|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
ok my first post.. ! :D |
|
Posted: Tue Jan 22, 2008 3:33 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
first of all hello.. ;] i'm new.b to h4cking and stuff. like that.. ! i have a lot of questions and i hope i found right place where to post them ! anyway i hope i can get some answers.. !! thankU.
SQL injection..
first of all i start with sqlinj. for example if i found syte www.?????.com [ex]
and if i found it can be h4cked and it gives out some error like main() error [just 4 example] what is next step ?! i just dont get it.. ?! whats the point it gives me an error what i have to do next so i can move on and get to d/b or admin panel or whatver... ? i must type smth in URL or look for smnth else i dont know ?!
=> if anybody can help with this i would be really happy !!
Xss
ok here comes the second question.. again i found syte and example i put <script>alert('xss');</script> in search bar and it gives me out and log with text.. !! ok so far i get it but what next ?! 0_o what i should look for or do next ?! and what can i do with XSS steal cookies what else can i do ?!
=> tnx 4 this 1 too.. !!
OK thats all for now... !! i have some other questions too but i leave them for latter... !!
i hope i get some good answers too thez 2 questions.. !!
p.s my main goal is to learn more about sql inejt. i read all info. what i can get but i still dont get it... :[ if somebody can put mby some video links where is shown ssqlinj. it would be nice too.. !!
ThankU.
|
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 3:59 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 4:23 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
thanks for sharing.. new links to me.. !!
p.s all who can post too smth with sql inject post up.. some facts from personal exp. would be nice too... !!
thanks.. |
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 5:04 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
For successful sql injection attack you need basic knowledge about sql
So start with sql basics - mysql, mssql, UNION, mysql.user, information schema, @@version, USER(), DATABASE() ...
And error messages you will see - they are extremely useful. I suggest to copy/paste all error messages and save to text file, because you may need them for next steps.
About XSS and sql injection - there is one main difference. In case of sql injection you can attack website even without anyone else there and you can fetch data or do some other things - WITHOUT interaction with any other people - admins, webmasters, users. You need just explolitable server and that's all. In case of XSS things are different - you NEED some other people as attack target.
Let's imagine that you want to deface website. There are 2 possibililites of many others:
1. You find sql injection hole, steal admins username and password hash from database, crack hash and login to admin interface. Then deface website right from admin interface (template modification, etc ...) or try to elevate privs to php and furtherto shell. And - if you have sql injection - then yuo can attack ANYTIME - even when website is inactive for years and adminhas not logged in log time.
2. XSS - you must somehow trick logged in admin to your website, so that XSS can be exploited and then steal cookie and next hicjack session or steal pass hash, etc ... It is possible, but if admin is not lamer or it is very paranoid or just beyond reach - then XSS is useless.
3. XSRF - same thing - you need active attack against logged in admin.
So bottom line is:
1. Sql Injection can be much powerful than XSS and XSRF (depends from conditions though)
2. XSS and XSRF needs some social engineering
And my suggestion to you - first learn to use sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions - they are very powerful weapons in attackers hand |
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 5:50 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
waraxe wrote: | For successful sql injection attack you need basic knowledge about sql
So start with sql basics - mysql, mssql, UNION, mysql.user, information schema, @@version, USER(), DATABASE() ...
And error messages you will see - they are extremely useful. I suggest to copy/paste all error messages and save to text file, because you may need them for next steps.
About XSS and sql injection - there is one main difference. In case of sql injection you can attack website even without anyone else there and you can fetch data or do some other things - WITHOUT interaction with any other people - admins, webmasters, users. You need just explolitable server and that's all. In case of XSS things are different - you NEED some other people as attack target.
Let's imagine that you want to deface website. There are 2 possibililites of many others:
1. You find sql injection hole, steal admins username and password hash from database, crack hash and login to admin interface. Then deface website right from admin interface (template modification, etc ...) or try to elevate privs to php and furtherto shell. And - if you have sql injection - then yuo can attack ANYTIME - even when website is inactive for years and adminhas not logged in log time.
2. XSS - you must somehow trick logged in admin to your website, so that XSS can be exploited and then steal cookie and next hicjack session or steal pass hash, etc ... It is possible, but if admin is not lamer or it is very paranoid or just beyond reach - then XSS is useless.
3. XSRF - same thing - you need active attack against logged in admin.
So bottom line is:
1. Sql Injection can be much powerful than XSS and XSRF (depends from conditions though)
2. XSS and XSRF needs some social engineering
And my suggestion to you - first learn to use sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions - they are very powerful weapons in attackers hand |
Ou this is what i'm looking for... thanks for advice's.. amm sounds stupid but how can i learn '' sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions '' mby someone could give me syte where to practiz ?! or i dont know i just need to know where can i improve my skills and learn something.. again thank U like this forum @ other forums i get back many bad words |
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 6:56 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You need some basic knowledge, without learning ABC you are in trouble. First of all, are you windows PC user? I suggest to download some software:
http://httpd.apache.org/download.cgi
http://www.php.net/downloads.php
http://dev.mysql.com/downloads/mysql/5.0.html#win32
This three packages will make something called WAMP:
Windows+Apache+Mysql+Php
There are some integrated packages too:
http://www.wampserver.com/en/
Install it and configure as needed.
