Connect Tutorial
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Connect Tutorial as PDF for free.
More details
- Words: 887
- Pages: 4
Crypt‐o‐Logic
Techfest ‘09
Networking Web Hacking SQL injection: It is the technique of exploiting web applications that use client‐supplied data in SQL (Structured Query Language) queries, but without first stripping potentially harmful characters. The simplest SQL technique is bypassing login forms.
Example A developer can create this list using the following SQL statement: CREATE TABLE user_table ( id INTEGER PRIMARY KEY, username VARCHAR(32), password VARCHAR(41) ); This SQL code creates a table with three columns. The first column stores an ID that will be used to reference an authenticated user in the database. The second column holds the username, which is arbitrarily assumed to be 32 characters at most. The third column holds the password column, which contains a hash of the user’s password, because it is bad practice to store user passwords in their original form. We will use the SQL function PASSWORD() to hash the password. In MySQL, the output of PASSWORD() is 41 characters. Authenticating a user is as simple as comparing the user’s input (username and password) with each row in the table. If a row matches both the username and password provided, then the user will be authenticated as being the user with the corresponding ID. Suppose that the user sent the username lonelynerd15 and password mypassword. The user ID can be looked up: SELECT id FROM user_table WHERE username='lonelynerd15' AND password=PASSWORD('mypassword') An SQL injection would like below: SELECT id FROM user_table WHERE username = '' OR 1=1 ‐‐ ' AND password = PASSWORD('x') In this case, the attacker placed SQL instruction ('OR 1=1 ‐‐) in the username field instead of data.
Crypt‐o‐Logic
Techfest ‘09
Directory Traversal: Attackers use directory traversal attacks to read arbitrary files on web servers, such as SSL private keys and password files.
Example Consider this simple PHP application that displays a file in many languages: Assume that this PHP page is accessible through http://foo.com/webapp/static.php?language=main‐en; an attacker can read arbitrary files from the web server by inserting some string to make the include function point to a different file. For instance, if an attacker made these GET requests, http://foo.com/webapp/static.php?language=../../../../etc/passwd%00 the include function would open this file: /usr/local/webapp/static_files/../../../../etc/passwd This file is simply /etc/passwd Thus, the GET request would return the contents of /etc/passwd on the server. Note that the null byte (%00) ends the string, so .html would not be concatenated to the end of the filename. Other web hacking methods which are not going to be explained here (to keep the length of this tutorial under check) include
Cookie poisoning XSS Injection
Crypt‐o‐Logic
Techfest ‘09
For more Information, check out some of the easily google‐able links on the above and related topics. One such site which covers the above is www.spidynamics.com
Network Hacking This field is too vast to be covered in this small tutorial. Just the basic steps will be mentioned here along with relevant information. (Note that the information here is only related to local network hacking)
Step 1: Footprinting This step is where you find out about your network; the machines, their type etc. In case of an unswitched network, this is a trivial issue. This step may also involve sniffing of the network traffic so a fair knowledge of sniffers like Wireshark etc will be required. The same can be accomplished in case of a switched network with a spoofer/poisoner such as Ettercap or Cain. Note that misuse of these might result in disqualification for the competition purposes. For additional information regarding this, read up a tutorial or two on packet sniffing and on network discovery.
Step 2: Scanning and Enumeration This is the next stage where you scan the target machine for open ports and if possible, services running on them. The second part may turn out to be a bit more complicated than the first which can be easily accomplished with any good port scanner, e.g. Superscan. This is pretty self‐explanatory and all you will need to do is get yourself familiarized with a few common services
Step 3: Gaining Access This is the most challenging (or trivial, depending on the security) step of all. There is no easy method to get through this step in which you actually hack into the system using your own or someone else’s exploits. A basic knowledge of the common vulnerabilities and exploits for services/applications is necessary to get through this. Although some material will be provided to the participants, you are expected to know the fundae behind and apply them to get to the next stage.
Step 5: Accomplishing the mission This is the end of your quest! You now take whatever it was that you hacked into the system for and get right out before you are caught!! Links with related information are easily available for each step of the above. And if you can get hold of a book (e‐book or otherwise), well then, that’s all the better!
Crypt‐o‐Logic
Techfest ‘09
Additional Details Regarding the Competition There will be a variety of tasks which might link two or more of the above to create a challenging problem. Also, there will be topics to test your understanding of basic network protocols, functioning of the network and common security issues. Naumaan Nayyar IIT Bombay [email protected]
Techfest ‘09
Networking Web Hacking SQL injection: It is the technique of exploiting web applications that use client‐supplied data in SQL (Structured Query Language) queries, but without first stripping potentially harmful characters. The simplest SQL technique is bypassing login forms.
