How They Hack Your Website: Overview of Common Techniques

We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine — a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.

When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.

The Simple SQL Injection Hack

In its simplest form, this is how the SQLInjection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.

Suppose we enter the following string in a Username field:

' OR 1=1 

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ?USRTEXT '
AND password = ?PASSTEXT?

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.

So entering `OR 1=1 — as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ?' OR 1=1 — 'AND password = '?

Two things you need to know about this:
['] closes the [username] text field.

'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = '' OR 1=1

1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.

Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.

But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:

username field examples:

• admin'—
• ') or ('a'='a
• ”) or (“a”=”a
• hi” or “a”=”a

… and so on.

Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.

So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules forWeb CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.

Automated Injection
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.

Remote Injection
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view thisPDF  if you'd like to learn more.

SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests withURLs of the following form are most often held to be vulnerable:

http://somesite.com/index.asp?id=10

Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11

See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.

 

And Please Don't Forget To Share This Post With Your Friends On Social Networking Website Like as Facebook , Twitter etc . 

 

How to Speed Up Idea Netsetter USB Internet

How to Speed Up Idea Netsetter USB Internet 

There is good methods for speedup net setter as well as any internet connection ..

 but remember one thing the surfing and downloading speed is truly 80% depends upon the isp speed. But we can play with the internet settings to do a boost.

To speed up Internet Connection on idea:

1.Download Cablenut application from :  

2.In Cablenut apply the following settings

Default Receive Window = 17520

Default SendWindow = 8096

Disable Address Sharing = 1 

Initial Large Buffer Count = 10 

Initial Medium Buffer Count = 24 

Initial Small Buffer Count = 32 

Large Buffer Size = 4096 

Max Fast Transmit = 6400 

Medium Buffer Size = 1504 

Priority Boost = 0 

Small Buffer Size = 128 

Transmit Worker = 32 

Fast Send Data gram Threshold = 1024 

Enable Fast Route Lookup = 1 

Enable PMTU Discovery = 1 

Ignore Push Bit On Receives = 0 

Global Max Tcp Window Size = 8760 

Max Free Tcbs = 2000 

Max HashTableSize = 4096 

Max Norm Look up Memory = 5000000 

Sack Opts = 1 

Syn Attack Protect = 1 

Tcp1323Opts = 0 

Tcp LogLevel = 1 

Max Dup Acks = 2 

Tcp Max Half Open = 100 

Tcp MaxHalfOpenRetried = 80 

Tcp Recv Segment Size = 1460 

Tcp Send Segment Size = 1460 

Tcp Timed Wait _Delay = 32 

Tcp Useb RFC1122 Urgent_Pointer = 0 

Tcp Window _Size = 8760 

Maximum ConnectionsPer1_0 Server = 8 

Maximum Connections Per Server = 4 

Default TTL = 128 

DisableUser TOS_ Setting = 0 

Tcp Max Data _Retransmissions = 6 

Default TOSValue = 91

3.Download Tcp Optimizer 

4.Apply the following settings in Tcp optimizer

Max MTU - 1500 

MTU Discovery - Yes 

Black Hole Detect - No 

Selective ACKs - Yes 

Max Dup ACKs - 2 

Time to Live (TTL) - 128 

TCP 1323 Options - uncheck both

5.Apply all and restart your computer ,,

And Please Don't Forget To Share This Post With Your Friends On Social Networking Website Like as Facebook , Twitter etc . 

 

HTG Explains: How Hackers Take Over Web Sites with SQL Injection / DDoS

Even if you’ve only loosely followed the events of the hacker groups Anonymous and LulzSec, you’ve probably heard about web sites and services being hacked, like the infamous Sony hacks. Have you ever wondered how they do it?

There are a number of tools and techniques that these groups use, and while we’re not trying to give you a manual to do this yourself, it’s useful to understand what’s going on. Two of the attacks you consistently hear about them using are “(Distributed) Denial of Service” (DDoS) and “SQL Injections” (SQLI). Here’s how they work.

 

Denial of Service Attack

What is it?

A “denial of service” (sometimes called a “distributed denial of service” or DDoS) attack occurs when a system, in this case a web server, receives so many requests at one time that the server resources are overloaded the system simply locks up and shuts down. The goal and result of a successful DDoS attack is the websites on the target server are unavailable to legitimate traffic requests.

