Waraxe IT Security Portal
Login or Register
November 25, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 69
Members: 0
Total: 69
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> ok my first post.. ! :D Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
ok my first post.. ! :D
PostPosted: Tue Jan 22, 2008 3:33 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




first of all hello.. ;] i'm new.b to h4cking and stuff. like that.. ! i have a lot of questions and i hope i found right place where to post them Very Happy ! anyway i hope i can get some answers.. !! thankU.

SQL injection..
first of all i start with sqlinj. for example if i found syte www.?????.com [ex]
and if i found it can be h4cked and it gives out some error like main() error [just 4 example] what is next step ?! i just dont get it.. ?! whats the point it gives me an error what i have to do next so i can move on and get to d/b or admin panel or whatver... ? i must type smth in URL or look for smnth else i dont know ?!
=> if anybody can help with this i would be really happy Embarassed !!

Xss
ok here comes the second question.. again i found syte and example i put <script>alert('xss');</script> in search bar and it gives me out and log with text.. !! ok so far i get it but what next ?! 0_o what i should look for or do next ?! and what can i do with XSS steal cookies what else can i do ?!
=> tnx 4 this 1 too.. !!

OK thats all for now... !! i have some other questions too but i leave them for latter... !!


i hope i get some good answers too thez 2 questions.. !!
p.s my main goal is to learn more about sql inejt. i read all info. what i can get but i still dont get it... :[ if somebody can put mby some video links where is shown ssqlinj. it would be nice too.. !!

ThankU.
Rolling Eyes
View user's profile Send private message Visit poster's website
PostPosted: Tue Jan 22, 2008 3:59 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Sql inj

http://injection.rulezz.ru/SQLInjectionWhitePaper.pdf
http://injection.rulezz.ru/Blindfolded_SQL_Injection.pdf
http://injection.rulezz.ru/SQLInjectionSignaturesEvasion.pdf
http://injection.rulezz.ru/sql-injection-by-example.html

Sorry for XSS but i'm lamer in this.
View user's profile Send private message
PostPosted: Tue Jan 22, 2008 4:23 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




koko wrote:
Sql inj

http://injection.rulezz.ru/SQLInjectionWhitePaper.pdf
http://injection.rulezz.ru/Blindfolded_SQL_Injection.pdf
http://injection.rulezz.ru/SQLInjectionSignaturesEvasion.pdf
http://injection.rulezz.ru/sql-injection-by-example.html

Sorry for XSS but i'm lamer in this.


thanks for sharing.. Smile new links to me.. !!

p.s all who can post too smth with sql inject post up.. some facts from personal exp. would be nice too... Smile !!

thanks..
View user's profile Send private message Visit poster's website
PostPosted: Tue Jan 22, 2008 5:04 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




For successful sql injection attack you need basic knowledge about sql Smile
So start with sql basics - mysql, mssql, UNION, mysql.user, information schema, @@version, USER(), DATABASE() ...
And error messages you will see - they are extremely useful. I suggest to copy/paste all error messages and save to text file, because you may need them for next steps.

About XSS and sql injection - there is one main difference. In case of sql injection you can attack website even without anyone else there and you can fetch data or do some other things - WITHOUT interaction with any other people - admins, webmasters, users. You need just explolitable server and that's all. In case of XSS things are different - you NEED some other people as attack target.

Let's imagine that you want to deface website. There are 2 possibililites of many others:

1. You find sql injection hole, steal admins username and password hash from database, crack hash and login to admin interface. Then deface website right from admin interface (template modification, etc ...) or try to elevate privs to php and furtherto shell. And - if you have sql injection - then yuo can attack ANYTIME - even when website is inactive for years and adminhas not logged in log time.

2. XSS - you must somehow trick logged in admin to your website, so that XSS can be exploited and then steal cookie and next hicjack session or steal pass hash, etc ... It is possible, but if admin is not lamer or it is very paranoid or just beyond reach - then XSS is useless.

