Hacking world ~~
Monday 4 September 2017
Saturday 4 January 2014
earn money with mining
Monday 20 May 2013
Create SQL Injection Pentesting Lab in your System
After a long break, - This is my Third Penetration testing lab, and SQLi, Post. Well today's I'll teach you how can you create a SQL Injection Practicing (Penetration Testing) lab in your System. So everyone can learn and Enjoy SQLi Hacking Database without doing any types of Crimes and Affecting Systems.
1. SQL Injection Penetration Testing Lab ?
Yesss..! you might know that SQL Injection is one of the most common method to Hack website and database Exploitation, and it is one of the most common Vulnerabilities in Web Application, Unfortunately there is always a Vulnerability that can Exploit the DB but we don't know how to Exploit it and Research on it, So here I found one Web app that can help you to learn & Practice SQL Injection Techniques.
1. SQL Injection Penetration Testing Lab ?
Yesss..! you might know that SQL Injection is one of the most common method to Hack website and database Exploitation, and it is one of the most common Vulnerabilities in Web Application, Unfortunately there is always a Vulnerability that can Exploit the DB but we don't know how to Exploit it and Research on it, So here I found one Web app that can help you to learn & Practice SQL Injection Techniques.
2. Requirements :
3. Create SQL Pen-testing Lab
- Download XAMPP Apache Server & Install it.
- Download SQLol Pentest Lab Files.
- After, Downloading & Installing XAMPP Server.
- Now, Extract SQLol Pentest Lab files on Desktop & you'll get one folder
- Copy that folder into this location : C:\xampp\htdocs.
- Click on Start Button & Search for XAMPP Control Panel and Hit Enter.
- Now, Click on MySQL [Start] & Same with Apache [Start]Click to Enlarge it
- Now Open your Browser and type 127.0.0.1 hit Enter and Get Started.
- And After all you're done, Just Click on Challenges and Practice, SQLi
- Get started, It will take some hours to understand it completely.
- Challenges, SQL Injection techniques, How it works and all.
4. Tips :
- If you don't know how to Install XAMPP Server Click Here.
- You can also use localhost instead of 127.0.0.1
- I'll always recommend you to use Mozilla Firefox for Pen-testing
------------------------------------------------------------------------------------
You might also like
-------------------------------------------------------------------------------------
Feel free to comment & let me know your Problem, also Share it.
Wednesday 8 May 2013
How to Change anyones Password using CSRF Vulnerability
---------------------------------------------------
CSRF Vulnerability Exploitation
(Cross Site Request Forgery)
---------------------------------------------------
Hello, After a long time it's my Second Post on CSRF Vulnerability Exploitation, CSRF is one of mine favorite website Vulnerability and comes into OWASP Top 10 Vulnerabilities List. And today, I thought to share this skill and knowledge with you all readers.
------------------------------------------------------------------------------------------------------------------------
# What is CSRF (Cross Site Request Forgery) {XSRF} ?
------------------------------------------------------------------------------------------------------------------------
CSRF is also called XSRF and full form is Cross Site Request Forgery - is a type of Web Vulnerability and flaw in Web pages mostly in Login pages, Password Changing Box and Input Box of web pages, that allows an attacker to force browser's to send HTTP Request to Server and Perform many types of Web attacks. Mostly CSRF is used in Sending and Tranfering Money and Funds from one Account to another Bank account without any knowledge to Victim and Second is CSRF is widely used in Password Changing method without any knowledge to victim so an attacker can easily gain access to any normal users Account. For example : Suppose an attacker discover CSRF Vulnerability in Facebook Password Changing box, then that attacker can change any normal users Password, and even Admin can get hack and this leads to Website Defacement. CSRF is very dangerous attack in Web Hacking methods. CSRF discovered in 2000 in many login pages and Passwords Input box of Social Websites, that allows an attacker to Hack and Hijack Accounts of Bank users and also send funds from one account to another account, This is called CSRF
------------------------------------------------------------------------------------------------------------------------
# What can an attacker do with CSRF Vulnerability ?
------------------------------------------------------------------------------------------------------------------------
- Change any users : username, ID, Password, E-mail
- Hack Website Admin Account
- Completely Deface website
- Tranfer Money and Funds to any account
- Credit Card Frauding and Stealing
- Can Also create more vulnerabilities like :-
3. Buffer Overflow
------------------------------------------------------------------------------------------------------------------------
