How to use SQL Injection in Ethical Hacking

How to use SQL injection Very easy Method simply use & Attacks

SQL injection is a set of SQL commands that are placed in a URL string or in data structures in order to retrieve a response that we want from the databases that are connected with the web applications. Such attacks are usually on webpages developed using PHP or ASP.NET.
A SQL injection attack can be done with the following intentions:
•    To dump the whole database of a system,
•    To modify the content of the databases, or
•    To perform different queries that are not allowed by the application.

This type of attack works when the applications don’t validate the inputs properly, before passing them to an SQL statement. Injection usually gets inserted into the address bar, search field, or data field.
The easiest way to detect if a web application is vulnerable to an SQL injection attack is to use the " ‘ " character in a string and see if you get any error.

Example 1

Let’s try to understand this concept using a few examples. As shown in the following screenshot, we have used a " ‘ " character in the Name field.

Now, click the Login button. It should produce the following response:

It means that the “Name” field is vulnerable to SQL injection.

Example 2

We   have   this   URL:   http://10.10.10.101/mutillidae/index.php?page=site-footer-xss-

discussion.php
And we want to test the variable "page" but see how we have inserted a " ‘ " character in the string URL.

When we press Enter, it will produce the following result which is with errors.

SQLMAP

SQLMAP is one of the best tools available to detect SQL injections. It can be downloaded
from http://sqlmap.org/
It comes pre-compiled in the Kali distribution. You can see it here: Applications -> Database Assessment -> SQLMAP
After opening SQLMAP, we go to the page that we have the SQL injection and then get the header request. From the header, we run the following command in SQL: Coding

./sqlmap.py --headers="User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0" --cookie="security=low; 

PHPSESSID=oikbs8qcic2omf5gnd09kihsm7" -u

'http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#' --

level=5 risk=3 -p id --suffix="-BR" -v3

The SQLMAP will test all the variables and the result will show that the parameter “id” is vulnerable, as shown in the following screenshot.

SQLNinja

SQLNinja is another SQL injection tool that is available in black distribution.

JSQL Injection
JSQL injection is in Java and it manufactures automatic SQL injection.

Quick Tips
To prevent your web application from SQL injection attacks, you should keep the following points in mind:
•    Unchecked user-input to database should not be allowed to pass through the
application GUI.

•   Every variables that pass into the application must be cleaned and validated. • User input should be quoted which has been passed in the database.

How to use SQL Injection in Ethical Hacking

Read More

Ethical Hacking - Cross-Site Scripting

Ethical Hacking - Cross-Site Scripting

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser.
The attacker does not directly target his victim. Instead, he exploits a vulnerability in a website that the victim visits, in order to get the website to deliver the malicious JavaScript for him. To the victim's browser, the malicious JavaScript appears to be a legitimate part of the website, and the website has thus acted as an unintentional accomplice to the attacker. These attacks can be carried out using HTML, JavaScript, VBScript, ActiveX, Flash, but the most used XSS is malicious JavaScript.
These attacks also can gather data from account hijacking, changing of user settings, cookie theft/poisoning, or false advertising and create DoS attacks.

Example
Let’s take an example to understand how it works. We have a vulnerable webpage that we got by the metasploitable machine. Now we will test the field that is highlighted in red arrow for XSS.

First of all, we make a simple alert script

<script>

alert(‘I am Vulnerable’) 

</script>

It will produce the following output:

Types of XSS Attacks

XSS attacks are often divided into three types:

•    Persistent  XSS,  where  the  malicious  string  originates  from  the  website's
database.

•    Reflected XSS, where the malicious string originates from the victim's request.

•    DOM-based XSS, where the vulnerability is in the client-side code rather than the
server-side code.
Generally, cross-site scripting is found by vulnerability scanners so that you don’t have to do all the manual job by putting a JavaScript on it like

<script>

alert('XSS') 

</script>

Burp Suite and acunetix are considered as the best vulnerability scanners.

