SQL

What is the difference between UNION and UNION ALL?

UNION removes duplicate records (where all columns in the results are the same), UNION ALL does not.

SQL Injection

I] What is sql injection?
1) SQL Injection is a technique used to attack database from web applications.
2) Here unvalidated users input, (which is vulnerable) along with sql queries from web applications are sent to database for execution.

II] Example/How to do SQL Injection:
In URL : http://www.employee.com/details/employe.aspx?Empid=47 (where users details are displayed , attacker can change the query string and re-execute the url )
like: http://www.employee.com/details/employe.aspx?Empid=47; drop table employee

These kinds of sending, inserting SQL malicious commands from input box/url is called as sql injection.

III] How to avoid/prevent SQL Injection?

1) Always use stored procedures instead of query.
2) Validate parameters and pass to server.
3) Check and replace special symbols which harms database.
4) Configure error reporting.

Bind Variable

https://www.youtube.com/watch?v=TJtjo3FTBtE
watch above link for more info on bind variables.

Burp suite

What is Burp suite?

1. Burp suite is a java application with .jar extension designed for security testing of web   applications.
2. Burp suite acts as a http proxy server, where all http request, response (all http traffic) are passed through proxy server from your browser.
3. Before using Burp suite make sure java with version 1.6 or latter is installed, to check that type java -version in command prompt.
4. If you want to change display setting like font size etc then navigate to options tab --> Display submenu --> edit in user interface.
5.  
   
6. You can refer link for more info:
   
   https://portswigger.net/burp/help/proxy_options.html#listeners.
7. Before using Burp suite, turn off the intercept first which is available in Proxy tab --> Intercept sub tab, refer below.

1.  

8. Navigate to Proxy tab --> Option sub tab and make sure Interface is Running.
9.

• 2nd step is to change proxy server setting, enter http proxy as local host and port as 8080 in Manual proxy configuration in browser.
• Download DVWA Damm vulnerable web application. open oracle VM virtual box --> clink on new --> enter name as dvwa and type as Linux in create virtual machine
• follow steps mentioned in screenshot:
• 
• 
• 
  
• 
  
• 
  
• 
  

• type ifconfig, and whatever ip you will get put it in browser so that DVWA will be accessible to you using browser.
• 
  

OWASP : Sensitive Data Exposure.

Sensitive Data Exposure:

1. Here the sensitive data e.g credit card number, password,sensitive files, sessions, cookies etc are not saved in encrypted format hence this data is clearly visible to attacker.
2. This clear text data can be captured using burpsuite.
3. So the sensitive data if not encrypted by using strong encryption technique can lead to sensitive data exposure.

OWASP : Insecure Direct Object Reference

Insecure Direct Object Reference:

1. Insecure direct object references occurs when the applications provides direct access to objects based on user supplied input.
2. This means when objects are not used securely by developer then the attacker can try to change the values in URL and doing this the user will be able to view/edit information of other users which ideally he should not be able to view/edit information.
3.  eg: suppose there are two types of users i) normal user ii) admin user then when normal user opens site and changes the value of value in URL then he will be able to view information of admin and can able to edit information of his as well.
4. e.g: This is website link www.abc/a.php?id=1111 by opening this link we will get information of normal user when user is able to edit his details.
5. But when attacker changes the value of id as 1288 as mentioned below www.abc/a.php?id=1288 then he will be able to view admins page when he can update admins information.
6. So this occurs when objects are not handled by developer, and attacker will be able to view/edit database records, files information etc. 

OWASP : Cross Site Request Forgery

Cross Site Request Forgery:

1. Here attacker studies the website functionality.
2. After studying the functionality attacker can create similar page with same functionality but changes the values of attributes/parameters. 
3. Here victim user should be already logged into intended website, that is they should already have active session.
4. Victim should already be logged into the web application then only this vulnerability will work.

Identifying CSRF Vulnerability:

1. Study the web application functionalities.
2. Below are some of the functionalities where CSRF may be possible:

• Change passwords
• Transfer money
• Add users
• Delete users
• Change roles
• Post data on behalf of users

How to avoid CSRF:

Use CSRF Token

1. In DVWA (Damn Vulnerable Web Application) Attacker can go through change password functionality.
2. We can see that when we try to change password, password can be visible in clear text in URL
3. http://192.168.0.7/vulnerabilities/csrf/?password_new=abcd&password_conf=abcd&Change=Change#
4. Now we can change the password value in URL i.e craft the URL and send it to victim user who is already logged into same application.
5. As mentioned below we changed the password value to new value.
6. http://192.168.0.7/vulnerabilities/csrf/?password_new=dddd&password_conf=dddd&Change=Change#
7. Here we have created new HTML page in linux ubuntu
8. Type notepad in command prompt.
9. Enter below html text in notepad, i.e. change password value in it and enter forged URL in anchor tag of HTML Save it as html page
10. <html>
    <body>
    
    <a href="192.168.0.7/vulnerabilities/csrf/?password_new=dddd&password_conf=dddd&Change=Change#"> Click Here </a>
    
    </body>
    <html>
11. 
12. Save this forged html page in attacker's domain /var/www
13. /var/www - here web pages are hosted in linux so that anyone will be able to open web pages in their browser by typing the address.
14. Provide this link to victim user, who is already logged into DVWA.
15. Once user clicks on that link his password will be changed , that is without knowledge of victim.