How does it work?

The logistics of a DDoS attack may be best explained by an example.

Imagine a million people (the attackers) get together with the goal of hampering Company X’s business by taking down their call center. The attackers coordinate so that on Tuesday at 9 AM they will all call Company X’s phone number. Most likely, Company X’s phone system will not be able to handle a million calls at once so all the incoming lines will tied up by the attackers. The result is that legitimate customer calls (i.e. those that are not the attackers) do not get through because the phone system is tied up handling the calls from the attackers. So in essence Company X is potentially losing business due to the legitimate requests being unable to get through.

A DDoS attack on a web server works exactly the same way. Because there is virtually no way to know what traffic is sourced from legitimate requests vs. attackers until the web server is processing the request, this type of attack is typically very effective.

Executing the attack

Due to the “brute force” nature of a DDoS attack, you need to have lots of computers all coordinated to attack at the same time. Revisiting our call center example, this would require all the attackers to both know to call at 9 AM and actually call at that time. While this principle certainly will work when it comes to attacking a web server, it becomes significantly easier when zombie computers, instead of actual manned computers, are utilized.

As you probably know, there are lots of variants of malware and trojans which, once on your system, lie dormant and occasionally “phone home” for instructions. One of these instructions could, for example, be to send repeated requests to Company X’s web server at 9 AM. So with a single update to the home location of the respective malware, a single attacker can instantly coordinate hundreds of thousands of compromised computers to perform a massive DDoS attack.

The beauty of utilizing zombie computers is not only in its effectiveness, but also in its anonymity as the attacker doesn’t actually have to use their computer at all to execute the attack.

SQL Injection Attack

What is it?

A “SQL injection” (SQLI) attack is an exploit that takes advantage of poor web development techniques and, typically combined with, faulty database security. The result of a successful attack can range from impersonating a user account to a complete compromise of the respective database or server. Unlike a DDoS attack, an SQLI attack is completely and easily preventable if a web application is appropriately programmed.

Executing the attack

Whenever you login to a web site and enter your user name and password, in order to test your credentials the web application may run a query like the following:

SELECT UserID FROM Users WHERE UserName='myuser' AND Password='mypass';

Note: string values in a SQL query must be enclosed in single quotes which is why they appear around the user entered values.

So the combination of the entered user name (myuser) and password (mypass) must match an entry in the Users table in order for a UserID to be returned. If there is no match, no UserID is returned so the login credentials are invalid. While a particular implementation may differ, the mechanics are pretty standard.

So now let’s look at a template authentication query which we can substitute the values the user enters on the web form:

SELECT UserID FROM Users WHERE UserName=’[user]‘ AND Password=’[pass]‘

At first glance this may seem like a straightforward and logical step for easily validating users, however if a simple substitution of the user entered values is performed on this template, it is susceptible to an SQLI attack.

For example, suppose “myuser’–” is entered in the user name field and “wrongpass” is entered in the password. Using simple substitution in our template query, we would get this:

SELECT UserID FROM Users WHERE UserName='myuser'--' AND Password='wrongpass'

A key to this statement is the inclusion of the two dashes (--). This is the begin comment token for SQL statements, so anything appearing after the two dashes (inclusive) will be ignored. Essentially, the above query is executed by the database as:

SELECT UserID FROM Users WHERE UserName='myuser'

The glaring omission here is the lack of the password check. By including the two dashes as part of the user field, we completely bypassed the password check condition and were able to login as “myuser” without knowing the respective password. This act of manipulating the query to produce unintended results is a SQL injection attack.

What damage can be done?

A SQL injection attack is caused by negligent and irresponsible application coding and is completely preventable (which we will cover in a moment), however the extent of the damage which can be done depends on the database setup. In order for a web application to communicate with the backend database, the application must supply a login to the database (note, this is different than a user login to the web site itself). Depending on what permissions the web application requires, this respective database account can require anything from read/write permission in existing tables only to full database access. If this isn’t clear now, a few examples should help provide some clarity.

Based on the above example, you can see that by entering, for example, "youruser'--", "admin'--" or any other user name, we can instantly login to the site as that user without knowing the password. Once we are in the system doesn’t know we are not actually that user so we have full access to the respective account. Database permissions will not provide a safety net for this because, typically, a web site must have at least read/write access to its respective database.