Quick Tip
To prevent XSS attacks, keep the following points in mind:

•    Check and validate all the form fields like hidden forms, headers, cookies, query
strings.

•    Implement a stringent security policy. Set character limitation in the input fields.

Ethical Hacking - Cross-Site Scripting 

Read More

What is DDOS Attack how to be safe to DDOS Attack its very important

please read Advance hacking course to safe and secure

What is DDOS Attack how to be safe to DDOS Attack its very important

Ethical hacking course Free

Hacking in English

DDOS Attack A distributed denial of service (DDOS) attack is an attempt that is not able to provide an online service in bulk by traffic from many sources. They target several important resources to the news websites from banks and present a major challenge to ensure that people can publish and access important information.

What is DDOS Attack how to be safe to DDOS Attack its very important

Read More

Download pdf book Java in Hindi free

Download pdf book Java in Hindi free

download Java pdf book

easy to read/study book very easy explain for free

download server 1

download server 2

download server 3

Read More

Ethical hacking book pdf file download

Download Advance Hacking book free

Download pdf book here

1. ETHIC  L H  CKING - OVERVIEW 1

Types of Hacking 1

Advantages of Hacking 1

Disadvantages of Hacking 2

Purpose of Hacking 2

2. ETHIC  L H  CKING - H  CKER TYPES 3

White Hat Hackers 3

Black Hat Hackers 3

Grey Hat Hackers 3

Miscellaneous Hackers 3

3. ETHIC  L H  CKING - F  MOUS HACKERS 5

4. ETHIC  L H  CKING - TERMINOLOGIES 9

5. ETHIC  L H  CKING - TOOLS 12

6. ETHIC  L H  CKING - SKILLS 16

Basic Skills 16

Courses & Certifications 16

7. ETHIC  L H  CKING - PROCESS 18

8. ETHIC  L H  CKING - RECONNAISSANCE 20

9. ETHIC  L H  CKING - FOOTPRINTING 21

Domain Name Information 21

Finding IP Address 23

Finding Hosting Company 23

IP Address Ranges 24

History of the Website 24

10. ETHIC  L H  CKING - FINGERPRINTING 26

Basic Steps 26

Port Scanning 28

Ping Sweep 29

DNS Enumeration 29

11. ETHIC  L H  CKING - SNIFFING 31

Types of Sniffing 32

Hardware Protocol Analyzers 33

Lawful Interception 34

12. ETHIC  L H  CKING - SNIFFING TOOLS 35

13. ETHIC  L H  CKING -   RP POISONING 36

What is ARP Spoofing? 36

What is MITM? 36

RP Poisoning - Exercise 37

14. ETHIC  L H  CKING - DNS POISONING 41

DNS Poisoning - Exercise 41

Defenses against DNS Poisoning 42

15. ETHIC  L H  CKING - EXPLOITATION 44

16. ETHIC  L H  CKING - ENUMERATION 47

17. ETHICAL HACKING - METASPLOIT 50

Exploits of Metasploit 51

Metasploit Payloads 52

18. ETHICAL HACKING - TROJAN ATTACKS 55

19. ETHICAL HACKING - TCP/IP HIJACKING 56

20. ETHICAL HACKING - EMAIL HIJACKING 59

Email Spoofing 59

Social Engineering 59

Inserting Viruses in a User System 61

21. ETHICAL HACKING - PASSWORD HACKING 62

Dictionary Attack 62

Hybrid Dictionary Attack 63

Brute-Force Attack 63

Rainbow Tables 64

22. ETHICAL HACKING - WIRELESS HACKING 66

Kismet 67

NetStumbler 68

Wired Equivalent Privacy 69

Wireless DoS Attacks 71

23. ETHIC  L H  CKING - SOCIAL ENGINEERING 72

24.   ETHICAL H  CKING - DDOS   TT  CKS 74

What are Botnets? 74

Types of DDoS Attacks 75

25.   ETHICAL HACKING - CROSS-SITE SCRIPTING 78

26.   ETHICAL HACKING - SQL INJECTION 80

27.   ETHICAL HACKING - PEN TESTING 85

download server 1

download server 2

download server 3

Read More

how to hack with Metasploit

Metasploit is only one most power full tool

 It comes in two versions: commercial and free edition
If there is a big difference in the two versions, it is in this tutorial, we'll use the Community Edition of Metasploit (free).
As ethical hackers, "Use black distribution", which is embedded in Metasploit Community Edition with other tools of ethical hacking. But if you want to install as a standalone tool Metasploit, you can use it on systems that run on Linux, Windows or Mac OS X.
Hardware requirements for setting Metasploite are:
• 2 GHz + Processor
• 1 GB RAM available
• 1 GB + available disk space
Matasploit can be used with a command prompt or web UI.
To open in black, go to Applications -> Exploitation Tools -> Metasplight.
   

Kali Linux window

