Spiga

Where Internet Explorer Store Password

Where Internet Explorer Store Password

Internet Explorer store the username and password on user's choice for the user's convinient.It very useful for us.But for one or many reason ,sometimes we need to remove the stored password.Deleting the history,cookies doesn't clear the password.To delete the password,go to 'Internet Option','content', and 'AutoComplete' tab.

Click on 'Clear Password' to remove the the stored password.

Enjoy.....

Password Protection Using .htaccess File

Password Protection Using .htaccess File:.htpasswd

We can use the .htaccess file as a password protection.To do this we need to add few lines in the .htaccess file.Add the following below lines in the file.


1)Replace "Section Name" with the name of the part of the site you are protecting.
2)Change
/full/parth/to/.htpasswd to the full server path to the .htpasswd file.

Now write the file .htpasswd.To do this make a text file and write and save it as .htpasswd.Store this file
anywhere within the website (as the passwords are encrypted) but it is advisable to store it outside the web root so that it is impossible to access it from the web.

Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:

username:password


The
password must be in encrypted form.For this do this:

1)To create the .htpasswd file, use the htpasswd command with the following format:
htpasswd [-c] .htpasswd {username}

After executing this command password,you will be asked to enter the password and it will store the password in the file.
Thats all the file is ready and you are ready to implement the file.

.htaccess file-2

How to write .hatccess file

In the previous article .htaccess file we came to know how the .hataccess file works.In this article we will try to create a simple .htaccess file.The simple .hatccess file look like this:



Creating a .htaccess file may cause you a few problems. Writing the file is easy, you just need enterthe appropriate code into a text editor (like notepad). You may run into problems with saving the file.Because .htaccess is a strange file name (the file actually has no name but a 8 letter file extension)it may not be accepted on certain systems (e.g. Windows 3.1). Though, all you need to do is to save the file by entering the name as:
.htaccess

To ban the ip address we do the following:

SetEnvIf Remote_Addr ^A\.B\.C\.D$ banit
SetEnvIf Request_URI "^(/403\.html¦/robots\.txt)$"
allowit

The first line ban the ip address A.B.C.D and the second line allow the 403.html error page to open.

In the next article of .htaccess file we will look into password security and the file relation.

How To Work With Google-|


Google The Oracle

You must have watched the movie 'The Matrix',who is oracle in that movie,she was the one who has answer to all the question and knows everything.In our Computer World the oracle is the google itself.It has answer to all the question.The only thing is to know is how to talk to google.You must know how to work on google.In this article we will discuss on that topic.

A)The 'A' area in the figure are the tabs which allow you to navigate to the google different tools like,Gmail,orkut,images,news.
1)Search term input textfield:In this you type the word to be search.
2)Google Search:This tab allow to perform search on the given text field .
You must already be knowing this terms,but the below one are really tricky and interesting.

3)I'm feeling lucky:Very few people know about this button.Instead of presenting a list of search results,this button forward the highest-ranked page for the entered search term.Also this page is most relevant page for the entered search term.
4)Advanced search :This links takes you to thr advanced search page.This page contains the advanced feature to for the search results to be very specific.
5)Preferences:This links allow you to select several options.This includes language selection,filter,safe search.
6)Language Tools:This allows to set many different language options and translate text to and from various language.
In the next section we will see on how to search effectively and efficiently on google.

What is .htaccess file


What is .hatccess file

.htacess stands for HyperText Access file.This is the default name of configuration file in the server side.It can also be placed in the directory whose security we want as it provides the ability to customize configuration for requests to the particular directory.

Although .htaccess is only a file, it can change settings on the servers and allow you to do many different things, the most popular being able to have your own custom 404 error pages. .htaccess isn't difficult to use and is really just made up of a few simple instructions in a text file.

.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.

Use of .htaccess file

1)Authorization and Authentication.
.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.
2)Customized error responses
Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
These are some of the most common errors:

401 - Authorization Required
400 - Bad request
403 - Forbidden
500 - Internal Server Error
404 - Wrong page
3)Cache Control
.htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.
4)Rewriting URLs
Servers often use .htaccess to rewrite "ugly" URLs to shorter and prettier ones.

Hacking Websense

Now,we are ready to hack the websense.This will allow you to access the web even the websense is working in the network.You need to do the following steps.....

1)Install the mozilla web browser.
2)Go to 'Tools' tab.




read more...

Credit Card And Internet


Credit Card,Internet And Hacking

In the previous article we came to know about the internet and the transaction security.In this article we will see the security of credit card payment through the internet.