3. XSRF - same thing - you need active attack against logged in admin.

So bottom line is:

1. Sql Injection can be much powerful than XSS and XSRF (depends from conditions though)
2. XSS and XSRF needs some social engineering

And my suggestion to you - first learn to use sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions - they are very powerful weapons in attackers hand Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Jan 22, 2008 5:50 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




waraxe wrote:
For successful sql injection attack you need basic knowledge about sql Smile
So start with sql basics - mysql, mssql, UNION, mysql.user, information schema, @@version, USER(), DATABASE() ...
And error messages you will see - they are extremely useful. I suggest to copy/paste all error messages and save to text file, because you may need them for next steps.

About XSS and sql injection - there is one main difference. In case of sql injection you can attack website even without anyone else there and you can fetch data or do some other things - WITHOUT interaction with any other people - admins, webmasters, users. You need just explolitable server and that's all. In case of XSS things are different - you NEED some other people as attack target.

Let's imagine that you want to deface website. There are 2 possibililites of many others:

1. You find sql injection hole, steal admins username and password hash from database, crack hash and login to admin interface. Then deface website right from admin interface (template modification, etc ...) or try to elevate privs to php and furtherto shell. And - if you have sql injection - then yuo can attack ANYTIME - even when website is inactive for years and adminhas not logged in log time.

2. XSS - you must somehow trick logged in admin to your website, so that XSS can be exploited and then steal cookie and next hicjack session or steal pass hash, etc ... It is possible, but if admin is not lamer or it is very paranoid or just beyond reach - then XSS is useless.

3. XSRF - same thing - you need active attack against logged in admin.

So bottom line is:

1. Sql Injection can be much powerful than XSS and XSRF (depends from conditions though)
2. XSS and XSRF needs some social engineering

And my suggestion to you - first learn to use sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions - they are very powerful weapons in attackers hand Smile



Ou this is what i'm looking for... thanks for advice's.. Wink amm sounds stupid but how can i learn '' sql injections, Remote File Inlusions, Local File Inclusions, Remote Code Executions '' mby someone could give me syte where to practiz ?! or i dont know i just need to know where can i improve my skills and learn something.. again thank U like this forum @ other forums i get back many bad words Very Happy Very Happy Very Happy Very Happy
View user's profile Send private message Visit poster's website
PostPosted: Tue Jan 22, 2008 6:56 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




You need some basic knowledge, without learning ABC you are in trouble. First of all, are you windows PC user? I suggest to download some software:

http://httpd.apache.org/download.cgi
http://www.php.net/downloads.php
http://dev.mysql.com/downloads/mysql/5.0.html#win32

This three packages will make something called WAMP:

Windows+Apache+Mysql+Php

There are some integrated packages too:

http://www.wampserver.com/en/

Install it and configure as needed.
Then it's time for "Hello world" example in php language.
I'm sure that you are able to go through this within 1...2 days.

Read some php theory, then you are ready to easiest-level real-world tests.

Why i suggest to learn php basics: let's assume that you have found nice remote command execution security hole and can force remote webserver to execute YOUR OWN php code ...
Nice ... but it's useless without knowing php code Smile
Same situation as with shell commands execution - you can issue shell commands to webserver's operating system, but if it's Linux ? So you need learn Linux ... in future ...
Sql injections - basic sql language experience is needed.

Bottom line - good white/gray/blackhat must have similar knowledge as programmer, additionally out-of-box thinking does not hurt Smile

So - search for good reading - there are literally thousands e-books in pdf and chm format about anything IT related. And thousands whitepapers and tutorials, hackme's, etc etc ...

And - believe me - beginning is hardest part! If you will get through it - then all depends on your motivations, free time, creativity ...
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Jan 22, 2008 7:33 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




waraxe wrote:
You need some basic knowledge, without learning ABC you are in trouble. First of all, are you windows PC user? I suggest to download some software:

http://httpd.apache.org/download.cgi
http://www.php.net/downloads.php
http://dev.mysql.com/downloads/mysql/5.0.html#win32

This three packages will make something called WAMP:

Windows+Apache+Mysql+Php

There are some integrated packages too:

http://www.wampserver.com/en/

Install it and configure as needed.
Then it's time for "Hello world" example in php language.
I'm sure that you are able to go through this within 1...2 days.

