How Can We Protect Our Website By Common Web Attacks?

How Can We Protect Our Website By Common Web Attacks ?

 

On this post i am telling about five types of common web attacks, which are used in most types of defacements or dumps of databases.
Following five exploits are listed SQL injection, XSS, RCE, RFI, and LFI. Most of the time, we missed out some website code tags. So that our website gets attack and allows the hacker for hijack the vulnerable website.

1. SQL Injection
       
Types ->

     Login Form Bypassing
     UNION SQL Injection

2. Cross Site Scripting ( XSS )

Types -> Cross Site Request Forgery

3: File Inclusion

Types -> Remote File Inclusion and Remote Code Execution


1. SQL Injection
>> Login Form Bypassing
Here is an example of the vulnerable code that we can bypass very easily:

    index.html file:
    <form action="login.php" method="POST" />
    <p>Password: <input type="text" name="pass" /><br />
    <input type="submit" value="Authenticate" /></p>
    </form>
    login.php file:
    <?php
    // EXAMPLE CODE
    $execute = "SELECT * from database WHERE password = '{$_POST['pass'])";
    $result = mysql_query($execute);
    ?>

We can simply bypass this by using ' or '1=1', which will execute "password = ''or '1=1'';".

Alternatively, the user can also delete the database by executing "' drop table database; --".


>> PREVENTION:

Use mysql_real_escape_string in your php code.

Example:

    <?php
    $badword = "' OR 1 '";
    $badword = mysql_real_escape_string($badword);
    $message = "SELECT * from database WHERE password = "'$badword'";
    echo "Blocked " . $message . ";
    ?>

>> UNION SQL Injection

UNION SQL injection is when the user uses the UNION command. The user checks for the vulnerability by adding a tick to the end of a ".php?id=" file.
If it comes back with a MySQL error, the site is most likely vulnerable to UNION SQL injection. They proceed to use ORDER BY to find the columns, and at the end, they use the UNION ALL SELECT command. An example is shown below.

http://www.site.com/website.php?id=1'

You have an error in your SQL syntax near '' at line 1 SELECT SUM(quantity)
as type FROM orders where (status='completed' OR status='confirmed' OR status='pending') AND user_id=1'


No error--> http://www.site.com/website.php?id=1 ORDER BY 1-- 

Two columns, and it comes back with an error! This means that there is one column.
 http://www.site.com/website.php?id=1 ORDER BY 2--


Selects the all the columns and executes the version() command on the only column.
http://www.site.com/website.php?id=-1 UNION SELECT ALL version()--



SOLUTION:

Add something like below to prevent UNION SQL injection.

    $evil = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)|(/*)|(select)";
    $patch = eregi_replace($evil, "", $patch);



2. Cross Site Scripting

Cross site scripting is a type of vulnerability used by hackers to inject code into vulnerable web pages. If the site is vulnerable to cross site scripting, most likely users will try to inject the site with malicious javascript or try to scam users by creating a form where users have to type their information in.

There are two types of XSS (cross site scripting) are persistent XSS and non-persistent XSS.


Example:
http://www.site.com/search.php?q=">


SOLUTION

        function RemoveBad(strTemp) {
            strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");
            return strTemp;
        }



3. File Inclusion
Types: Remote File Inclusion/Local File Inclusion, and Remote Code Execution

Remote File Inclusion allows a hacker to include a remote file through a script (usually PHP). This code is mostly patched on websites, but some websites are still vulnerable to the vulnerability. RFI usually leads to remote code execution or javascript execution.

Example of the vulnerable code:

    <?php
    include($_GET['page']);
    ?>

Exploiting would be something like as follows:
http://www.site.com/page.php?page=../../../../../etc/passwd or
http://www.site.com/page.php?page=http://www.site.com/xyz.txt?

SOLUTION:

    Validate the input.
    $page = $_GET['page'];
    $allowed = array('index.php', 'games.php' 'ip.php');
    $iplogger = ('ip.php');
    if (in_array $page, $pages)) {
    include $page {
    else
    {
    include $iplogger
    die("IP logged.");
    }


For remote code execution, the site would have to have a php executing command. You would patch this by about doing the same thing.

 Note: I hope this post will helpful for your website to get secure from above types of attacks.