Now let’s assume the web site has full control of its respective database which gives the ability to delete records, add/remove tables, add new security accounts, etc. It is important to note that some web applications could need this type of permission so it is not automatically a bad thing that full control is granted.

So to illustrate the damage which can be done in this situation, we will use the example provided in the comic above by entering the following into the user name field: "Robert'; DROP TABLE Users;--". After simple substitution the authentication query becomes:

SELECT UserID FROM Users WHERE UserName='Robert'; DROP TABLE Users;--' AND Password='wrongpass'

Note: the semicolon is in a SQL query is used to signify the end of a particular statement and the beginning of a new statement.

Which gets executed by the database as:

SELECT UserID FROM Users WHERE UserName='Robert'

DROP TABLE Users

So just like that, we have used an SQLI attack to delete the entire Users table.

Of course, much worse can be done as, depending the SQL permissions allowed, the attacker can change values, dump tables (or the entire database itself) to a text file, create new login accounts or even hijack the entire database installation.

Preventing a SQL injection attack

As we mentioned several times previously, a SQL injection attack is easily preventable. One of the cardinal rules of web development is you never blindly trust user input as we did when we performed simple substitution in our template query above.

An SQLI attack is easily thwarted by what is called sanitizing (or escaping) your inputs. The sanitize process is actually quite trivial as all it essentially does is handle any inline single quote (‘) characters appropriately such that they cannot be used to prematurely terminate a string inside of a SQL statement.

For example, if you wanted to lookup “O’neil” in a database, you couldn’t use simple substitution because the single quote after the O would cause the string to prematurely end. Instead you sanitize it by using the respective database’s escape character. Let’s assume the escape character for an inline single quote is prefacing each quote with a \ symbol. So “O’neal” would be sanitized as “O\’neil”.

This simple act of sanitation pretty much prevents an SQLI attack. To illustrate, let’s revisit our previous examples and see the resulting queries when the user input is sanitized.

myuser'-- / wrongpass:

SELECT UserID FROM Users WHERE UserName='myuser\'--' AND Password='wrongpass'

Because the single quote after myuser is escaped (meaning it is considered part of the target value), the database will literally search for the UserName of "myuser'--".Additionally, because the dashes are included within the string value and not the SQL statement itself, they will be considered part of the target value instead of being interpreted as a SQL comment.

Robert'; DROP TABLE Users;-- / wrongpass:

SELECT UserID FROM Users WHERE UserName='Robert\'; DROP TABLE Users;--' AND Password='wrongpass'

By simply escaping the single quote after Robert, both the semicolon and dashes are contained within the UserName search string so the database will literally search for"Robert'; DROP TABLE Users;--" instead of executing the table delete.

 

And Please Don't Forget To Share This Post With Your Friends On Social Networking Website Like as Facebook , Twitter etc . 

Best Hacking Tricks To Increase Your Internet Speed | Speed Up Your Net Speed

we all know that a slow internet connection really costs time and makes feel annoying . many friends ask me the ways to increase their internet speed.however . it's possible to do to some extent and make your internet
much better then it was in the past.

There are Two tricks that will help you to increase your internet speed..

First Method- Speed Up Your Net Speed By 20%

1. First you go to start button

2. Go To Run

3. Type gpedit.msc And Then Hit Enter.

4.Then Expand Adminsitrative Templates.

5.Then Network

6.Then QoS Packet Scheduler.

Now A New List Appear . Click On Limit Reservable Bandwidth.
Just Disable it.

Now You Click On Apply .

That's It Now You Are Done !! :)

Now Just Restart Your Computer . And I hope You will Get change in Your Speed

Some Basic Tricks From My Side-

1. Use IDM To Boost Your Downloading Speed.

2. Use A Good Anti-virus in Your Computer.

3. Remove Unwanted Add-ons, Software,Unwanted Files Form Your Computer.

4.Update Your Drivers Periodically.

5.Keep A Good Maintennance Of Your Computer.

So I Hope this tricks was useful for you !!

Please Share Your Views Vis Comments On This Tips

And Please Don't Forget To Share This Post With Your Friends On Social Networking Website Like as Facebook , Twitter etc . 