Example A developer can create this list using the following SQL statement: CREATE TABLE user_table ( id INTEGER PRIMARY KEY, username VARCHAR(32), password VARCHAR(41) ); This SQL code creates a table with three columns. The first column stores an ID that will be used to reference an authenticated user in the database. The second column holds the username, which is arbitrarily assumed to be 32 characters at most. The third column holds the password column, which contains a hash of the user’s password, because it is bad practice to store user passwords in their original form. We will use the SQL function PASSWORD() to hash the password. In MySQL, the output of PASSWORD() is 41 characters. Authenticating a user is as simple as comparing the user’s input (username and password) with each row in the table. If a row matches both the username and password provided, then the user will be authenticated as being the user with the corresponding ID. Suppose that the user sent the username lonelynerd15 and password mypassword. The user ID can be looked up: SELECT id FROM user_table WHERE username='lonelynerd15' AND password=PASSWORD('mypassword') An SQL injection would like below: SELECT id FROM user_table WHERE username = '' OR 1=1 ‐‐ ' AND password = PASSWORD('x') In this case, the attacker placed SQL instruction ('OR 1=1 ‐‐) in the username field instead of data.
Crypt‐o‐Logic
Techfest ‘09
Directory Traversal: Attackers use directory traversal attacks to read arbitrary files on web servers, such as SSL private keys and password files.
Example Consider this simple PHP application that displays a file in many languages: Assume that this PHP page is accessible through http://foo.com/webapp/static.php?language=main‐en; an attacker can read arbitrary files from the web server by inserting some string to make the include function point to a different file. For instance, if an attacker made these GET requests, http://foo.com/webapp/static.php?language=../../../../etc/passwd%00 the include function would open this file: /usr/local/webapp/static_files/../../../../etc/passwd This file is simply /etc/passwd Thus, the GET request would return the contents of /etc/passwd on the server. Note that the null byte (%00) ends the string, so .html would not be concatenated to the end of the filename. Other web hacking methods which are not going to be explained here (to keep the length of this tutorial under check) include
Cookie poisoning XSS Injection
Crypt‐o‐Logic
Techfest ‘09
For more Information, check out some of the easily google‐able links on the above and related topics. One such site which covers the above is www.spidynamics.com
Network Hacking This field is too vast to be covered in this small tutorial. Just the basic steps will be mentioned here along with relevant information. (Note that the information here is only related to local network hacking)
Step 1: Footprinting This step is where you find out about your network; the machines, their type etc. In case of an unswitched network, this is a trivial issue. This step may also involve sniffing of the network traffic so a fair knowledge of sniffers like Wireshark etc will be required. The same can be accomplished in case of a switched network with a spoofer/poisoner such as Ettercap or Cain. Note that misuse of these might result in disqualification for the competition purposes. For additional information regarding this, read up a tutorial or two on packet sniffing and on network discovery.
Step 2: Scanning and Enumeration This is the next stage where you scan the target machine for open ports and if possible, services running on them. The second part may turn out to be a bit more complicated than the first which can be easily accomplished with any good port scanner, e.g. Superscan. This is pretty self‐explanatory and all you will need to do is get yourself familiarized with a few common services
Step 3: Gaining Access This is the most challenging (or trivial, depending on the security) step of all. There is no easy method to get through this step in which you actually hack into the system using your own or someone else’s exploits. A basic knowledge of the common vulnerabilities and exploits for services/applications is necessary to get through this. Although some material will be provided to the participants, you are expected to know the fundae behind and apply them to get to the next stage.
Step 5: Accomplishing the mission This is the end of your quest! You now take whatever it was that you hacked into the system for and get right out before you are caught!! Links with related information are easily available for each step of the above. And if you can get hold of a book (e‐book or otherwise), well then, that’s all the better!
Crypt‐o‐Logic
Techfest ‘09
Additional Details Regarding the Competition There will be a variety of tasks which might link two or more of the above to create a challenging problem. Also, there will be topics to test your understanding of basic network protocols, functioning of the network and common security issues. Naumaan Nayyar IIT Bombay [email protected]
Related Documents
Connect Tutorial
May 2020 10
Connect
June 2020 17
Connect
October 2019 26
Connect 01
November 2019 17
Direct Connect
June 2020 11