Encrypted credit-card numbers aren't valuable enough by themselves, however, to pay for the compute time spent to attack them. A few years ago someone attempted to sell a large collection of valid credit-card numbers to an undercover FBI agent, who bought them for the modest sum of $2.50 per number. That price hardly justifies the effort needed to decrypt

read more

Are Web Transactions Safe?

Are Web Transactions Safe?

In this cyber world,we do all the business,transaction like bill payment of the mobile,money transfer from one account to other and so many other works.But the question is that how safe is this transaction process.

Now-a-days anyone can buy a pair of small electronic devices that encrypt data sent between two computers across telephone lines. However, Computer A can only understand data sent by Computer B if both of these special devices share the same key. The first device uses the key to encrypt the data using the shared, secret key, while the second device uses that same key to decrypt the information, making it readable to the recipient.
Now comes an interesting question: When your browser encrypts and decrypts data that it shares with a Web site,

read more...

HOW WEBSENSE WORK


HOW WEBSENSE WORK

We have discussed what is websense in the earlier post,in this post we will see the working of the websense.Websense Enterprise works in conjunction with a Master Database of 2.2 million Web sites (comprising 400 million pages) that fall into one of 65+ categories. The user can configure Websense to monitor or block sites in each category. In Websense Enterprise 4.2, administrators can allow users to continue surfing or defer access to sites in a particular category until after work.Sites are first mined through proprietary software techniques and then classified into categories. Sites not categorized by this method are evaluated by qualified Internet analysts for proper categorization and continually checked for accuracy.
Websense uses the IP screening technology so that if any one try to access the web directly,it will be filtered using this technology.Websense do this by
pre-converts all domain names in the database into IP addresses.So it also eliminates the possibility of someone accessing a site directly via the IP address and bypassing the Websense database.

Security Audit Log Is Full


Security Audit Log Is Full

The Event Log folder that contains this policy is available only in Group Policy objects associated with domains, OUs, and sites. The Event Log folder does not appear in the Local Computer Policy object.So we get this error message while login.To avoid this problem do following steps:

Audit Policy

To enable auditing of security related events:

1.

Open the applicable Security Policy.

2.

Expand Security Settings.

3.

Within Security Settings, expand Local Policies to reveal the Audit, User Rights Assignment, and Security Options policies.

4.

Click on the Audit Policy object. The right-hand details pane will reveal the configurable Audit Policy settings

Websense


Websense

Websense is a internet access management system that allows an organization to monitor, report and manage internal Internet use and to prevent misuse of internet from the organization.
Websense is a San Diego-based company specializing in Web security gateway software. This enables client businesses and governments to block user access to chosen categories of website. company says it is the global leader in its field. It has come under criticism from civil liberties groups on the grounds that it assists repressive régimes to restrict freedom of speech.

EMIST

Evaluation Methods for Internet Security Technology (EMIST)

The main objective of the NSF/DHS-sponsored EMIST (Evaluation Methods for Internet Security Technology) research initiative is to develop scientifically rigorous testing frameworks and methodologies for evaluating approaches to large-scale network defenses. Their goal has been to expand the rigor with which we model the protection claims of malware defense algorithms, particularly as we design the metrics that will be used to evaluate and compare competing malware approaches. To this end, we consider how to more rigorously express defense specifications, formally validate or refute desired properties of these systems, and employ simulation and emulation experiments to fully stress algorithm performance. So,this technology is going to be one of the strong soluton for security.

INCREASE SPEED LIMIT OF INTERNET

INCREASE SPEED LIMIT OF INTERNET

Does your ISP deliver the speed you pay for? It’s rather easy to test your broadband internet speed. However, there are a few things to keep in mind. For one, ISPs usually promise an “up to” speed, so you can’t expect top performance at all times, that’s part of the deal. During high traffic times your ISP will suffer from high loads and will certainly not be able to deliver the maximum speed. Thus you’d best perform different speed tests at different time points, to see whether you ever reach the top speed. Also, when running a speed test, make sure no other applications are using the internet, else the result will not be accurate.
Speedtest.net is a good place to test your internet speed. They operate through servers all over the world, so you can connect to a server near you, which increases the accuracy of your result.As you may realize, your internet speed does not only depend on your ISP, it also depends on the hardware and software used on your end of the line. If you are using hardware provided by your ISP, there shouldn’t be a problem. The bottleneck for speed often sits in the connecting computer. Here are a few tips to improve the overall throughput:

