Posts

Showing posts from June, 2011

Subnet

A subnet allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance. Subnet Mask Perhaps the most recognizable aspect of subnetting is the subnet mask . Like IP addresses, a subnet mask contains four bytes (32 bits) and is often written using the same "dotted-decimal" notation. For example, a very common subnet mask in its binary representation 11111111 11111111 11111111 00000000 is typically shown in the equivalent, more readable form 255.255.255.0 Applying a Subnet Mask A subnet mask neither works like an IP address, nor does it exist independently from them. Instead, subnet masks accompany an IP address and the two values work together. Applying the subnet mask to an IP address splits the address into two parts, an "extended network address" and a host address. For a subnet mask to be valid, its leftmost bits mus...

Bypass HTML Field Restrictions

This time I learn about Bypass HTML Field Restrictions. I bypass the html form . In order to pass this lesson , I must submit the form with each field containing the value of unallowed . I have to submit an invalid value for all six fields in one delivery form provided . that is : select field which has two choices , radio button which has two choices , input field which retricted to 5 character, and disableinput field with a form that can not be filled . And this some way that I have tried to bypass it : First I submibt that form as usual and I did not find any change Then I tried to intercept request by webscarab, I change values that not provided there. but I not find any changes too. I studied again after it there are only 5 fields in the request when the procedure mentioned there are 6 fields . then I add a new field that is itself disableinput field , the parameter I get from the source web page . but I not find ...

Installing Webgoat in Backtrack

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. 1. Before installing firs download webgoat from this link  . 2. To   extract   the   file   format   7zip, install p7zip by :     apt-get install p7zip 3. Now extract webgoat file :      p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z 4.  if   the   extract   has been completed , go   into the   folder   extract :     cd  WebGoat-OWASP_Standard-5.3_RC1 5.  change the   file p...

SQL injection

This time I will tell you a little about sql injection I am studying . I learned to direct practice in DVWA ( Damn Vulnerable Web Applicaion ) . I started from a low level , and here are the php syntax that must be injected : " <?php     if(isset( $_GET [ 'Submit' ])){      // Retrieve data      $id  =  $_GET [ 'id' ];      $getid  =  "SELECT first_name, last_name FROM users WHERE user_id = ' $id '" ;      $result  =  mysql_query ( $getid ) or die( '<pre>'  .  mysql_error () .  '</pre>'  );      $num  =  mysql_numrows ( $result );      $i  =  0 ;     while ( $i  <  $num ) {          $fir...

SQL Injection and Blind SQL injection

SQL injection SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks. Incorrectly   filtered   escape   characters when the user   input   string   into a   form   that is not   filtered   then the   user   can   input   a   query that can be dangerous,   such as   display   tables or   even   delete...

Setting Modem smart c700 on Backtrack

1. Before installing we need to " wvdial " which can be obtained by :       apt - get install wvdial 2. if wvdial is installed , now we find out about the vendor and product of the usb device with the command :       lsusb  Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 002: ID 1b1a:0000 Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 002: ID 05c6:9004 Qualcomm, Inc.             <------ this our modem Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 002: ID 064e:a103 Suyin Corp. Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub 3. Setting smart driver module with the following command :   ...

WEB SERVICES TESTING

1. WS Information Gathering The first step to perform a Web Service Test is to determine the WS entry points and the communication schema: this is described in the WSDL associated with the WS. 2. Testing WSDL Check the WSDL of the web service to find the entry points and try to invoke an operation that is not used in a standard SOAP Request. Ensure that the WS doesn’t give some confidential information 3. XML Structural Testing This section discusses the types of attack vectors one could send to a web service in an attempt to assess its reaction to malformed or maliciously-crafted messages. For example, elements which contain large numbers of attributes can cause problems with parsers. This category of attack also includes XML documents which are not well-formed XML (e.g., with overlapping elements, or with open tags that have no matching close tags). DOM-based parsing can be vulnerable to DoS due to the fact that the complete message is loaded into memory (as opposed to SAX pa...

AJAX TESTING

1. AJAX Vulnerabilities Asynchronous Javascript and XML (AJAX) is one of the latest techniques used by web application developers to provide a user experience similar to that of a local application. Since AJAX is still a new technology, there are many security issues that have not yet been fully researched. Some of the security issues in AJAX include: • Increased attack surface with many more inputs to secure • Exposed internal functions of the application • Client access to third-party resources with no built-in security and encoding mechanisms • Failure to protect authentication information and sessions • Blurred line between client-side and server-side code, resulting in security mistakes 2. How to test AJAx Because most attacks against AJAX applications are analogs of attacks against traditional web applications, testers should refer to other sections of the testing guide to look for specific parameter manipulations to use in order to discover vulnerabilities. The challenge...

DENIAL OF SERVICE TESTING

Image
1. Testing for SQL Wildcard_Attacks 2. D Locking Customer Accounts In this test we check whether an attacker can lock valid user accounts by repeatedly attempting to log in with a wrong password. when we try to login by exist account and wrong password or  by not exist account and wrong password we get the following error message : when we try to register by the axist account we get the following error message : 3. Buffer Overflows 4. User Specified Object Allocation In this test we check whether it is possible to exhaust server resources by making it allocate a very high number of objects. Our targets can not be attacked using this method:   5. User Input as a Loop Counter 6. Writing User Provided Data to Disk With this test, we check that it is not possible to cause a DoS condition by filling the target disks with log data 7. Failure to Release Resources With this test, we check that the application properly releases resources (files and/...

DATA VALIDATION TESTING

Image
Testing for Cross site scripting In Cross Site Scripting (XSS) testing, we test if it is possible to manipulate the input parameters of the application so that it generates malicious output. We find an XSS vulnerability when the application does not validate our input and creates an output that is under our control. This vulnerability leads to various attacks, for example, stealing confidential information (such as session cookies) or taking control of the victim's browser. An XSS attack breaks the following pattern: Input -> Output == cross-site scripting In this guide, the following types of XSS testing are discussed in details: 1. Testing for Reflected Cross Site Scripting A black-box test will include at least three phases:    1. Detect input vectors. The tester must determine the web application’s variables and how to input them in the web application. See the example below.    2. Analyze each input vector to detect potential vulnerabilities. To detect...

Cookie and Session

Terminologis Session cookie A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie expires if the user does not access the website for a period of time chosen by the server (idle timeout). Persistent cookie A persistent cookie will outlast user sessions. If a persistent cookie has its Max-Age set to 1 year, then, within the year, the initial value set in that cookie would be sent back to server every time the user visits the server. This could be used to record a vital piece of information such as how the user initially came to this website. For this reason, persistent cookies are also called tracking cookies.   Secure cookie A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via eavesdropping. H...