are. Once it gets onto a phone, this Trojan takes a series of photographs of the surrounding area, creates a 3D model of the building you’re in, and then takes advantage of any Internet connection to send the data that it’s gathered, adding along with it all the data on the phone and your passwords.
  • National security agencies in virtually all countries now cooperate with cell phone operators, who often provide the former with access to information on any of their customers provided they have a warrant from a court. As a minimum, they provide data from the last three months.

  • If your phone has been tapped by a security agency, the chances are you won’t even notice. If a phone makes odd noises during a conversation, loses battery power rapidly, overheats, or unexpectedly restarts, this is merely an indication that you need to get it repaired rather than a telltale sign that you’re being listened to.

  • People generally don’t reveal all that much in phone conversations, so from the point of view of those who want to listen in it’s much more worthwhile to set up special devices ("bugs") in someone’s home. Radio wave detectors can be used to work out whether such bugs are present in a building.
  • Use messaging apps that are completely closed to outsiders, such as Telegram, Chare, Wickr, or Signal.

  • Determine what information it’s safe to make accessible to all. Should everyone really be able to find out your phone number or have access to information about your family, loved ones, or your lifestyle? Be very careful when posting photographs of children.

  • Don’t install unknown programs on your phone, keep close track of the apps you have installed, and use multiple security locks wherever you can. Don’t click on unsafe links, and don’t connect your phone to suspicious "free" charging points.

  • Only your cell phone operator should ever offer you tracking services, and they should only turn them on with your explicit agreement. Websites and applications that offer to find out the location of other people are almost certainly acting with criminal intent. Be careful!

For More Visit : www.amadahmad.blogspot.com

6 Single Letter Programming Languages You Should Know About


Short Description: C and R are one of the most popular single letter programming languages. There are other lesser-known one-letter programming languages that solve specific problems. While F was developed as modern Fortran, K can be used to write elaborate programs in just a few characters. There exist other one letter programming languages like D, J, and M.
A
part from C, other single letter programming languages are aimed at performing specialized tasks. Many of them have a cult following in the developer community, thanks to their ability to solve tricky problems.

Just like C, another popular single letter programming language is R. It’s used to study numbers and create graphs with intricate data. Earlier, R was called S. In this article, I’ll be telling you about some more single letter programming languages. Let’s take a look:

6 Lesser Known Single Letter Programming Languages

D Programming Language

D is an object-oriented multi-paradigm system programming language with C-like syntax and static typing. It was developed by re-engineering C++ programming language. Apart from inheriting the C++ features, this single letter programming language also has some characteristics of other languages like C#, Java, Ruby, and Python. dlang.org

F Programming language

F was developed as modern Fortran. It’s a minimal subset of the language with about one hundred intrinsic procedures. It’s a compiled, modular, numeric programming language that’s designed to work with legacy Fortran 77 code. F was first included in g95 compiler.Fortran.com/F

J Programming language

J is a single letter programming language with a normal character set that offers the power of APL. It’s a high-level, high-performance, general purpose programming language that runs on 32/64-bit Windows/Linux/Mac, iOS, and Android. Its applications include mathematical, statistical, and logical analysis of data. Since 2011, J is free and open source under GPLv3 license. Jsoftware.com

K Programming Language

K is a proprietary language from array processing. Originally developed in 1993, this single letter language is a variant of APL and infuses the elements of Scheme. After its commercialization by Kx Systems, its open source fork Kona came into the picture. K lets one write detailed algorithms to deal with arrays with the help of just a few keystrokes. Kx.com

M Programming Language

M, or alternatively MUMPS (Massachusetts General Hospital Utility Multi-Programming System), is a general purpose programming language. Its key feature is an inbuilt database that enables high-level access to storage, using simple symbolic program variables and subscripted arrays to access the main memory. M uses the same basic syntax to access volatile memory and non-volatile storage, providing a high-performance data access. Today, it’s used in many large hospitals for data processing. MUMPS

P Programming Language

P is Microsoft’s programming language for asynchronous event-driven programming and Internet of Things applications. It’s a domain specific language that compiles to and interoperates with C. Microsoft has used this single letter programming language to implement and validate the USB device driver stack that comes with Windows Phone and Windows 8. Earlier this year, P was open sourced by Redmond. P on GitHu

