Search the Community
Showing results for tags 'important'.
-
1.We need a distribution for pentesting (although this app can be installed on any Debian based distribution, I recommend a pentesting OS because it has a suite of applications that can be useful in this area), the most the recommended distribution is Kali Linux (although good alternatives are also BlackArch / Parrot). The link to the download and the installation instructions are to be found below in the links to the resources. 2. Now that we have the right and configured OS we can start the current process. First we will open a console and we will type sqlmap -h (to start the application). Now you should have the sqlmap interface with the help list. here is the beginning of "fun", the first time you have to see if a certain site is vulnerable. But there are several methods most commonly used to search using "google dorks". Now you will ask what a "google dork", well google dork refers to a search using Google, but with some special features like: inurl, intitle (I will not go into details but will give you a link to a website containing all the google dorks discovered). 3. For this tutorial we will use a dummy website,http://testphp.vulnweb.com/listproducts.php?cat=1, and we will begin scanning using the following command line: sqlmap -u http: //testphp.vulnweb. com / listproducts.php? cat = 1 - time-sec 15, and at the end of the scan should show the following result: TENTIEBig Grinaca during the SQLmap scan will ask about certain parameters the response will always be Yes (y). So far we have found out that the site is vulnerable and some details about the version of MySQL used by him. 4. At the moment we can start listing the databases and finding their names. For the enumeration we will use the -dbs command and the command line will be: sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 - dbs The scan result should be: This image has been resized. Click this bar to view the full image. Ok, so we have 2 databases: acuart and information_schema. ATTENTION: information_schema is a default database and it does not matter to us, so we will always ignore it. Preceeding to access the acuart database using the command line: sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables, where -D is the parameter to set the database- and -tables is to enumerate the tables. Following the execution, the following result should appear: What you have in front of you are the tables of the DB, obviously the table that is of interest to us is that of the users, so let's try to find the columns in the users table with the following command: sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns, where -T represents the table and --columns enumerates the columns in that table.Following the execution we get So we have the user columns and their type in front. Now we will extract data from several columns, obviously those of interest for us are email, name and pass, we will use as in previous cases the same order structure mentioning DB- the table, and the column: sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users -C email, name, pass --dump, and now we will reach the end of the test , returning the exact email, name and password: I have come to the end, I would like to point out that the example used in the framework of this tutorial was specifically designed to demonstrate how a basic SQL injection works. In most cases, this method is not possible, having to resort to Onion based injections or blind. But at the moment we will not venture so far before learning the basics. So it was as useful as this tutorial to understand the concept, and I apologize if I got you in the mist, this being the first my tutorial. The tutorial tutorial will be about using nmap to find out different information about a server, how about this tutorial I look forward to seeing or adding in private through PM. Below you have links to resources #Regards
-
Currently available only in the Opera Beta version, the new VPN service allows users to set up a virtual location from which to browse the Internet, bypassing the area restrictions imposed on their home country. Unlike other more sophisticated VPN services, the integrated browser with Opera lets you just randomly select a VPN server located in the United States, Europe, or Asia region to anonymize the actual location of the user. Without access to the real IP address, or even for determining the country of origin, imposing content restrictions and filtering web addresses is more difficult. But using a VPN client does not automatically stop monitoring your browsing habits through our volunteer services such as social networks and Google products. For total anonymity, we should avoid logging in with any of the services we have previously denied our identity, and regularly delete the browsing history for removing cookies. This is not the first attempt by the Opera developer to test the integration of a VPN service directly into the web browser, the functionality being available for some time in Opera's PC edition. Interpretation for Android is also easier to use, the activation consisting only of checking the VPN option in the configuration menu and choosing the general location where we want to appear. Those who are not sure what to do can leave the default option - Optimal, the browser automatically selecting the VPN server with the best connection speed. Obviously, the use of VPN services (especially free ones) comes with a perceptible penalty for waiting times when uploading web pages. In addition, it is almost impossible to determine with certainty whether the VPN server connected is trustworthy or not, there are few cases where extensive campaigns for collecting information for third parties have been carried out under the firewall of some VPN services. One of the most recent examples is the Onavo VPN service, used by the Facebook owner, to systematically collect information about users' preferences for using rival social networks without first requiring the consent of the data subjects. Source: Click