Read More

Attack Types on Web Based Application

Type of attack on Web Based Application

 

[~]Sql Injection Attack
[~]Hibernate Query Language Injection
[~]Direct OS Code Injection
[~]XML Entity Injection
[~]Broken Authentication and Session Management
[~]Cross-Site Scripting (XSS)
[~]Insecure Direct Object References
[~]Security Misconfiguration
[~]Sensitive Data Exposure
[~]Missing Function Level Access Control
[~]Cross-Site Request Forgery (CSRF)
[~]Using Components with Known Vulnerabilities
[~]Unvalidated Redirects and Forwards
[~]Cross Site Scripting Attacks
[~]Clickjacking Attacks
[~]DNS Cache Poisoning
[~]Symlinking – An Insider Attack
[~]Cross Site Request Forgery Attacks
[~]Remote Code Execution Attacks
[~]Remote File inclusion
[~]Local file inclusion
[~]Evercookie
[~]Denial of Service Attack
[~]Cookie Eviction
[~]phpwn
[~]NAT Pinning
[~]XSHM
[~]MitM DNS Rebinding SSL/TLS Wildcards and XSS
[~]Quick Proxy Detection
[~]Improving HTTPS Side Channel Attacks
[~]Side Channel Attacks in SSL
[~]Turning XSS into Clickjacking
[~]Bypassing CSRF protections with ClickJacking and
[~]HTTP Parameter Pollution
[~]URL Hijacking
[~]Strokejacking
[~]Fooling B64_Encode(Payload) on WAFs and filters
[~]MySQL Stacked Queries with SQL Injection.
[~]Posting raw XML cross-domain
[~]Generic cross-browser cross-domain theft
[~]Attacking HTTPS with Cache Injection
[~]Tapjacking
[~]XSS-Track
[~]Next Generation Clickjacking
[~]XSSing client-side dynamic HTML.
[~]Stroke triggered XSS and StrokeJacking
[~]Lost in Translation
[~]Persistent Cross Interface Attacks
[~]Chronofeit Phishing
[~]SQLi filter evasion cheat sheet (MySQL)
[~]Tabnabbing
[~]UI Redressing
[~]Cookie Poisoning
[~]SSRF
[~]Bruteforce of PHPSESSID
[~]Blended Threats and JavaScript
[~]Cross-Site Port Attacks
[~]CAPTCHA Re-Riding Attack

Read More

32 Commands For Linux Users From All Levels!

32 Commands For Linux Users From All Levels!

Beginner Commands

1. find: Use this command when you need to search for files in a particular directory. It starts from the parent directory and then moves to the sub directories. The –name option makes the search case sensitive, while the –iname option searches irrespective of the case.

2. grep: You use the grep command in order to find lines in a particular file that match a given string or words.

3. man: The man command is used as the manual pager for the system. It brings online documentation for a particular command.

4. ps: This is the process command, which shows you the status of all the processes that are being run by a unique id, known as the PID.

5. kill: This command is used in order to kill a process that is not responding or is not being used. All you need is to known the process ID or PID. To find the process id, you need to run ps-A with the grep command (ps-A | grep processname).

6. whereis: When you need to locate the binary, sources and the manual page of a command you use the whereis command.

7. service: This is the command that is used in order to control the start, stop or restart function of a particular service. You do not have to restart your system in order to start, stop or restart the services.

8. alias: This is a built in shell command which is used in order to assign the name for a long command or for a frequently used command.

9. df: Use this command when you want to report the disk usage of a file system. It is quite useful for the user and also for the system admin.

10. rm: This command is used in order to remove complete files and directories from your system.

Intermediate Commands

1. find: Use this command when you need to search for files in a particular directory. It starts from the parent directory and then moves to the sub directories. The –name option makes the search case sensitive, while the –iname option searches irrespective of the case.

2. grep: You use the grep command in order to find lines in a particular file that match a given string or words.

3. man: The man command is used as the manual pager for the system. It brings online documentation for a particular command.

4. ps: This is the process command, which shows you the status of all the processes that are being run by a unique id, known as the PID.

5. kill: This command is used in order to kill a process that is not responding or is not being used. All you need is to known the process ID or PID. To find the process id, you need to run ps-A with the grep command (ps-A | grep processname).