Read some php theory, then you are ready to easiest-level real-world tests.

Why i suggest to learn php basics: let's assume that you have found nice remote command execution security hole and can force remote webserver to execute YOUR OWN php code ...
Nice ... but it's useless without knowing php code Smile
Same situation as with shell commands execution - you can issue shell commands to webserver's operating system, but if it's Linux ? So you need learn Linux ... in future ...
Sql injections - basic sql language experience is needed.

Bottom line - good white/gray/blackhat must have similar knowledge as programmer, additionally out-of-box thinking does not hurt Smile

So - search for good reading - there are literally thousands e-books in pdf and chm format about anything IT related. And thousands whitepapers and tutorials, hackme's, etc etc ...

And - believe me - beginning is hardest part! If you will get through it - then all depends on your motivations, free time, creativity ...


1. yes i'm wind. pc user.. ;] !!
thank u for telling me all this.. Wink it's really helpfull.. !! thank U for links too tomorrow i'm going to start download all and learn how it all works x] !!
prob. this will take some time to learn all.. but i try my best.. hope to get advices in future.. ;]

thank u Rolling Eyes

p.s
i saw you r from Estonia ?! i'm your neighbor Very Happy i'm from Latvia !!
View user's profile Send private message Visit poster's website
PostPosted: Tue Jan 22, 2008 9:21 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




I'm happy to help, neighbour Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Tue Jan 22, 2008 10:30 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Deja vu:)Smile
Потихоньку здесь все русские собираются.Smile
Learn about UNIX command.Every fucking server is based on Linux.
View user's profile Send private message
PostPosted: Wed Jan 23, 2008 3:53 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




ok i downloaded wamp2 and i configured it.. :] also looked for hello world in php and i found it but, now u all can laugh about me but what sould i do next ?! 0_o i'm first time doing smth with WAMP2 !! i get so far i can go on localhost & my ip and it works fine !! it shows me a wamp serv logo and stuff like taht xD also i made coreections and made my passw. and login name.. when config serv. but i dont have a clue what to do next.. 0_0 !! Crying or Very sad
View user's profile Send private message Visit poster's website
PostPosted: Wed Jan 23, 2008 4:28 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Next ...

1. You can try some software on your own server.
First install phpmyadmin, if it's not yet installed:

http://www.phpmyadmin.net/home_page/index.php

Next download phpbb, mybb, cutenews, phpnuke or something like that.
They all are easy to install and you can have them running within minutes.

Then go to phpmyadmin, look at databases, tables, fields - how are they costructed, how data is stored ... This all is the playground of the sql injection exploiter.

2. You can try some easy-to-use exploits, avaliable in Internet. I have myself released some of them too Smile

http://www.waraxe.us/advisory-61.html

This one is MyBB 1.2.10 exploit and will give you easy way to run your own code in remote server. It's dangerous security hole and needs careful exploiting.

Google:

http://www.google.com/search?q=%22powered+by+mybb%22+1.2.11&hl=en&start=90&sa=N

and then go to found forums and open some forum:

http://victim.com/forumdisplay.php?fid=2

and then:

http://victim.com/forumdisplay.php?fid=2&sortby='

If you can see error message, then you are almost in Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Jan 24, 2008 4:50 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




waraxe wrote:
Next ...

1. You can try some software on your own server.
First install phpmyadmin, if it's not yet installed:

http://www.phpmyadmin.net/home_page/index.php

Next download phpbb, mybb, cutenews, phpnuke or something like that.
They all are easy to install and you can have them running within minutes.

Then go to phpmyadmin, look at databases, tables, fields - how are they costructed, how data is stored ... This all is the playground of the sql injection exploiter.

2. You can try some easy-to-use exploits, avaliable in Internet. I have myself released some of them too Smile

http://www.waraxe.us/advisory-61.html

This one is MyBB 1.2.10 exploit and will give you easy way to run your own code in remote server. It's dangerous security hole and needs careful exploiting.