# How to Exploit CSRF Vulnerability ?
------------------------------------------------------------------------------------------------------------------------
So, here is your main question ? well now I'll teach you how can you Explode CSRF Vulnerability, Simply I m using DVWA Pen-testing Lab to show you CSRF tutorial, Note: If you also want to learn this Attack then you'll need CSRF Vulnerable website or DVWA Penetration Testing Lab in your System. So you can learn this attack without doing any Crime. Simply here, I won't show you how to transfer funds from bank to another bank a/c, I'll show you how an attacker can change password and Hack website. And here we go... :D
------------------------------------------------------------------------------------------------------------------------
# Requirements :
- DVWA Penetration Testing Lab (Click to learn how to create Pen-test lab)
- Basic - HTML & Javascript skills (Download E-books to Learn)
- Basic knowledge about HTTP Protocols
- Two Browsers (Chrome= Victim. Firefox as an Attacker )
- D most Imp. Brain to understand
------------------------------------------------------------------------------------------------------------------------
# Steps to Exploit CSRF Vulnerability
Suppose I found a Vulnerability in a website that can change Password of any user just on one click that's we call CSRF attack, here we'll do same and hack website admin password or any users password to learn CSRF Attack.
2. Start your XAMPP Server and Pen-test lab.
Click on Image to ENLARGE it.
3. Well, after all choose CSRF Column and Get Started.
4. There, you'll see it give us an option to Change Password.
5. First of all, Suppose you're an attacker and you want to Change the Admin password of DVWA Website, without any knowledge to Admin. How will you do ? ..!Yes we'll use CSRF attack here, Okay.! then start your both browser's Chrome as Victim and Mozilla Firefox as an attacker. Start DVWA in Chrome and login as Admin with the username = Admin and Password = password. and in Firefox login as a normal user like :- Username: gordonb & Password: abc123.
------------------------------------------------------------------------------------------------------------------------
Make Sure you did all above Process and Method Correctly
6. So, now you're an attacker and you're also the Victim. & always remember to put Security Level at = "LOW" in this Tutorial
7. Small test before attacking to Victim. Select CSRF Column in DVWA Page (Use Chrome here) & change password from abc123 to 123456.Click on Image to Enlarge it
8. Click on Change Password, & Just Look at URL (Link)Click on Image to Enlarge it
9. Now, Just Observe the URL.Click on Image to Enlarge it
11. Okay, let's start our attack - Open chrome start DVWA login as Victim with the username: Admin & Password: password. Also Start Firefox as an attacker with username: gordonb & Password: abc123.
12. Take Firefox, Gordon as an attacker and the victim is Chrome user Admin, the task is to hack and Change Admin password using CSRF Exploitation Code.
13. Simply, we've to force victim's browser to send request to Server through HTTP of Changing password, we'll do it using HTML and Javascript.
14. Now, an attacker will create a HTML scripted page and host it on any free hosting server like 00webhost.com. here we're penetesting so we'll use our own XAMPP Server to host our own files.
15. Start notepad, Copy below Script & save it on this location C:\xampp\htdocs as Attack.html.
------------------------------------------------------------------------------------------------------------------------
<html>
<body onload=�document.frames[0].submit()�>
<form action=�http://127.0.0.1/dvwa/vulnerabilities/csrf/?password_new=654321&password_conf=654321&Change=Change#� method=�POST�>
<input name=�field1� value=�foo�>
<input name=�field2� value=�bar�>
</form>
</body>
</html>
------------------------------------------------------------------------------------------------------------------------
16. After saving it, now come into Chrome browser as Victim, login as admin, and Suppose a Firefox attacker sends you mail with the link of Attack.html that is crafted into a Text file and Suppose the victim or admin Click on it. Then Victim will be redirected to the link http://127.0.0.1/dvwa/vulnerabilities/csrf/?password_new=654321&password_conf=654321&Change=Change# That means now the password of the admin is changed to 654321, so this is called CSRF Vulnerability Exploitation.
17. Let's do test on yourself, Just Copy this "http://127.0.0.1/Attack.html" link in your Chrome browser but remember you must be login in DVWA as Admin with the Security Level = "LOW".
18. That Attack.html file will change admin's password and an attacker can easily get access to admin a/c and deface website Completely. When your victim will visit and just click on your link of attack.html file he will redirected to this page :-
19. And you're done :D......! Now admin password is changed with your password 654321. That's it this is called CSRF.
20. CSRF is really very dangerous attack in Web Application Vulnerabilities Exploitation. what if an attacker discover same vulnerability in Facebook ? then an attacker easily change any user Password without any knowledge to Victim. Below, I give away some special hacking methods of CSRF and Advanced CSRF Vulnerability Exploitation Method PDF E-books to learn CSRF Completely.
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
This is How CSRF Attack Works :)
Share it and Feel free to Comment :]
------------------------------------------------------------------------------------------------------------------------
Note : This is for Educational Purpose only, I'll be not responsible for any type of Miss-use of above method, Do and learn at your own Risk.
------------------------------------------------------------------------------------------------------------------------
Subscribe to:
Posts (Atom)