Top 50 Linux System Administrator Interview Questions



Summary: Today, the job opportunities for Linux experts are more than ever. The Linux System Administrator interview questions range from basic Linux questions to networking, DevOps, and MySQL questions. So, one needs to prepare adequately to ensure success in the Linux system administrator interview process. 
According to a report, the open source and Linux job market is full of new opportunities. Due to the increasing adoption of open source technologies by the technology giants (Microsoft says HELLO!), there are ample job opportunities for system administrators and DevOps professionals.
While a huge demand continues to exist, just like any other job in the technology world, System Administrator have to go through a rigorous hiring process that consists of preparing a professional resume, technical exams, and interview questions. Out of these, cracking a job interview is often the most critical test.
During an interview, a candidate’s personal qualities are also checked and it’s evaluated if he/she is a right fit for the company. Apart from being calm and composed, being well-prepared for an interview is the best thing one can do in order to crack a Linux System Administrator interview.
             Read: 10 Best password cracking tool of 2016   


If you open your web browser and search for the phrase Linux System Administrator interview questions, you’ll get a long list of search results that will help your practice. Apart from the straightforward conceptual questions like “What does the permission 0750 on a file mean?”, Linux System Administrator interviews also come loaded with expert questions like “How do you catch a Linux signal on a script?”
To help you out in the Linux system administrator  interviews, I’ve compiled a list of my favorite questions of variable difficulty. These questions are framed with different approaches to find out more about the candidate and test his/her problem-solving skills:
1. What does nslookup do?
2. How do you display the top most process utilizing CPU process?
3. How to check all open ports on a Linux machine and block the unused ports?
4. What is Linux? How is it different from UNIX?
5. Explain the boot process of Unix System in details.
6. How do you change the permissions? How to create a file that’s read-only property?
7. Explain SUDO in detail. What are its disadvantages?
8. What is the difference between UDP and TCP?
9. Describe the boot order of a Linux machine.
10. Design a 3-tier web application.
11. Sketch how you would route network traffic from the internet into a few subnets.
12. How do you know about virtualization? Is it good to use?
13. What are different levels of RAID and what level will you use for a web server and database server?
14. List some latest developments in open source technologies.
15. Have you ever contributed to an open source project?
16. Systems engineer or a systems administrator? Explain?
17. List some of the common unethical practices followed by a system professional.
18. What is the common size for a swap partition under a Linux system?
19. What does a nameless directory represent in a Linux system?
20. How to list all files, including hidden ones, in a directory?
21. How to add a new system user without login permissions?
22. Explain a hardlink. What happens when a hardlink is removed?
23. What happens when a sysadmin executes this command: chmod 444 chmod
24. How do you determine the private and public IP addresses of a Linux system?
25. How do you send a mail attachment using bash?
26. Tell me something about the Linux distros used on servers.
27. Explain the process to re-install Grub in Linux in the shortest manner.
28. What is an A record, an NS record, a PTR record, a CNAME record, an MX record?
29. What is a zombie process? State its causes?
30. When do we prefer a script over a compiled program?
31. How to create a simple master/slave cluster?
32. What happens when you delete the source to a symlink?
33. How to restrict an IP so that it may not use the FTP Server?
34. Explain the directory structure of Linux. What contents go in /usr/local?
35. What is git? Explain its structure and working.
36. How would you send an automated email to 100 people at 12:00 AM?
37. Tell me about ZFS file system.
38. How to change the default run level in a Linux system?
39. How would you change the kernel parameters in Linux?
40. State the differences between SSH and Telnet.
41. How would you virtualize a physical Linux machine?
42. Tell me about some quirky Linux commands.
43. Explain how HTTPS works.
44. Do you know about TOR browser? Explain its working.
45. How to trigger a forced system check the next time you boot your machine?
46. What backup techniques do you prefer?
47. Tell me something about SWAP partition.
48. Explain Ping of Death attack.
49. How do you sniff the contents of an IP packet?
50. Which OSI layer is responsible for making sure that the packet reaches its correct destination?


Thank you for Reading