Google:

http://www.google.com/search?q=%22powered+by+mybb%22+1.2.11&hl=en&start=90&sa=N

and then go to found forums and open some forum:

http://victim.com/forumdisplay.php?fid=2

and then:

http://victim.com/forumdisplay.php?fid=2&sortby='

If you can see error message, then you are almost in Smile



Ok so now i'm so far i setup wamp phpmyadmin and installed forum phpBB 2.0.18. i think it's old version [atleast i think it is xd]
it all work fine.. i was exploring forum db. for example phpbb_users and watch structure try to figure out how it works and what can i learn new.. found smth were it's usernames and passwords they are crypted or somthing like that dont know how to call it Very Happy md5 ?!
anyway i'm trying to learn to understand all this thingy and @ this time it's like hopless Very Happy still dont know what to do but i hope i will learn smth latter by the time.. ;] i know i can't learn all in couple of days ! and i was reading old topics in this forum and found some questions.. can i get some answers again plzz ?!
about exploits... !
i see some exploits i can use with active perl and for some i must make a php. and upload it on server and ect. ;D but how can i run this eploit ?! =>
http://www.milw0rm.com/exploits/1383 ??
i dont know 0_o should i edit somethinng ?! or what ?!

i faound some exploits where it's explain how to run ir but how can i run this i know it's php and i must save it in php. but what next !? Confused :/

thankU all for answers!
View user's profile Send private message Visit poster's website
PostPosted: Thu Jan 24, 2008 10:30 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




This exploit, you selected, is complicated to use. I suggest to try sql injection or remote file inclusion exploits. Milw0rm contains them alot ...

Next, try to download from somewhere exact version of affected software and install to your PC. Then try exploit against your own localhost first. Believe me, it is worth of trying!

Exploits using - yes, you need php or perl. Most exploits need perl, some of them need php CLI. So - you just copy-paste exploit code to text file and rename it to exploit.pl or exploit.php ...
And then run exploit. There may be need for config settings and/or command line parameters - such info is usually presented in exploit comments.

If you have trouble with some of the exploits - post your problems here and i'm ready to help Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Jan 25, 2008 4:47 pm Reply with quote
sol1dzer0
Regular user
Regular user
Joined: Jan 21, 2008
Posts: 24




ok i promisse thiis will be my last 2 stupid questions.. Embarassed !!

1. how can find out forum version.. ?! are U using some programms ? [if it's a programm plzz tell the name and if it works for all forums [[ex. phpbb ipb my.. ect. ]] if there is no such programms just give me some tips how can i found it out.. !
Rolling Eyes

2. second one is about [sql inj.] video tutorials.. all info what i read i learn slowly but it's hard to practiz on it.. !! i did as u sad [wareaxe] installed wamp phpbb and i'm learning a lot.. in these cople of days i lerned a lot new things :] but if there is some syte where i can see how someone is using explits / sql injections .ect and no i'm not idiot i already googled it and what i found is useless.. if only i could see some inejctions/exploits in action hove it's than that would bee huge help for me Smile !!

anyway hope i get answers this timne too.. Smile !! [sry 4 bad english]
Rolling Eyes
View user's profile Send private message Visit poster's website
PostPosted: Fri Jan 25, 2008 5:57 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




1. There are some methods for forum version checking. But they are software-specific - no universal methods here! Best way is to try various exploits and find out, which one is working.

In case of phpbb traditional method is "CHANGELOG.html":

http://www.google.ee/search?hl=et&client=firefox-a&channel=s&rls=org.mozilla%3Aen-US%3Aofficial&hs=a97&q=inurl%3ACHANGELOG.html+phpbb&btnG=Otsi&lr=

2. Sql injection video tutorials ...

By my opinion such video tutorials are for lamers. They will not tech you anything, only how to run some exploit. Real learning comes from reading books, whitepapers and other informational resources and of cource - from practice. OK, if you are absolute beginner - then this videos can be useful, but next step is to learn various programming languages and IT basics. Plain oldschool reading - yes - even in 21. century Smile ... no miracles ... only lot's of reading and trial-error and practice ...
View user's profile Send private message Send e-mail Visit poster's website
ok my first post.. ! :D
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.049 Seconds