(1) Connecting Port:
This may seem obvious, but you should connect to the internet though an ethernet port, rather than a serial, parallel or USB port. If ethernet is not an option, it may be advisable to update your hardware.
(2) Enough RAM
Make sure your system memory can handle the load! If you want to browse fast, you will need to close other applications in case your RAM is maxed out.
(3) Fast Browser
Mozilla based browsers generally are among the fastest browsers, while still being comfortable to use. Whichever open source browser you pick, make sure you don’t overload it with extensions or addons, those will just slow your browser down dramatically. On the other hand, if speed and RAM are not an issue, go for the luxury!
Also there are a number of tweaks and addons to increase the speed of your browser.
(4) Increase Speed under Windows XP Pro
Windows XP Professional reserves 20% of your bandwidth for services like updates or spyware checks. If you would like to exploit this reserve, do the following:
1. Click [Windows] + [R] and type gpedit.msc in the Run window.2. Under Computer Configuration expand the Administrative Templates.3. Go to Network and click the QoS Packet Scheduler tab.4. Double-click on Limit Reservable Bandwidth and enable it.5. Finally change the Bandwidth limit to 0% and click Apply.6. Reboot your computer and enjoy.
(5) Tweak Tools
There are a number of programs that promise to increase your internet speed. They may work, they may not. They all apply a number of changes to optimize your network settings. Whether or not they will really improve your internet speed or which one will work the best for you greatly depends on your system, hence it’s difficult to recommend an application.
Which tools and tweaks worked best for you?

WINDOWS CLEVERNESS

Windows STEALS 20% OF BANDWITH!!! Hack Microsoft

Vista and xp originally keep 20% of the bandwith for microsoft use, here how to turn it to zero!!! Don't pay internet for MIcrosoft!!!!



Windows STEALS 20% OF YOUR BANDWITH!!! Hack Microsoft - The most amazing bloopers are here
source from internet

Enable / Disable Task Manager in Windows


Enable / Disable Task Manager in Windows

Using Registry:

Open Registry from run by typing regedit in run, and search for:


Hive: HKEY_CURRENT_USER

Key: Software\Microsoft\Windows\CurrentVersion\Policies\System

Name: DisableTaskMgr

Type: REG_DWORD

Value: 1=Enablethis key, that is DISABLE TaskManager

Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager .


Using GROUP POLICY

If your regedit has been hacked, use this steps.



1)Click Start
2)Click Run
3)Enter gpedit.msc in the Open box and click OK
4)In the Group Policy settings window
5)Select User Configuration
6)Select Administrative Templates
7)Select System
8)Select Ctrl+Alt+Delete options
9)Select Remove Task Manager
10)Double-click the Remove Task Manager option or disable it.

REMOVING AUTO PLAY OPTION

mynetsecurity

Removing auto play option from hard disk and folder

In the virus infected computer,double clicking the drive doesn't open it but some unwanted task begun,like, showing the property of the drive.This all happen because of the virus and they change the nature of the drive or folder.Also normal antivirus can't detect this.Follow the following steps to correct this defect:

1)In the folder options in Tool menu,Uncheck ‘Hide protected Operating system files’ and click ok.

2)Open drive by right click and explore (don’t double click) and delete the following. autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+ Delete button for delete) Do it in all your drive include floppy drive.

3)Open folder ‘Windows’ (C:\WINDOWS) and delete MS32DLL.dll.vbs or MS32DLL.dll by using Shift + delete button .

4)Open registry by going to Start – Run and type regedit and hit ok and navigate to HKEY_LOCAL_MACHINE – software-Microsoft-Windows –Current Version- Run and delete the entry MS32DLL.

5)Open group policy editor by going to Start – Run and type gpedit.msc and click ok,and Go to User Configuration - Administrative Templates - System. Double Click on the entry ‘Turn Off Autoplay’ from the right pane. Now ‘Turn Off Autoplay Properties’ will display and from the pop up window select ‘Enabled’ and select ‘All drive’ from Turn off Autoplay on an click OK .

6)In the start up tab and uncheck MS32DLL and click ok and close system it with out restart.

7)Empty the recycle bin.

8)Restart the computer.

