Showing posts with label The Basics of Hacking. Show all posts
Showing posts with label The Basics of Hacking. Show all posts

Saturday, May 29, 2010

RFI/LFI (Remote/Local File Include)


Description
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.
Example Vulnerable Code - index.php (PHP)

PHP Code:
$page $_GET['p'];
if (isset($page)) {
    include($page);
} else {
    include("home.php");
}?>

Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be
Read more »
Posted by adnan 0 at 9:02 PM 0 comments
Labels:

Sunday, May 2, 2010

XSS (Cross-Site Scripting)

This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)
Example Vulnerable Code - search.php (PHP)

PHP Code:

 
$s $_GET['search'];// a real search engine would do some database stuff
 hereecho("You searched for $s. There were no results found");?>
Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "XSS". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to
Read more »
Posted by adnan 0 at 8:38 AM 0 comments
Labels:

Saturday, May 1, 2010

SQL Injection

                                                                  What is SQL?

The word SQL stands for structure query language.A language that can communicate with Database.
SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.; you can access anything that's in the database.
Example Vulnerable Code - login.php (PHP/MySQL)
Here's an example of a vulnerable login code
 PHP CODE

Read more »
Posted by adnan 0 at 3:38 AM 0 comments
Labels:

Friday, April 30, 2010

The Basics of Hacking


Hello and welcome to this blog.If you see all the text on this page, and are afraid, you're not meant to be a hacker, quit now. Also, please know now that unlike in the movies, not everything is hackable. I will be writing about the basics of hacking servers; I will cover how to scan and/or exploit vulnerable daemons (services) running on the target server, and how to discover and/or exploit web-script vulnerabilities. You will need to know your way around a computer before reading this. And if you don't know what a word means, Google or Wiki it!; if you don't understand a concept, post here and I will try to clarify. Thanks for reading, hope this helps.
Tools Required:
Port Scanner - nmap - http://nmap.org/
Worlds No1 Browser - FireFox - http://firefox.com/
Read more »
Posted by adnan 0 at 7:12 AM 0 comments
Labels:
Subscribe to: Posts (Atom)
Related Posts with Thumbnails
 

|