Automatic Sql injection and Database Take Over tool

Hey... today i will show you how to generate a simple backdoor using sql injection technique by using sqlmap tool.

once I was found a web application that vulnerable of sql injection attack. the target url like this "192.168.56.2/coba/index.php?id=1" a simple testing I tried to insert character " ' " on the parameter id the result url like this 192.168.56.2/coba/index.php?id='1 it has a error like below :

"the result cant be found because,..You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1' at line 1" it means that this target is vulnerable and possible to be exploit by using sqlmap.

sqlmap is one of several tools that using for sql injection attack..

open the sqlmap then I tried write this syntax :

"Permission Denied" are you root??

Today I want to show you how to get root access trough web application flaws on the web server.

Once I have to find out the vulnerable of the web application for exploit..

target for today is 192.xxx.xx.101 /xxx. This web, support for vulnerable at the upload image feature. And it can be exploit by use temper data tool, like burpsuit/

before start upload setting your proxy on your browser to intercept the POST data from your browser client use burpsuit.

Now, this web application only can uploading an image or jpg extension, so I renamed my shell backdoor to be jpg extension then I click Upload. The file not exactly to POST to server but it can be edit with burpsuit tool. Like this

The Difference Betwen Socks4 and Socks5

Socks is a standard protocol that use to handle network traffic for TCP trough proxy server. SOCKS proxy servers are more flexible and do not seize you. While HTTP proxy servers could hide your IP only when you are browsing a web page, SOCKS proxy servers could help you keep your information private (your IP) even when you are using such programs like ICQ, Skype, MSN or even email clients like Outlook, TheBat, Thhunderbird.

there are two implementation from protocol SOCKS, here are SOCKS4 and SOCKS5.

the main difference between them are :

SOCKS4:

is a simple extension to SOCKS 4 protocol that allows a client that cannot resolve the destination host's domain name to specify it.

The client should set the first three bytes of DSTIP to NULL and the last byte to a non-zero value. (This corresponds to IP address 0.0.0.x, with x nonzero, an inadmissible destination address and thus should never occur if the client can resolve the domain name.) Following the NULL byte terminating USERID, the client must send the destination domain name and terminate it with another NULL byte. This is used for both "connect" and "bind" requests.

SOCKS5 :

provide additional security trough authentication.

socks5 is compatible with most of TCP application.

provide an base firewall for authenticate input and output packet, and

provide Network Address Translation (NAT).

support for UDP and IPv6.

Client connects and sends a greeting which includes a list of authentication methods supported.

Server responds similar to SOCKS 4.Another advantage of SOCSK5 is various authentication mechanisms

thanks...

.htaccess

.htaccess is a simple  ASCII  file that make for protect directory web, block ip address and many things that you can do with .htaccess like :

• redirecting a domain without access WWW to WWW

the configuration file like below :
 
Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domainanda.com [nc]
rewriterule ^(.*)$ http://www.domainanda.com/$1 [r=301,nc]

• prevent others to see .htaccess and the other files

order allow,deny
deny from all

if you want to prevent for access other file change .htacces name with other name.

• changing error message

if you want to change server page error. you can using .htaccess to defines your own error message .
 
 syntax error example :

ErrorDocument 500 /error.html

change error.html with your own error page.

and many other you can do with .htaccess

PHP SUHOSIN

PHP suhosin is a system security protect for installation PHP. suhosin designed to protect server and user from flaw on the PHP Application.   Suhosin become with two parts that are independent. they are :

• Patch (not full protection)

this type is a small patch that apply low-level protection which against bufferoverflow or susceptibility of string format.

• Extension (full protection)

this type that implement all protects for PHP extension.  

• they are can be combined if required 

why we use PHP ushosin...???

because PHP suhosin can protect our server from bug that could be attack.

if you wish additional protection for your server and your business, using patch and extension are very recommended. its not only protect your server and your client but its protect all people on the internet.

Some Protection applied of PHP suhosin are :

• cookie encryption.
• session encryption.
• prevent session hijack. 
• Filtered input form.
• limit the number of variable (POST, GET) to system.  
• limit the number of upload on once request time.
• etc

for install suhosin follow this url http://www.scribd.com/doc/32067690/SUHOSIN


thanks....!!!
   
.