NEWFOLDER.EXE VIRUS


newfolder.exe virus-get rid of it
New Folder.exe is one of the virus,which can damage your files,computer.This virus disables your taskmanager,registry file,group policy editing,so,it become very difficult to work on the computer.It will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor and slowdown the computer.This also disables the folder options and hide the hidden files and folder.
How to delete this file
To delete this file download the antivirus ESET NOD32.You can download this from here
http://www.eset.com/download/index.php
Install this antivirus and remove the virus.After that type gpedit in the run window.In the user settings ,disable those features which are not working.Now taskmanager,regedit become to work.But,folder options are still not there.To enable this,go to registry by typing regedit in command prompt,and search for the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer
You will see:
NofolderOptions      REG_DWORD                   0*00000000(1)

Delete this key or set the value 0.


Now everything is OK.Never click to this folder type file again.

ROT13

ROT13 CODING
Rot13 is a coding method of the alphabet.As its name suggest,rotate the alphabet by thirteen place.


eg.
code: cypher

ab no
unpx hack


ROT13 has been described as the "Usenet equivalent of a magazine printing the answer to a quiz upside down".[1] ROT13 is a variation of the Caesar cipher, developed in ancient Rome.
ROT13 is its own inverse; that is, to undo ROT13, the same algorithm is applied, so the same action can be used for encoding and decoding. The algorithm provides no real cryptographic security and is not normally used for such. It is often cited as a canonical example of weak encryption. ROT13 has inspired a variety of letter and word games on-line, and is frequently mentioned in newsgroup conversations. Applying ROT13 to a piece of text merely requires examining its alphabetic characters and replacing each one by the letter 13 places further along in the alphabet, wrapping back to the beginning if necessary.[2] A becomes N, B becomes O, and so on up to M, which becomes Z, then the sequence reverses: N becomes A, O becomes B, and so on to Z, which becomes M. Only those letters which occur in the English alphabet are affected; numbers, symbols, whitespace, and all other characters are left unchanged. Because there are 26 letters in the English alphabet and 26 = 2 × 13, the ROT13 function is its own inverse:[2]
ROT13(ROT13(x)) = ROT26(x) = x for any text x. In other words, two successive applications of ROT13 restore the original text (in mathematics, this is sometimes called an involution; in cryptography, a reciprocal cipher).

DECODE .EXE FILE

mynetsecurity

VIEW .EXE CODE
First of all,let's understand what the exe file is.EXE is the common filename extension for denoting an executable file (a program) in the OpenVMS, DOS, Microsoft Windows, ReactOS, and OS/2 operating systems. Besides the executable program itself, many EXE files contain other components called resources, such as bitmaps and icons which the executable program may use for its graphical user interface.The DOS executable file format differs from the COM executable, which is limited to slightly less than 64 KB in size and since it lacks relocation information, can only contain one code segment. The DOS executable header contains such relocation information, which allows multiple segments to be loaded at arbitrary memory addresses, and support executables larger than 64 KB.

Decoding
When the EXE file is compiled,all the information about classes, variables,filenames etc. is lost .Compiling and Linking convert the codes into machine level language.So it is very difficult to get back the complete source code.However,using the Reverse Engineering tehnique we can get some information in the form of machine language.Also we can use the decoder software to do the task.Decoder like


1)disassem.exe

2)PE Explorer



can be used for this purpose. Disassem.exe is a fully functional win32program dissassembler.This software supports the portable executable file.
If you have the more knowledge,kindly send me the post,as I dont know much about this.

NESSUS

mynetsecurity.blogspot.comNessus Vulnerability Scanner
Nessus is one of the best scanner hacking/security tool.Nessus is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.When Nessus is managed with Tenable's Security Center, an enterprise can perform full life-cycle vulnerability and configuration management. Organizations can communicate recommendations to the responsible parties, track remediations, and verify security patches and required configurations.
Some feature of Nessus:
1.Cost:Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed.
2.Linux Platform:Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK .
3.Graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Nessus 3 is now closed source, but is still free-of-cost unless you want the very newest plugins.
How Nessus uses Nmap

Nessus is optimized to work with what we call "plugins". Plugins are implemented in such a way that it does not cost anything memory-wise to launch them -- the NASL interpreter is optimized in such a way that launching a plugin only uses several kilobytes. The operating system is not involved when a plugin is created, which makes the process execution fast and painless.However, since Nmap is an external application, Nessus calls it by launching a special plugin which actually executes the nmap binary, which is a costly operation. To make things worse, in the Nessus architecture each plugin is in charge of ONE host. This means that if you have configured Nessus to scan forty hosts at the time, then there will be forty instances of Nmap running in memory.If you are familiar with Nmap and want to use it for your scan, then run it from the command-line first, and save the results in 'greppable' output:

# nmap -n -sS -p1-65535 -oG nmap-results.txt 127.0.0.1/16

You can then import the results in Nessus directly (in the plugins preferences -> Nmap NASL Wrapper -> File containing Nmap results). This will prevent Nessus from re-scanning your network. You will need the nmap.nasl plugin.