SQL Injection tutorial to Hack websites | Hacking websites

Hello Friends, as you all know in previous hacking classes we have already discussed aboutSQL Injections method of hacking websites. Some of my website users reported that those articles are little bit difficult to understand for new users who wish to learn hacking. For the sake of new users who wish to learn website hacking and SQL injection, i am writing this article  at such a basic level that the user who didn't even have any prior knowledge of SQL can start SQL Injecting websites. This article is also beneficial for hackers too as it will refresh their concepts that what really we have to do and look into website URL if we want to hack website or its database using  SQL injection So Guys read on very basic  SQL injection tutorial..

SQL injection tutorial to hack websites | Hacking website databse

What is SQL Injection?

Basically SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(hackers) enters the special escape characters into the username password authentication form or in URL of the website. Its basically the coding standard loop hole. Most website owners doesn't have proper knowledge of secure coding standards and that results into the vulnerable websites. For better understanding, suppose you opened a website and went to his Sign in or log in page. Now in username field you have  entered something say LOKESH and in the password box you pass some escape characters like ',",1=1, etc... Now if the website owner hasn't handled null character strings or escape characters then user will surely get something else that owner never want their users to view.. This is basically called Blind SQL.

Requirements for SQL Injection:

1. You need a web browser to open URL and viewing source codes.

2. Need a good editor like Notepad ++ to view the source codes in colored format so that you can easily distinguish between the things.

3. And very basic knowledge of some SQL queries like SELECT, INSERT, UPDATE, DELETE etc..

What you should look into website to detect is it vulnerable toSQL injection attack or not?

First of all you can hack those websites using SQL injection hacks that allows some input fields from which can provide input to website like log in page, search page, feedback page etc. Nowadays, HTML pages use POST command to send parameters to another ASP/ASPX page. Therefore, you may not see the parameters in the URL. However, you can check the source f the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:

 < F O R M action=login. aspx method=post>
< i n p u t type=hidden name=user v a l u e=xyz>
< / F O R M>

Everything between the < f o r m >  and < / f o r m > parameters (remove spaces in words) contains the crucial information and can help us to determine things in more detailed way.

There is alternate method for finding vulnerable website, the websites which have extension ASP, ASPX, JSP, CGI or PHP try to look for the URL's in which parameters are passed. Example is shown below:

http://example.com/login.asp?id=10

Now how to detect that this URL is vulnerable or not:

Start with single quote trick, take sample parameter as hi'or1=1--. Now in the above URL id is the parameter and 10 is its value. So when we pass hi'or1=1-- as parameter the URL will look like this:

http://example.com/login.asp?id=hi' or 1=1--

 You can also do this with hidden field, for that you need to save the webpage and had to made changes to URL and parameters field and modify it accordingly. For example:

< F O R M action=http://example.com/login. asp method=p o s t >
< i n p u t  type=hidden name=abc value="hi' or 1=1--">
< / F O R M >

 If your luck is favoring you, you will get the login into the website without any username or password.

But why ' or 1=1-- ?
Take an asp page that will link you to another page with the following URL:

http://example.com/search.asp?category=sports

In this URL 'category' is the variable name and 'sports' is it's value.

Here this request fires following query on the database in background.

SELECT * FROM TABLE-NAME WHERE category='sports'

Where 'TABLE-NAME' is the name of table which is already present in some database.
So, this query returns all the possible entries from table 'search' which comes under the category 'sports'.

Now, assume that we change the URL into something like this:

http://example.com/search.asp?category=sports' or 1=1--

Now, our variable 'category' equals to "sports' or 1=1-- ", which fires SQL query on database something like:
SELECT * FROM search WHERE category='sports' or 1=1--'
 

The query should now select everything from the 'search' table regardless if category is equal to 'sports' or not. 
A double dash "--" tell MS SQL server to ignore the rest of the query, which will get rid of the last hanging single quote ('). 
Sometimes, it may be possible to replace double dash with single hash "#".

However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try

' or 'a'='a

 
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:

' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
'or''='

How to protect you own websites from SQL injection?

 
Filter out character like   '    "    -    /    \    ;    NULL, etc. in all strings from:
* Input from users
* Parameters from URL
* Values from cookie

And Please Don't Forget To Share This Post With Your Friends On Social Networking Website Like as Facebook , Twitter etc .