After Metasploit starts, you will see the following screen. Highlighted in red underline is the version of Metasploit.

Exploits of Metasploit
From Vulnerability Scanner, we found that the Linux machine that we have for test is
vulnerable to FTP service. Now, we will use the exploit that can work for us. The command
is:

use “exploit path”

The screen will appear as follows:

Then type mfs> show options in order to see what parameters you have to set in order
to make it functional. As shown in the following screenshot, we have to set RHOST as the
“target IP”.

We type msf> set RHOST 192.168.1.101 and msf>set RPORT 21

Then, type mfs>run. If the exploit is successful, then it will open one session that you can interact with, as shown in the following screenshot.

Metasplight payload
Payloads, in simple words, are simple scripts that hackers use to interact with a hacked system. Using payloads, they can transfer the data to the hunting system
Metasploid payloads can be of three types:
•   Singles: Singles are very small and designed to create some kind of
Communications, then go to the next step. For example, just creating a user

•    Staged: It is a payload that an attacker can use to upload a bigger file onto a
victim system.


•  Stages: The phase payload components that are downloaded by the Stagers module.
Various payload states provide advanced features with no size limit
As a genius and VNC injection

Payload usage - example
We use command show payloads. With the advantage of this, we can see the payload that we do
, And it will also show the payload which will help us upload / execute files. shoot system

To set the payload that we want, we will use the following command:

set PAYLOAD payload/path

Set the listen host and listen port (LHOST, LPORT) which are the attacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.

Type “exploit”. It will create a session as shown below:

Now we can play with the system according to the settings that this payload offers.

Read More

what is social engineering what is social engineering Phishing Attack

what is social engineering what is social engineering Phishing Attack

social engineering

see some examples of attack of social engineering.


Example 1
You may have noticed the old company's documents thrown in the trash as a dump.These documents may contain sensitive information such as names, phone numbers,Account number, social security number, address, etc. Many companies still use it When carbon paper and roll are finished in your fax machines, your carbon goes in the trashSuch sensitive data may be marked though it seems impossible, but may attackGet information for the company's container to get information easily through the waste.'

Example 2
An attacker can join a company's personnel and establish good relations with him from time to time. These relationships can be online in a social network, chat room or café store , restaurant mall etc, in the playground, or through any other means. The attacker takes the staff of the office into confidence and ultimately digs sensitive information without giving a clue.

Example 3
A social engineer can excuse the employee or a valid user or VIP by making an identity card or by explaining to the employees of the situation in the bus company. Such attackers can gain physical access to restricted areas, thus providing more opportunities for attack.

Example 4
It is in most cases that an attacker can be around you and shoulder
Surfing When you are typing sensitive information such as user ID and password, account
Pin etc.

Phishing Attack
A phishing attack is a computer-based social engineering, where an attacker has crafted a
Emails that look legitimate look similar to emails like this and feel as if they were received
From the original site, but they can be a link to fake websites if you are not smart
If enough, you will type your user id and password and will try to login as a result
In the failure and by that time, the attacker will attack you for your ID and password.
Parent Account

Quick Fix
•    You should implement a good security policy in your organization and conduct the necessary
Training to give information about possible social engineering to all employees
Attacks and their results.