Then it's time for "Hello world" example in php language.
I'm sure that you are able to go through this within 1...2 days.
Read some php theory, then you are ready to easiest-level real-world tests.
Why i suggest to learn php basics: let's assume that you have found nice remote command execution security hole and can force remote webserver to execute YOUR OWN php code ...
Nice ... but it's useless without knowing php code
Same situation as with shell commands execution - you can issue shell commands to webserver's operating system, but if it's Linux ? So you need learn Linux ... in future ...
Sql injections - basic sql language experience is needed.
Bottom line - good white/gray/blackhat must have similar knowledge as programmer, additionally out-of-box thinking does not hurt
So - search for good reading - there are literally thousands e-books in pdf and chm format about anything IT related. And thousands whitepapers and tutorials, hackme's, etc etc ...
And - believe me - beginning is hardest part! If you will get through it - then all depends on your motivations, free time, creativity ... |
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 7:33 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
waraxe wrote: | You need some basic knowledge, without learning ABC you are in trouble. First of all, are you windows PC user? I suggest to download some software:
http://httpd.apache.org/download.cgi
http://www.php.net/downloads.php
http://dev.mysql.com/downloads/mysql/5.0.html#win32
This three packages will make something called WAMP:
Windows+Apache+Mysql+Php
There are some integrated packages too:
http://www.wampserver.com/en/
Install it and configure as needed.
Then it's time for "Hello world" example in php language.
I'm sure that you are able to go through this within 1...2 days.
Read some php theory, then you are ready to easiest-level real-world tests.
Why i suggest to learn php basics: let's assume that you have found nice remote command execution security hole and can force remote webserver to execute YOUR OWN php code ...
Nice ... but it's useless without knowing php code
Same situation as with shell commands execution - you can issue shell commands to webserver's operating system, but if it's Linux ? So you need learn Linux ... in future ...
Sql injections - basic sql language experience is needed.
Bottom line - good white/gray/blackhat must have similar knowledge as programmer, additionally out-of-box thinking does not hurt
So - search for good reading - there are literally thousands e-books in pdf and chm format about anything IT related. And thousands whitepapers and tutorials, hackme's, etc etc ...
And - believe me - beginning is hardest part! If you will get through it - then all depends on your motivations, free time, creativity ... |
1. yes i'm wind. pc user.. ;] !!
thank u for telling me all this.. it's really helpfull.. !! thank U for links too tomorrow i'm going to start download all and learn how it all works x] !!
prob. this will take some time to learn all.. but i try my best.. hope to get advices in future.. ;]
thank u
p.s
i saw you r from Estonia ?! i'm your neighbor i'm from Latvia !! |
|
|
|
|
|
|
|
|
Posted: Tue Jan 22, 2008 9:21 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
I'm happy to help, neighbour |
|
|
|
|
Posted: Tue Jan 22, 2008 10:30 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Deja vu:)
Потихоньку здесь все русские собираются.
Learn about UNIX command.Every fucking server is based on Linux. |
|
|
|
|
Posted: Wed Jan 23, 2008 3:53 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
ok i downloaded wamp2 and i configured it.. :] also looked for hello world in php and i found it but, now u all can laugh about me but what sould i do next ?! 0_o i'm first time doing smth with WAMP2 !! i get so far i can go on localhost & my ip and it works fine !! it shows me a wamp serv logo and stuff like taht xD also i made coreections and made my passw. and login name.. when config serv. but i dont have a clue what to do next.. 0_0 !! |
|
|
|
|
|
|
|
|
Posted: Wed Jan 23, 2008 4:28 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Next ...
1. You can try some software on your own server.
First install phpmyadmin, if it's not yet installed:
http://www.phpmyadmin.net/home_page/index.php
Next download phpbb, mybb, cutenews, phpnuke or something like that.
They all are easy to install and you can have them running within minutes.
Then go to phpmyadmin, look at databases, tables, fields - how are they costructed, how data is stored ... This all is the playground of the sql injection exploiter.
2. You can try some easy-to-use exploits, avaliable in Internet. I have myself released some of them too
http://www.waraxe.us/advisory-61.html
This one is MyBB 1.2.10 exploit and will give you easy way to run your own code in remote server. It's dangerous security hole and needs careful exploiting.
Google:
mybb%22+1.2.11&hl=en&start=90&sa=N" target="_blank">http://www.google.com/search?q=%22powered+by+mybb%22+1.2.11&hl=en&start=90&sa=N
and then go to found forums and open some forum:
http://victim.com/forumdisplay.php?fid=2
and then:
http://victim.com/forumdisplay.php?fid=2&sortby='
If you can see error message, then you are almost in |
|
|
|
|
|
|
|
|
Posted: Thu Jan 24, 2008 4:50 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
waraxe wrote: | Next ...