6. whereis: When you need to locate the binary, sources and the manual page of a command you use the whereis command.

7. service: This is the command that is used in order to control the start, stop or restart function of a particular service. You do not have to restart your system in order to start, stop or restart the services.

8. alias: This is a built in shell command which is used in order to assign the name for a long command or for a frequently used command.

9. df: Use this command when you want to report the disk usage of a file system. It is quite useful for the user and also for the system admin.

10. rm: This command is used in order to remove complete files and directories from your system.

Advanced Commands

1. ifconfig: You will use the ifconfig command when you need to improve the kernel-resident network interfaces. The command is usually needed for system tuning and debugging, but it is also used during boot time in order to set up the interfaces.

2. netstat: This is an advanced command for Linux users that is used to display information related to the network. This includes information such as routing tables, network connections, masquerade connections, interface statistics and others.

3. nslookup: This command will be used when you need to find information about Internet servers. It finds you the name server information for the domains that are querying the DNS.

4. dig: The dig tool is used in order to query the DNS nameservers. If you need to find information on host addresses, mail exchanges, nameservers and other related information, then this is the tool for you. You can use the command from Linux and Mac OS X operating systems.

5. uptime: The uptime command is used in order to verify what all happened when a server has been left unattended. It is especially useful when you sit down in front of the server machine and see something gone awry.

6. wall: This command is used to send a message to all logged in users. You can only send the message to those with their message permission setting at ‘yes’ though. The message is given as an argument for the wall command.

7. mesg: Users can use the ‘write’ command in order to send messages to you. But as the server admin, you can use the mesg command in order to decide whether they can. You can choose from ‘n’ and ‘y’, which allow messages to not popup and popup on your screen respectively.

8. write: If the status for the ‘mesg’ command for a user is set to ‘y’ then the write command will allow you to send messages to that user.

9. talk: When a simple message is not enough, use the talk command to talk to users logged into the server.

10. w: This command is a combination of uptime and who commands, if they are given in that order and one after the other.

11. rename: When you need to rename certain specific files, the rename command comes in handy. This command renames files by replacing the first occurrence from that file.

12. top: Use this command in order to display the processes running in the CPU. The command will refresh automatically and keep displaying the processes until you use the interrupt command to stop it.

Read More

SQL Injection Tools for Hacker/Pen-testers

An SQL injection attack is a code injection attack that is used to exploit web applications and websites. It is one of the most common methods for hackers to get into your system. Learning such attacks are important for anyone looking to perform their own exploits. Here are 10 of the most powerful tools that aid in performing SQL Injection attacks.

1. BSQL Hacker
This is a useful tool for both experts and beginners that automates SQL Injection attacks on websites.

2. The Mole
This is an SQL Injection tool that uses the union technique or the boolean query-based technique.

3. Pangolin
This is a penetration testing tool developed by NOSEC. It is aimed at detecting and exploiting SQL injection vulnerabilities on websites.

4. Sqlmap
This is an open source penetration testing tool that security professionals can use. Like the BSQL Hacker tool, this one also automates SQL Injection attacks.

5. Havij
This is an automated SQL injection tool that can be used by penetration testers in order to detect vulnerabilities in web applications and exploit them.

6. Enema SQLi
This is a dynamic penetration testing tool for professionals. It is an auto-hacking software.

7. Sqlninja
This is a tool targeted at exploiting SQL injection vulnerabilities. It uses the Microsoft SQL server as its back end.

8. sqlsus
Written using the Perl programming language, this is an open source penetration testing tool for MySQL Injection and takeover.

9. Safe3 SQL Injector
This is a powerful penetration testing tool, which automates the process of detecting and exploiting SQL Injection vulnerabilities.

10. SQL Poizon
This tool includes php , asp , rfi , lf dorks that can be used for penetration testing.

Read More

Hacker's Dictionary

Hacker's Dictionary

Are you new to the realm of hacking?

Do you feel dumb when you don't know the meaning of a certain term?Well, then this will certainly help you out!If you are ever unsure about anything, simply scroll down and find that specific word, then read the definition.