•    Document shredding should be a mandatory activity in your company.


•  Again it is sure that any link coming from your email is coming from
Authentic sources and they point to the right of websites otherwise you may end up
As a victim of phishing.

•   Be professional and never share your ID and password with anybody else in any
case.

what is social engineering what is social engineering Phishing Attack

Read More

Enumeration can be used to gain information hacking course

Calculation comes under the first stage of Ethical Hacking, i.e. "collecting information" 
This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.

Enumeration can be used to gain information on: 

• Network shares
• SNMP data, if they are not secured properly
• IP tables
• Usernames of different systems
• Passwords policies lists

Enumerations depend on the services that the systems offer. They can be:

• DNS enumeration
• NTP enumeration 
• SNMP enumeration
• Linux/Windows enumeration
• SMB enumeration

Let us now discuss some of the tools that are widely used for Enumeration.

NTP Suite

NTP  Suite  is  used  for  NTP  enumeration.  This  is  important  because  in  a  network environment, you can find other primary servers that help the hosts to update their times and you can do it without authenticating the system.

Take a look at the following example.

ntpdate 192.168.1.100

01 Sept 12:50:49 ntpdate[627]: adjust time server 192.168.1.100 offset -

0.005030 sec

or

ntpdc [-ilnps] [-c command] [hostname/IP_address]

root@test]# ntpdc -c sysinfo 192.168.1.100

***Warning changing to older implementation

***Warning changing the request packet size from 160 to 48 system peer: 192.168.1.101

system peer mode: client

2nd

leap indicator: 00
stratum: 5

precision: -15
root distance: 0.00107 s
root dispersion: 0.02306 s
reference ID: [192.168.1.101]
reference time: f66s4f45.f633e130,
Sept 01 2016 22:06:23.458 system flags:
monitor ntp stats calibrate
jitter: 0.000000 s
stability: 4.256 ppm
broadcastdelay: 0.003875 s
authdelay: 0.000107 s

enum4linux

enum4linux is used to enumerate Linux systems. Take a look at the following screenshots and see how we got the usernames in the target host.

smtp-user-enum
smtp-user-enum tries to guess usernames by using SMTP service. Take a look at the following screenshot to understand how it does so.

Quick Fix
It is recommended to disable all services that you don’t use. This reduces the possibilities of OS counting services running on your system.

Read More

Exploitation how to Exploit hacking

Exploitation  how to Exploit

what is Exploitation hacking

The exploitation program is a piece of software or script that hackers can control over a system, exploit its vulnerabilities. To find these vulnerabilities hackers usually use vulnerability scanners such as NESUS, NEXUS, OpenVAS etc.
Metasplight is a powerful tool for detecting vulnerabilities in the system.

On the basis of weaknesses, we find out exploitation. Here, we will discuss some of the best vulnerability search engines you can use.

Exploitation database
Www.exploit-db.com is the place where you can find all the related work related to one
Vulnerability

Common Weaknesses/Vulnerabilities and Exposure Common Weaknesses and Exposure (CVEE) is the standard for information security vulnerability. CVE publicly known information is a dictionary of security vulnerabilities and exposures. It is free for public use https://cve.mitre.org

National Vulnerability Database
The National Vulnerability Database (NVD) standards are the US Government's stock
Based vulnerability management data enables this automation of data vulnerability
Management, security measurement, and compliance. You can find this database at https://nvd.nist.gov

NVD includes the security checklist, security related software defects, misconfiguration, product names, and database of impact metrics.

In general, you will see that there are two types of exploitation:

Remote Exploits - This is the type of factors where hackers use remote exploits to access the system located in remote locations, where you do not have access to remote systems or networks.

