Outgoing traffic from you pc

Yesterday i was thinking that i should see the outgoing traffic from my pc, i googled it, and found few tools, all were amazing, but what i really found the best for windows is “Microsoft Network Monitor” and what i found with it was really alarming and somehow amazing too..

Network Monitor Screen Shot

 

Download Link : Microsoft Official Site Link  (Download suitable version according to ur pc architecture)

Install it, Log Off, Login and now ur good to go.

Hope it help someone to found illegit traffic from his pc..😉

Rehan Manzoor aka rummykhan

When there is ‘-‘ symbol in Db Name, Table Name or Column Name

In The Name of ALLAH the Most Beneficent and the Merciful

Yesterday i received a site to inject, my friend was unable to extract data from the site. When i tried that i also failed at first attempt i tried few things but unsuccessful. than i google the problem and here i found the solution. so i thought to share this with you all.

MYSQL:

in mysql we have to query like this

SELECT `column-name` FROM `db-name`.`table-name` if there is – symbol in it.

ref : Developers MYSQL

POSTGRESQL:

in postgresql we have to query like this

SELECT “column-name” FROM “db-name”.”column-name”

ref : StackOverFlow

SQL Server:

In SQL Server we have to query like this

SELECT [column-name] FROM [db-name].[table-name]

Other Way :

SELECT “column-name” FROM “db-name”.”column-name”

ref : StackOverflow

Oracle:

in oracle you cannot write – in db-Name:

but for columns you can execute query like this.

SELECT “Column-Name” FROM dbName

ref : StackOverflow

Love For My Budd!z

SQL Injection in INSERT Command SQL Server – ODBC – C#, ASP.NET

In The Name of ALLAH the Most Beneficent and the Merciful

Today while studying i thought to implement ODBC(Open Database Connectivity) in Code.

After implementation i thought to Inject ODBC Insert Command.

Well for any SQL injector i hope this is not the difficult case.

eg

INSERT INTO TableName VALUES(‘Here is your injection point’, Column2)

Now the SQL Statement to Inject this will be like

INSERT INTO TableName VALUES(”,(SELECT cast(@@version as int)))– –

Version will be displayed in Error..

Rest you already know i guess..😀

Injection in INSERT MSSQL

Vulnerable Code :

public static void InsertData(User User)
{
try
{
using (OdbcConnection conn = new OdbcConnection(ConnString))
{
string Query = “INSERT INTO admin VALUES(‘” + User.Username + “‘,'” + User.Password + “‘)”;
using (OdbcCommand comm = new OdbcCommand(Query, conn))
{
conn.Open();
if (comm.ExecuteNonQuery() > 0)
Console.WriteLine(“Insert Success!”);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}

Safe Code:

public static void InsertDataSafe(User User)
{
try
{
using (OdbcConnection conn = new OdbcConnection(ConnString))
{
string Query = “INSERT INTO admin VALUES(?,?)”;
using (OdbcCommand comm = new OdbcCommand(Query, conn))
{
comm.Parameters.Add(“?”, OdbcType.NVarChar).Value = User.Username;
comm.Parameters.Add(“?”, OdbcType.NVarChar).Value = User.Password;
conn.Open();
if (comm.ExecuteNonQuery() > 0)
Console.WriteLine(“Insert Success!”);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}

In the Name of ALLAH the most Beneficent and the Merciful

As a Measure of Security .Net provides us with a choice of Encrypting ConnectionString(s) using DPAPI – (Data Protection Application Programming Interface) or RSA – ( Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977), these two are well known encryption standards. Im not going to discuss these encryption algorithms here.. So lets move on with the topic.

Best practice considered in .Net is to centralize the ConnectionString by placing it in web.config file and calling it with WebConfiguration Objects, than the .Net makers thought to take a security measure to encrypt that ConnectionString. So if anyone have access to that specific web.config file, he is not able to access the database using that ConnectionString.

How To Encrypt and Decrypt :

Screenshot 2014-10-01 03.49.02

 

Just add this code behind any event in your .aspx page ur all done.

This is Encryption using DPAPI & to Encrypt this with RSA just change the provider value with “RsaProtectedConfigurationProvider”.

Download Link

During pentesting an aspx site i found ConnectionString Encrypted. i was wondering that how to decrypt that, but it was so easy, I just coded this on a page and downloaded that web.config and tried to decrypt that, but😦 it was not working, than i google around and i came to know that decryption can only be done if we perform this on the machine where encryption is taken place, so i uploaded this file in that site and boom. i was able to see the ConnectionString.

thats all friends.

For any Question u can ask. Thanx

Special Love for Blackhawk

What is HQL Injection

HQL Injection i came to know last night.. HQL stands for Hibernate Query Language.. and this is strictly related to HQL ORM (http://hibernate.org/orm/).. Well according to an SQL Injector point of view there is nothing new in it.. Here are some useful links for understanding HQL and HQL Injection

HQLMap Tool
https://github.com/PaulSec/HQLmap

Vulnerable Environment
https://github.com/continuumsecurity/RopeyTasks/

Manual Injection
http://blog.h3xstream.com/2014/02/hql-for-pentesters.html

HQL
http://docs.jboss.org/hibernate/orm/3.3/reference/en/html/queryhql.html
http://www.tutorialspoint.com/hibernate/hibernate_query_language.htm