Anything includes: Abbreviations, Phrases, Words, and Techniques.*The list is in alphabetical order for convenience!*


----------------------------------------------------------------------------------------------------------------------------------


Abbreviations


★ DDoS = Distributed Denial of Service

★ DrDoS = Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple ips. Amplification of power in the attack COULD occur.

★ FTP =File Transfer Protocol. Used for transferring files over an FTP server.

★ FUD = Fully Undetectable

★ Hex =In computer science, hexadecimal refers to base-16 numbers. These are numbers that use digits in the range: 0123456789ABCDEF. In the C programming language (as well as Java, JavaScript, C++, and other places), hexadecimal numbers are prefixed by a 0x. In this manner, one can tell that the number 0x80 is equivalent to 128 decimal, not 80 decimal.

★ HTTP =Hyper Text Transfer Protocol. The foundation of data communication for the World Wide Web.

★ IRC = Internet Relay Chat. Transmiting text messages in real time between online users.

★ JDB =Java drive-by, a very commonly used web-based exploit which allows an attacker to download and execute malicious code locally on a slave's machine through a widely known java vulnerability.

★ Malware =Malicious Software

★ Nix = Unix based operating system, usually refered to here when refering to DoS'ing.

★ POP3 =This is the most popular protocol for picking up e-mail from a server.

★ R.A.T = Remote Administration Tool

★ SDB = Silent drive-by, using a zero day web-based exploit to hiddenly and un-detectably download and execute malicious code on a slave's system. (similar to a JDB however no notification or warning is given to the user)

★ SE = Social Engineering

★ Skid =Script Kid/Script Kiddie

★ SMTP =A TCP/IP protocol used in sending and receiving e-mail.

★ SQL =Structured Query Language. It's a programming language, that used to communicate with databases and DBMS. Can go along with a word after it, such as "SQL Injection."

★ SSH =Secure Shell, used to connect to Virtual Private Servers.

★ TCP = Transmission Control Protocol, creates connections and exchanges packets of data.

★ UDP =User Datagram Protocol, An alternative data transport to TCP used for DNS, Voice over IP, and file sharing.

★ VPN =Virtual Private Network

★ VPS =Virtual Private Server

★ XSS (CSS) = Cross Site Scripting


Words


★Algorithm = A series of steps specifying which actions to take in which order.

★ANSI Bomb = ANSI.SYS key-remapping commands consist of cryptic-looking text that specifies, using ansi numeric codes to redefine keys.

★Back Door = Something a hacker leaves behind on a system in order to be able to get back in at a later time.

★Binary = A numbering system in which there are only two possible values for each digit: 0 and 1.

★Black Hat = A hacker who performs illegal actions to do with hacking online. (Bad guy, per se)

★Blue Hat =A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

★Bot = A piece of malware that connects computer to an attacker commonly using the HTTP or IRC protocal to await malicous instructions.

★Botnet = Computers infected by worms or Trojans and taken over by hackers and brought into networks to send spam, more viruses, or launch denial of service attacks.

★Buffer Overflow = A classic exploit that sends more data than a programmer expects to receive. Buffer overflows are one of the most common programming errors, and the ones most likely to slip through quality assurance testing.

★Cracker = A specific type of hacker who decrypts passwords or breaks software copy protection schemes.

★DDoS = Distributed denial of service. Flooding someones connection with packets. Servers or web-hosted shells can send packets to a connection on a website usually from a booter.

★Deface =A website deface is an attack on a site that changes the appearance of the site or a certain webpage on the site.

★Dictionary Attack = A dictionary attack is an attack in which a cyber criminal can attempt to gain your account password. The attack uses a dictionary file, a simple list of possible passwords, and a program which fills them in. The program just fills in every single possible password on the list, untill it has found the correct one. Dictionary files usually contain the most common used passwords.

★DOX = Personal information about someone on the Internet usualy contains real name, address, phone number, SSN, credit card number, etc.

★E-Whore = A person who manipulates other people to believe that he/she is a beautiful girl doing cam shows or selling sexual pictures to make money.

★Encryption = In cryptography, encryption applies mathematical operations to data in order to render it incomprehensible. The only way to read the data is apply the reverse mathematical operations. In technical speak, encryption is applies mathematical algorithms with a key that converts plaintext to ciphertext. Only someone in possession of the key can decrypt the message.