Local exploitation - Local exploits are usually used by the user with access to a local system, but he wants to surpass his rights.

Quick Fix

Vulnerabilities generally arise due to missing updates, so it is recommended that you update your system on a regular basis, for example, once a week.

In Windows environment, you can activate automatic updates by using the options available in the Control Panel  System and Security  Windows Updates.

In Linux Centos, you can use the following command to install automatic update package. 

yum -y install yum-cron

Read More

DNS Attack, how to attack and how to be safe

DNS poisoning is a technique that believes in the DNS server that it has got authentic information when it is not really, in fact. This results in the replacement of false IP addresses at the DNS level, where web addresses are converted into numeric IP addresses.It allows an attacker to change the IP address entries for a targeted site on the DNS server provided with the IP address of server controls. An attacker can create fake DNS entries for the server, which may contain malicious content with the same name.

For example, a user uses www.google.com, but the user is sent to another fraudulent site
Rather than being directed to Google's server, as we think, DNS toxicity is used to redirect users to fake pages, which are managed by attackers.

DNS Poisoning − Exercise

Using this tool, do a practice on DNS toxicity, Ettercap

DNS poisoning is similar to ARP toxicity. To start DNS poisoning, you have to start with ARP toxicity, which we have already discussed in the previous chapter. We will use the DNS spoof plugin which is already present in Itrapp.

Step 1: Open the terminal and type "nano atter DNS" This file contains all the entries for the DNS address that are used to solve the domain name addresses by the etrepap. In this file, we will add duplicate entries of "Facebook". If someone wants to open a Facebook, then it will be redirected to another website.

Step 2: Now enter the entries under the terms "redirect it to www.linux.org". View

The following example:

Step 3: Save this file now and exit by saving the file. Use "ctrl + x" to save the file

Step 4: After that, the whole process is similar to starting ARP toxicity. After starting ARP toxicity, click "Plugins" in the menu bar and select "dns_spoof" plugin.

Step 5: After activating DNS_spoof, you will see in the results that Facebook will be infiltrated into Google IP by the time someone types it in their browser.

This means that the user gets a Google page on his browser instead of facebook.com.

In this exercise we saw how network traffic could be smuggled through various tools and methods. To provide network security to stop all these attacks, here a company needs a moral hacker. Let's see what a moral hacker DNS can do to stop poisoning.

Defenses against DNS Poisoning

• As a moral hacker, your work can put you in a state of prevention rather than a pen test. You know that as an attacker you can help you stop the outside techniques.
• Here we are protected against the attack associated with the perspective of a pen tester:
• Use hardware-switched networks for the most sensitive parts of your network, in an effort to isolate traffic in single segments or collision domains.
• To prevent ARP toxicity and spoofing attacks, apply IP DHCP snooping on switches.
• Apply policies to prevent multiple modes on network adapters
• Be careful while deploying wireless access points, knowing that all traffic on the wireless network is subject to sniffing.
• Encrypt your sensitive traffic using encrypting protocols like SSH or IPEC.
• Port security is used by switches, which has the ability to be programmed to only allow specific MAC addresses to send and receive data on each port
• IPv6 has security advantages and options that do not have IPv4.
• Protocols such as FTP and Telnet with SSH have an effective defense against sniffing. If SSH is not a viable solution, consider protecting the old legacy protocol with IPsec.
• Virtual Private Network (VPN) can provide effective defense against sniffing due to their encryption aspect.
• SSL is a great defense with IPsec

Summary

In this chapter we discussed that the attacker can capture and analyze all the traffic by placing a packet sniffer in a network. With real time examples, we saw how easy it is to get a victim's identity from a given network. Attackers get sensitive information such as sniffing network traffic and email communications and passwords from attacks of Mac attacks, ARPs and DNS toxicity..

Read More

ARP Spoofing What is ARP Spoofing ARP POISONING Attack

ARP POISONING

Address Resolution Protocol (ARP) is a stateless protocol used to solve an IP address with a machine MAC address. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing.

