Friday, August 26, 2016

Sql injection

SQL Injection:

SQL stands for structured query language. It is used to design databases. Sql injection is the vulnerability occurring in database layer of application which allow the attacker to see the contents stored in the database. This vulnerability occurs when the user's input is not filtered or improperly filtered.

The main goal of attacker is use to access the information stored in website's database. It can be done both manually and by using tools.

Now we will go through using a tool. We need sql injector for that. You can download it here.

Steps of attack:

Vulnerable website> Database> tables> columns> data
Posted by at No comments:

Monday, August 1, 2016

key loggers

Keyloggers:

 One of the best use of keyloggers is that we can spy on any computer easily. Key loggers are of different types. They are 
  • Remote keyloggers and 
  • Stealth keyloggers
Remote keyloggers are those which can be remotely operated from our system whereas stealth keyloggers are those which can be operated directly on the system. Remote keyloggers are more useful than that of stealth keyloggers.

Remote keyloggers:

As we know that remote keyloggers are very easy to use when compared with trojans where all the ip addresses and port numbers are involved.

Keylogger records the keystrokes of the victim. It records each and every data that was being communicated with the victim's system. It records and takes the screenshots and saved it into the attacker's personal data space. It is generally used for spying on children by parents and for some other useful purpose. But nowadays it is used for malicious activities and to find passwords and reduce confidentiality of the victim. Many antivirus detects keyloggers and prevent them from losing data. But many keyloggers are still in use.

methodology of attacker in using remote keylogger:

  • First the attacker needs to create an executable file of size in kbs
  • Attacker may hide this exe file behind any genuine file like iso file or a song..... The victim is now supposed to double click on this image file and hence download it.. here the attacker follows trojan process
  • As the victim clicks it the keylogger gets installed in the victim's system and secretly records the information or the text typed by the victim or keystrokes.. As the victim is connected to the internet the information collected will be transferred through FTP protocol to the attacker's database.

Step by step process to operate a remote keylogger:

  • Download a free remote keylogger Ardamax with it's serial key. password: explorehacking.com. Antivirus detect it as a virus but don't worry
  • sign up at FTP supporting web hosting to upload your files
  • Now you need to click on remote installation on victim's computer
  • After successful installation the key logger will run on hidden mode in victims computer and the data will be transferred to the attacker through file transfer protocol.

Posted by at No comments:
Subscribe to: Posts (Atom)