To use Nmap from within Nessus:
Download and copy nmap.nasl to your plugins directory: # cp nmap.nasl /opt/nessus/lib/nessus/plugins/
Restart nessusd: # killall nessusd
# /opt/nessus/sbin/nessusd -D
Next time you connect to Nessus, your client should display a new port scanner (Nmap NASL Wrapper). If not, then it probably means that nmap is not in your $PATH when you are starting nessusd.


You can Download NESSUS By clicking here

ORACLE HACKING


Hack Oracle - Part 2


Continued from the last post, let's look at some more ways of hacking Oracle.

5.Privilege Escalation

In a nutshell "privilege escalation" involves using the existing usually underprivileged account in tricky, sneaky or nefarious ways to gain greater privileges or even the DBA privileges!
Here's an example, using one of the CREATE ANY grants. The access to the database via a user SEAN who has CREATE ANY TRIGGER, so we can create a trigger in any schema. If you can track down a table which any user can write to, create a trigger in SYSTEM which executes when you the unprivileged user, INSERT or UPDATE that publicly writeable table. The trigger you write calls a stored procedure you also write, which, and here's the rub, executes with AUTHID CURRENT_USER. That means it'll have the privileges of the SYSTEM user when it executes *YOUR* procedure. Now inside your nefarious stored procedure you include "EXECUTE IMMEDIATE 'GRANT DBA TO SEAN'"; Voila!
Now :
1. Insert into the public table (the trigger fires)
2. The trigger is owned by SYSTEM
3. SYSTEM calls the change_privileges stored procedure, which is AUTHID CURRENT_USER
So although *I* could not have executed to change my own privileges I managed to get SYSTEM to execute it, and that user *DOES* have the privileges, so I am now granted DBA!!
What's a Database Administrator to do? Well for starters, you should audit your database for CREATE ANY privileges and remove the ones that aren't required. Secondly, you should scan the forums such as http://www.securityfocus.com/ for the latest vulnerabilities surrounding privilege escalation. Lastly, it might not hurt to enable auditing of certain types of activities so the database will help you help yourself. While it audits things like GRANT DBA you can monitor that audit log for malicious or unexpected activity.


6.Listener

Oracle's listener is setup out of the box so that one can remotely administer it. What if the attacker sets the logfile of the listener to be the Unix .rhosts file? Well the attacker can effectively WRITE to the .rhosts file. This file on Unix configures who is allowed to login without a password using the rsh, rlogin, and rcp commands. You can imagine what happens next!
This is really the tip of the iceberg in terms of security surrounding Oracle's listener. There are also buffer overflows and a lot more to look at. In fact, Litchfield's Oracle Hacker's handbook has a whole chapter on the topic!
From the prevention side of the house, Oracle has made some strides to allow better security if only you put it in place. For starters, set a password for administrating the listener. Burdened by an ever-growing set of passwords to manage, this might seem like too much, but consider the threat before you look the other way. Oracle has also added ADMIN_RESTRICTIONS, which prevent certain things from being done remotely. For instance, you would then have to be local to set the location of logfiles.

7.Operating System Commands & Security

Hackers aren't always logged into your system at a shell prompt. In fact, we hope they never are! Nevertheless, that doesn't mean they can't pretend. By coaxing the Oracle database to run commands at the Operating System level though, we're effectively giving the hacker a way to have just that, a method for running commands. Those commands could delete or corrupt files, overwrite logs (to hide their tracks), create accounts, or anything else that one could potentially do at the command line. So, how do they do it?
Although there are a number of ways, the easiest is through languages like Java or PL/SQL. Often the ability to create external stored procedures is available. By default, it is anyway. This can allow a stored procedure, which performs a system call to execute. This system call then can execute with the privileges of the "oracle" account by which Oracle was installed in the first place. So from there you can see where it goes.
Although Oracle has made some strides to protect against these types of things, your best bet in terms of prevention is monitoring. By keeping an eye on the activities inside your system, you're better able to be proactive if an attacker tries something malicious like this.