★Exploit = A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it.

★FUD = Fully undetectable, can be used in many terms. Generally in combination with crypters, or when trying to infect someone.

★Grey Hat = A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.Hacker (definition is widely disputed among people...) = A hacker is someone who is able to manipulate the inner workings of computers, information, and technology to work in his/her favor.

★Hacktivist = A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.

★IP Address = On the Internet, your IP address is the unique number that others use to send you traffic.

★IP Grabber = A link that grabs someone's IP when they visit it.

★Keylogger = A software program that records all keystrokes on a computer's keyboard, used as a surveillance tool or covertly as spyware.Leach = A cultural term in the warez community referring to people who download lots of stuff but never give back to the community.

★LOIC/HOIC = Tool(s) used by many anonymous members to conduct DDoS attacks. It is not recommended to use these under any circumstances.

★Malware =Software designed to do all kinds of evil stuff like stealing identity information, running DDoS attacks, or soliciting money from the slave.

Neophyte = A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.

★smith = Somebody new to a forum/game.

★OldFag = Somebody who's been around a forum/game for a long time.

★Packet = Data that is sent across the Internet is broken up into packets, sent individually across the network, and reassembled back into the original data at the other end.

★Phreak =Phone Freaks. Hackers who hack cell phones for free calling. Free Long distance calling. Etc.

★Phreaking = The art and science of cracking the phone network.

★Proxy = A proxy is something that acts as a server, but when given requests from clients, acts itself as a client to the real servers.

★Rainbow Table = A rainbow table is a table of possible passwords and their hashes. It is way faster to crack a password using rainbow tables then using a dictionary attack (Bruteforce).

★Remote Administration Tool =A tool which is used to remotely control (an)other machine(s). These can be used for monitoring user actions, but often misused by cyber criminals as malware, to get their hands on valuable information, such as log in credentials.

★Resolver =Software created to get an IP address through IM (instant messenger, like Skype/MSN) programs.

★Reverse Engineering = A technique whereby the hacker attempts to discover secrets about a program. Often used by crackers, and in direct modifications to a process/application.

★Root = Highest permission level on a computer, able to modify anything on the system without restriction.

★Rootkit (ring3 ring0) =A powerful exploit used by malware to conceal all traces that it exists. Ring3 - Can be removed easily without booting in safemode. Ring0 - Very hard to remove and very rare in the wild, these can require you to format, it's very hard to remove certain ring0 rootkits without safemode.

★Script Kiddie = A script kid, or skid is a term used to describe those who use scripts created by others to hack computer systems and websites. Used as an insult, meaning that they know nothing about hacking.

★Shell = The common meaning here is a hacked web server with a DoS script uploaded to conduct DDoS attacks via a booter. OR A shell is an script-executing unit - Something you'd stick somewhere in order to execute commands of your choice.

★Social Engineer = Social engineering is a form of hacking that targets people's minds rather than their computers. A typical example is sending out snail mail marketing materials with the words "You may already have won" emblazoned across the outside of the letter. As you can see, social engineering is not unique to hackers; it's main practitioners are the marketing departments of corporations.

★Spoof = The word spoof generally means the act of forging your identity. More specifically, it refers to forging the sender's IP address (IP spoofing). (Spoofing an extension for a RAT to change it from .exe to .jpg, etc.)

★SQL Injection =An SQL injection is a method often used to hack SQL databases via a website, and gain admin control (sometimes) of the site. You can attack programs with SQLi too.

★Trojan = A Trojan is a type of malware that masquerades as a legitimate file or helpful program with the ultimate purpose of granting a hacker unauthorized access to a computer.

★VPS = The term is used for emphasizing that the virtual machine, although running in software on the same physical computer as other customers' virtual machines, is in many respects functionallyequivalent to a separate physical computer, is dedicated to the individual customer's needs, has the privacy of a separate physical computer, and can be configured to run server software.

★Warez = Software piracy

★White Hat = A "white hat" refers to an ethical hacker, or a computer security expert, who specializes in penetration testing and in other testing methods to ensure the security of a businesses information systems. (Good guy, per se)

★Worm = Software designed to spread malware with little to no human interaction.

Zero Day Exploit = An attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability.

Hope we helped the new learners..............

Read More