1. You can try some software on your own server.
First install phpmyadmin, if it's not yet installed:
http://www.phpmyadmin.net/home_page/index.php
Next download phpbb, mybb, cutenews, phpnuke or something like that.
They all are easy to install and you can have them running within minutes.
Then go to phpmyadmin, look at databases, tables, fields - how are they costructed, how data is stored ... This all is the playground of the sql injection exploiter.
2. You can try some easy-to-use exploits, avaliable in Internet. I have myself released some of them too
http://www.waraxe.us/advisory-61.html
This one is MyBB 1.2.10 exploit and will give you easy way to run your own code in remote server. It's dangerous security hole and needs careful exploiting.
Google:
mybb%22+1.2.11&hl=en&start=90&sa=N" target="_blank">http://www.google.com/search?q=%22powered+by+mybb%22+1.2.11&hl=en&start=90&sa=N
and then go to found forums and open some forum:
http://victim.com/forumdisplay.php?fid=2
and then:
http://victim.com/forumdisplay.php?fid=2&sortby='
If you can see error message, then you are almost in |
Ok so now i'm so far i setup wamp phpmyadmin and installed forum phpBB 2.0.18. i think it's old version [atleast i think it is xd]
it all work fine.. i was exploring forum db. for example phpbb_users and watch structure try to figure out how it works and what can i learn new.. found smth were it's usernames and passwords they are crypted or somthing like that dont know how to call it md5 ?!
anyway i'm trying to learn to understand all this thingy and @ this time it's like hopless still dont know what to do but i hope i will learn smth latter by the time.. ;] i know i can't learn all in couple of days ! and i was reading old topics in this forum and found some questions.. can i get some answers again plzz ?!
about exploits... !
i see some exploits i can use with active perl and for some i must make a php. and upload it on server and ect. ;D but how can i run this eploit ?! =>
http://www.milw0rm.com/exploits/1383 ??
i dont know 0_o should i edit somethinng ?! or what ?!
i faound some exploits where it's explain how to run ir but how can i run this i know it's php and i must save it in php. but what next !? :/
thankU all for answers! |
|
|
|
|
|
|
|
|
Posted: Thu Jan 24, 2008 10:30 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
This exploit, you selected, is complicated to use. I suggest to try sql injection or remote file inclusion exploits. Milw0rm contains them alot ...
Next, try to download from somewhere exact version of affected software and install to your PC. Then try exploit against your own localhost first. Believe me, it is worth of trying!
Exploits using - yes, you need php or perl. Most exploits need perl, some of them need php CLI. So - you just copy-paste exploit code to text file and rename it to exploit.pl or exploit.php ...
And then run exploit. There may be need for config settings and/or command line parameters - such info is usually presented in exploit comments.
If you have trouble with some of the exploits - post your problems here and i'm ready to help |
|
|
|
|
|
|
|
|
Posted: Fri Jan 25, 2008 4:47 pm |
|
|
sol1dzer0 |
Regular user |
|
|
Joined: Jan 21, 2008 |
Posts: 24 |
|
|
|
|
|
|
|
ok i promisse thiis will be my last 2 stupid questions.. !!
1. how can find out forum version.. ?! are U using some programms ? [if it's a programm plzz tell the name and if it works for all forums [[ex. phpbb ipb my.. ect. ]] if there is no such programms just give me some tips how can i found it out.. !
2. second one is about [sql inj.] video tutorials.. all info what i read i learn slowly but it's hard to practiz on it.. !! i did as u sad [wareaxe] installed wamp phpbb and i'm learning a lot.. in these cople of days i lerned a lot new things :] but if there is some syte where i can see how someone is using explits / sql injections .ect and no i'm not idiot i already googled it and what i found is useless.. if only i could see some inejctions/exploits in action hove it's than that would bee huge help for me !!
anyway hope i get answers this timne too.. !! [sry 4 bad english]
|
|
|
|
|
|
|
|
|
Posted: Fri Jan 25, 2008 5:57 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
1. There are some methods for forum version checking. But they are software-specific - no universal methods here! Best way is to try various exploits and find out, which one is working.
In case of phpbb traditional method is "CHANGELOG.html":
http://www.google.ee/search?hl=et&client=firefox-a&channel=s&rls=org.mozilla%3Aen-US%3Aofficial&hs=a97&q=inurl%3ACHANGELOG.html+phpbb&btnG=Otsi&lr=
2. Sql injection video tutorials ...
By my opinion such video tutorials are for lamers. They will not tech you anything, only how to run some exploit. Real learning comes from reading books, whitepapers and other informational resources and of cource - from practice. OK, if you are absolute beginner - then this videos can be useful, but next step is to learn various programming languages and IT basics. Plain oldschool reading - yes - even in 21. century ... no miracles ... only lot's of reading and trial-error and practice ... |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|