DO NOT TRY THIS AT HOME : Our text files and message bases are for INFORMATIONAL PURPOSES ONLY. DO NOT undertake any project based upon any information obtained from this or any other web site.We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
(40 votes) Published: Mar 26, 2007 2:05 p.m. In 1 Favorites Lists Viewed 123 times
well I am screating this egg to help those of you who would lie to learn a thing or two about basic hacking. Remember this guide is intended for those of you who do not know. Pay close attention, as this can get a bit confusing at times.
Key loggers
Key loggers are very usefull, stealth, and easy to use. Below I have posted a link to a free keylogger. This particular one is intended for home use. You can use this to gain access to family member’s personal stuff, or you can just monitor what others are doing.
Cross Site 5cripting
Now pay close attention as this can be very confusing for begginers. You will probably have to practice, or google this one for more info. Cross-site 5cripting (sometimes referred to as XSS,or maybe even css, which I havent seen to much of) vulnerabilities occur when an attacker uses a web application to send malicious code, generally in the form of a 5cript, to a different end user. These flaws happen alot and occur anywhere a internet application uses input from a user in the output it generates without validating it. Web sites today are more complex than ever and often contain dynamic content to enhance the user experience. Dynamic content is achieved through the use of Web applications that can deliver content to a user according to their settings and needs.
While performing different user customizations and tasks, many sites take input parameters from a user and display them back to the user, usually as a response to the same page request. Examples of such behavior include the following.
Search engines which present the search term in the title ("Search Results for: search_term")
Error messages which contain the erroneous parameter
Personalized responses ("Hello, username")
Cross-site 5cripting attacks occur when an attacker takes advantage of such applications and creates a request with malicious data (such as a 5cript) that is later presented to the user requesting it. The malicious content is usually embedded into a hyperlink, positioned so that the user will come across it in a web site, a Web message board, an email, or an instant message. If the user then follows the link, the malicious data is sent to the Web application, which in turn creates an output page for the user, containing the malicious content. The user, however, is normally unaware of the attack, and assumes the data originates from the Web server itself, leading the user to believe this is valid content from the Web site.
For example, consider a Web application that requires users to log in to visit an authorized area. When users wish to view the authorized area, they provide their username and password, which is then checked against a user database table. Now, assume that this login system contains two pages: Login.asp, which created a form for the users to enter their username and password; and the page CheckCredentials.asp, which checks if the supplied username/password are valid. If the username/password are invalid, CheckCredentials.asp uses (for example), a Response.Redirect to send the user back to Login.asp, including an error message string in the query string . The Response.Redirect call will be something like the following.
Then, in Login.asp, the error message query string value would be displayed as follows:
Username:
Password:
Using this technique, when users attempt to login with an invalid username or password, they are returned to Login.asp and a short message is displayed indicating that their username/password were invalid. By changing the ErrorMessage value, an attacker can embed malicious js code into the generated page, causing execution of the 5cript on the computer of the user viewing the site. For example, assume that Login.asp is being called using the following URL.
http://www.somesite.com/Login.asp?ErrorMessage=
As in the code for Login.asp, the ErrorMessage query string value will be emitted, producing the following HTML page:
Username:
Password:
The attacker embedded HTML code into this page in such a way that when users browse this page, their supplied username and password are submitted to the following page.
http://www.hax0r.com/stealPassword.asp
An attacker can send a link to the contrived page via an email message or a link from some message board site, hoping that a user will click on the link and attempt to login. Of course, by attempting to login, the user will be submitting his username and password to the attacker’s site.
SQL injection
once again, this can be difficult to understand so pay close attention. Definition:SQL injection is the name for a general class of attacks that can allow nefarious users to retrieve data, alter server settings, or even take over your server if you’re not careful. SQL injection is not a SQL Server problem, but a problem with improperly written applications.Detailed de5cription
Databases are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL, Web applications interact with databases to dynamically build customized data views for each user. A common example is a Web application that manages products. In one of the Web application’s dynamic pages (such as ASP), users are able to enter a product identifier and view the product name and de5cription. The request sent to the database to retrieve the product’s name and de5cription is implemented by the following SQL statement.
SELECT ProductName, ProductDe5cription FROM Products WHERE ProductNumber = ProductNumber
Typically, Web applications use string queries, where the string contains both the query itself and its parameters. The string is built using server-side 5cript languages such as ASP, JSP and CGI, and is then sent to the database server as a single SQL statement. The following example demonstrates an ASP code that generates a SQL query.
sql_query= "SELECT ProductName, ProductDe5cription FROM Products WHERE ProductNumber = " & Request.QueryString("ProductID")
The call Request.QueryString("ProductID") extracts the value of the Web form variable ProductID so that it can be appended as the SELECT condition.
SELECT ProductName, ProductDe5cription FROM Products WHERE ProductNumber = 123
An attacker may abuse the fact that the ProductID parameter is passed to the database without sufficient validation. The attacker can manipulate the parameter’s value to build malicious SQL statements. For example, setting the value "123 OR 1=1" to the ProductID variable results in the following URL:
http://www.mydomain.com/products/products.asp?productid=123 or 1=1
The corresponding SQL Statement is:
SELECT ProductName, Product De5cription From Products WHERE ProductNumber = 123 OR 1=1
This condition would always be true and all ProductName and ProductDe5cription pairs are returned. The attacker can manipulate the application even further by inserting malicious commands. For example, an attacker can request the following URL:
In this example the semicolon is used to pass the database server multiple statements in a single execution. The second statement is "DROP TABLE Products" which causes SQL Server to delete the entire Products table.
An attacker may use SQL injection to retrieve data from other tables as well. This can be done using the SQL UNION SELECT statement. The UNION SELECT statement allows the chaining of two separate SQL SELECT queries that have nothing in common. For example, consider the following SQL query:
SELECT ProductName, ProductDe5cription FROM Products WHERE ProductID = ’123’ UNION SELECT Username, Password FROM Users;
The result of this query is a table with two columns, containing the results of the first and second queries, respectively. An attacker may use this type of SQL injection by requesting the following URL:
http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT user-name, password FROM USERS
The security model used by many Web applications assumes that an SQL query is a trusted command. This enables attackers to exploit SQL queries to circumvent access controls, authentication and authorization checks. In some instances, SQL queries may allow access to host operating system level commands. This can be done using stored procedures. Stored procedures are SQL procedures usually bundled with the database server. For example, the extended stored procedure xp_cmdshell executes operating system commands in the context of a Microsoft SQL Server. Using the same example, the attacker can set the value of ProductID to be "123;EXEC master..xp_cmdshell dir--", which returns the list of files in the current directory of the SQL Server process.
I know this was confusing, so for those of you who didn’t understand I will post a link for google for both.
Edit Page
Message complicated_simplicity
Add Comment
Add to Favorites
Email to Friend