8.Filesystem Security

Access to the filesystem is one area that is a tricky one to get your head around. The "oracle" OS user owns all of the Oracle software, and datafiles of your database, so if or when a user inside the database accesses files on the filesystem using the UTL_FILE package, they have access to many things they wouldn't have access to inside the database, because their GRANTs and ROLEs constrain them. If they create read datafiles, they can affectively gain access to the raw binary data that make up your tables and indexes, and with some work can deduce the content therein. They may also be able to write to those files and affectively corrupt them. Dangerous indeed.
Oracle has made some strides to prevent this by introducing the DIRECTORY object. One must have a DIRECTORY object defined to do certain types of reading and writing now in 10g. That means a user must have CREATE DIRECTORY privilege, which we've seen previously can be attained by various methods of privilege escalation. Even given all of this, there are still ways to gain access to the filesystem and read and write files via PL/SQL or Java.

ORACLE HACKING


Different Ways to Hack Oracle

Oracle is said to be very safe,but still there are ways to hack the Oracle.Some of the techniques used to hack the Oracle are discussed here.

1. SQL Injection
SQL Injection is simply entering information in a web form, and secretly adding some unexpected code, tricking the application to execute that on the database, and return results the programmer had not foreseen. For example, you have a user login form which requests username and password. In the username field, you enter:sean'); select username, password from all_users;--

for more on sql injection

2. Default Passwords
Most of the Oracle logins have default passwords.


Username        Password
applsys         apps

ctxsys change_on_install

dbsnmp dbsnmp

outln outln

owa owa

perfstat perfstat

scott tiger

system change_on_install

system manager

sys change_on_install

sys manager


3. Brute Force
Brute force, is the method for banging away at the lock, or keyhole until it breaks,forcibly. In the case of Oracle it means trying every username and password by automating the process with a little bit of code to help you.
For years now, a piece of software called John the Ripper has been available to unix administrators for exactly this task. Now there is a patch available for you so you can use this handy software for banging away at Oracle passwords. Want to speed this process up even more? Prepare in advance a table of all password hashes. Such a table is called a Rainbow table. You will have a different one for each username because the password hashing algorithm uses the username as the salt to the function.

4. Sneaking Data Out The Back Door
In the security world, this concept is known as data exfiltration. It comes from the military term, opposite of infiltration, it means getting out without being noticed. In the context of getting data from a target database, it could be as simple as picking up some tape backups and restoring the database, or getting a copy from a retired crashed disk. However, it can also involve snooping network traffic for relevant packets of data.
Oracle has a package called UTL_TCP, which can make outside connections to other servers. It could be used with a little programming magic, to sending a low bandwidth stream of data from the database to some remote host. Oracle also comes with some useful packages to hide what might be inside your secret stream of data, so make ample use of those if you think an intrusion detection system might be monitoring your activities. They include DBMS_OBFUSCATION_TOOLKIT and DBMS_CRYPTO.

SQL INJECTION WITH EXAMPLE


Some More Example Of SQL INJECTION


Continued from the last post,in this post, we will see some real example of the SQL Injection.

For the LOGIN Form :-


user:admin (you dont even have to put this.)

pass:' or 1=1--


or


user:' or 1=1--

admin:' or 1=1--


some sites will have just a password so


password:' or 1=1--



The injection attack has actually made our query behave differently than we intended. By using a single quote (') they have ended the string part of our MySQL query
username = ' '
and then added on to our WHERE statement with an OR clause of 1 (always true).
username = ' ' OR 1
This OR clause of 1 will always be true and so every single entry in the "customers" table would be selected by this statement!


Although the above example displayed a situation where an attacker could possibly get access to a lot of information they shouldn't have, the attacks can be a lot worse. For example an attacker could empty out a table by executing a DELETE statement.

MySQL & PHP Code:


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '";
// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";
// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;

Display:


SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '
If you were run this query, then the injected DELETE statement would completely empty your "customers" table.

SQL INJECTION


SQL Injection

SQL injection is a strong password cracking technique that exploits a security vulnerability occurring in the database layer of an application.SQL Injection is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.

Example:
var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond'
However, assume that the user enters the following:
Redmond'; drop table OrdersTable--
In this case, the following query is assembled by the script:
SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable--'
The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where ShipCity is Redmond. Then, SQL Server will drop OrdersTable.
As long as injected SQL code is syntactically correct, tampering cannot be detected programmatically. Therefore, you must validate all user input and carefully review code that executes constructed SQL commands in the server that you are using. Coding best practices are described in the following sections in this topic.


Input character      Meaning in Transact-SQL

;                        Query delimiter.

'                       Character data string delimiter.

--                   Comment delimiter.

/* ... */                     Comment delimiters. Text between /* and */ is not evaluated by the server.

xp_                   Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.