Here is how ARP works:

When one machine needs to communicate with another, it looks up its ARP table.

the network.

to the ARP_request with its IP and MAC address.

communication will take place. to overload the switch. spoofed ARP responses, the attackers can sniff all network packets.
active attack where the adversary impersonates the user by creating a connection between 
the victims and sends messages between them. In this case, the victims think that they 
are communicating with each other, but in reality, the malicious actor controls the 
communication.

If the MAC address is not found in the table, the ARP_request is broadcasted over All machines on the network will compare this IP address to MAC address.

If one of the machines in the network identifies this address, then it will respond The  requesting  computer  will  store  the  address  pair  in  its  ARP  table  and 

What is ARP Spoofing?

ARP packets can be forged to send data to the attacker’s machine.

ARP spoofing constructs a large number of forged ARP request and reply packets

The switch is set in forwarding mode and after the ARP table is flooded with Attackers flood a target computer ARP cache with forged entries, which is also known as poisoning. ARP poisoning uses Man-in-the-Middle access to poison the network.

What is MITM?

The Man-in-the-Middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) implies an

Main In Middle Attack

A third person exists to control and monitor the traffic of communication between two parties. Some protocols such as SSL serve to prevent this type of attack.

ARP Poisoning − Exercise

In this exercise, we have used VMware workstation to use ARP virus in the atmosphere of the land in which we have installed black linux and aircap equipment to sniff local traffic in the LAN.

For this exercise, you would need the following tools:

• VMware workstation
• Kali Linux or Linux Operating system
• Ettercap Tool
• LAN connection

Note: This attack is possible in wired and wireless networks. You can perform this attack in local LAN.

Step 1: Install the VMware workstation and install the Kali Linux operating system. Step 2: Login into the Kali Linux using username pass “root, toor”.

Step 3: Make sure you are connected to local LAN and check the IP address by typing the command ifconfig in the terminal.

Step 4: Open up the terminal and type “Ettercap -G” to start the graphical version of Ettercap.

Step 5: Now click the tab “sniff” in the menu bar and select “unified sniffing” and click OK to select the interface. We are going to use “eth0” which means Ethernet connection.

Step 6: Now click the “hosts” tab in the menu bar and click “scan for hosts”. It The whole network will start scanning for live hosts.

Step 7: Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in the network. This list also includes the default gateway address. We have to be careful when we select the targets.

Step 8: Now we have to choose the targets. In MITM, our target is the host machine, and the route will be the router address to forward the traffic. In an MITM attack, the attacker intercepts the network and sniffs the packets. So, we will add the victim as “target 1” and the router address as “target 2.”In VMware environment, the default gateway will always end with “2” because “1” is assigned to the physical machine.

Step   9:  In  this  scenario,  our  target  is       “192.168.121.129”   and   the   router   is “192.168.121.2”. So we will add target 1 as victim IP and target 2 as router IP.

Step 10: Now click on “MITM” and click “ARP poisoning”. Thereafter, check the option “Sniff remote connections” and click OK.

Step 11: Click “start” and select “start sniffing”. This will cause ARP toxicity in the network, which means that we have enabled our network card in "enhanced mode" and now can smell local traffic.

Note: We have allowed only HTTP sniffing with Ettercap, so don’t expect HTTPS packets to be sniffed with this process.

Step 12: Now it’s time to see the results; if our victim logged into some websites. You can see the results in the toolbar of Ettercap.

This is how sniffing works. You must have understood how easy it is to get the HTTP credentials just by enabling ARP poisoning.

ARP Poisoning has the potential to cause huge losses in company environments.This is where ethical hackers have been appointed to secure the network.

Like ARP poisoning, there are other attacks such as MAC flooding, MAC spoofing, DNS poisoning, ICMP poisoning, etc. that can cause significant loss to a network.

In the next chapter, we will discuss another type of attack which is known as DNS poisoning.

Read More