Subnetting

KUMΞL | Thursday, June 30, 2011 | | 0 comments


Subnetting is a technique to break up a large network into smaller networks by sacrificing bit Host ID on the subnet mask to be used as a new Network ID.
example:IP address 192.168.10.0 with a subnet mask 255.255.255.0 default is defined as a class C which means that IP address without subnetting a network address has only one fruit with 254 IP addresses that can be made (192.168.10.1 / 192.168.10.254).

Read more »

What is tor?

KUMΞL | Sunday, June 26, 2011 | | 0 comments

torTor is an application that allows you anonymise your IP address. I.e you can visit www.google.com on 26th Jun 2011 and Google will not record your actual IP address, but the one presented by Tor, this means that a review of logs stored by Google will not, in theory, show a record of you visiting the site on that date.
What is privoxy?
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
How to use the internet anonymously using Tor in linux Backtrack 5?
at first step we must add repo in /etc/apt/sources.list
deb http://deb.torproject.org/torproject.org lucid main

Read more »

Blind SQL Injection

KUMΞL | Monday, June 20, 2011 | | 0 comments


This is a hacking method that allows an unauthorized attacker to access a database server. It is facilitated by a common coding blunder: the program accepts data from a client and executes SQL queries without first validating the client’s input. The attacker is then free to extract, modify, add, or delete content from the database. In some circumstances, he may even penetrate past the database server and into the underlying operating system.
Hackers typically test for SQL injection vulnerabilities by sending the application input that would cause the server to generate an invalid SQL query. If the server then returns an error message to the client, the attacker will attempt to reverse-engineer portions of the original SQL query using information gained from these error messages. The typical administrative safeguard is simply to prohibit the display of database server error messages. Regrettably, that’s not sufficient.
I will be using our example
http://www.site.com/news.php?id=5
when we execute this, we see some page and articles on that page, pictures etc…
then when we want to test it for blind sql injection attack
http://www.site.com/news.php?id=5 and 1=1
==> this is always true and the page loads normally, that’s ok.
Now the real test
http://www.site.com/news.php?id=5 and 1=2
==> this is false so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.

Read more »

SQL Injection

KUMΞL | Sunday, June 19, 2011 | | 0 comments



SQL injection is a hacking technique is performed in the client application by modifying an existing command in memory MySQL client applications, this is also a technique in which to exploit web applications using database for data storage.

Read more »

What is cookie and what is sessions?

KUMΞL | Wednesday, June 08, 2011 | | 0 comments

cookieCookie is a method of storing data into the computer such as storing user names, passwords or other data. While the session is a method used to maintain data between pages.
For example:
we access site1.com page, then accessing site2.com. Pages site2.com will not know that we are the same people who previously had access site1.com page. Session task is to know that we are the same person.
For that task, the session usually use a cookie (so that the theft of cookies are the same as theft of session). However, the session does not have to use cookies because the nature of cookies are sometimes blocked by the user.
In addition, cookies save data in the user's computer while the session save the current code into the user's computer, while data stored in the server. Neither the value of a cookie nor the value of a session is dangerous if easy guessed or stolen by hackers.

Pretty Good Privace

KUMΞL | Friday, June 03, 2011 | | 0 comments



Pretty Good Privacy (PGP)?
What is it?
It is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.
GNU make a product which useful for PGP and its name is GPG (GNU Private Guard).

Read more »
Subscribe to: Posts (Atom)