     

OWASP : Unvalidated Redirect and Forward:

•  Please Note: This is only for educational purpose. 

What is OWASP?
Open Web Application Security Program is an online community, wherein security professionals have created online free article for vulnerability/ security risks/flaws in web applications.

•  Unvalidated Redirect and Forward:

1. Here attacker changes the attribute value in URL where the link is redirected to another webpage.
2. e.g. the value of redirect attribute, where redirect is the name of attribute used in URL.
3. This happens as proper validation is not done for the attributes in URL. like domain validation.
4. The aim of attacker is to force the user to visit attackers website, which is already malicious. 
5. When attacker notices such type of vulnerability in we application , the attacker change put his malicious website link inside the redirect attribute and can send it to victim.
6. when victim clicks on such link he is redirected to malicious attackers website, so such website can be created similar as of original website and can force victim (which is unknown to victim) to visit, download malicious code.

How to find such website:

1. Find the websites which has this issue using google dork , e.g.  inurl:redirect_2.php, This google dork will give you website links where redirect word is present in URL.
2. e.g xyz/redirect_2.php?url=www.xyz.com
3. e.g xyz/redirect2.php?url=www.xyz.com
4. Here if you change the value of redirect attribute , in this case url is the name of attribute and you are changing attribute value and if it works then this website is prone to unvalidated redirect and forward vulnerability. 
5. That means this website is not properly validated in terms of URL.
6. When such changed URL is visited by user then attacker can take advantage of this, i.e it can be redirected to attackers malicious website.
7. like attacker can create similar page like original page, input box, password, such things can be saved in background.

Get and Post methods in HTML URL:

1. Get method :   

• Using this method the values are clearly visible in URL. 
• So this method should not be used for sensitive usage. 
• Get method is not secured.

• In above example I entered password in both text field and clicked on change button.

• You can observe my password in clear text inside URL :

• http://192.168.0.7/vulnerabilities/csrf/?password_new=abcd&password_conf=abcd&Change=Change# 

• This is possible as I have used GET Method in Form tag.

 2. Post method:

• Using this method the values are not visible in URL
• So this method should be used in HTML

Networking Concepts

What is a Service?

• Service is a program in computer.
• Service = Program = Application
• Eg: Web Browser, Email program.
• Each service has a unique port.

e.g SSH secure socket host is a service that runs on port 22

HTTP is a service that runs on port 80

likewise there are multiple services , each service runs on unique port number.

What is Web Service?

• Service that runs on Web Server.

Example of port and service:

Computer A has application A running in it.

Computer B has application B running in it.

When a client process wants to a connect a server, the client must have a way of identifying the server that it wants to connect. If the client knows the 32-bit Internet address of the host on which the server resides, it can contact that host. But how does the client identify the particular server process running on that host?

To resolve the problem of identifying a particular server process running on a host, both TCP and UDP have defined a group of well-known ports.

For our purpose, a port will be defined as an integer number between 1024 and 65535. This is because all port numbers smaller than 1024 are considered well-known -- for example, telnet uses port 23, http uses 80, ftp uses 21, and so on.

Ports: 

• Each service has a unique port.
• It is an Integer number
• Port numbers ranging from 0 to 1024 are default ports already assigned to specific services.
• Although these default port numbers can be changed as per configuration
• Port number between 1025 till 65535 can be used for any new service

Before connecting to my SSH service, that is port 22

Foreign IP 192.168.0.4 is connected to my IP 192.168.0.7 on port 22 i.e SSH service.

Foreign IP 192.168.0.4 has selected random port which is 54699 to connect with my SSH Service running on port 22

Foreign IP 192.168.0.4 was running putty client software which selected port 54699 i.e random port

As you can see in 2nd screenshot, there are 2 different ports (54699,54686) in Foreign Address 192.168.0.4,   which means there are two connections established from putty client on my port 22

Why Putty used?

• Putty is a open source free client software that is used to connect remote computers on multiple ports.

How to use Putty?

• Download Putty
• Open Putty and enter ip address of remote host along with port number. 
• There are 5 types of connections, so depending on service that you want to connect , you can select connection type.
• There are 3 default connection types that we can use that is SSH(port 22), Telnet(port 23), Rlogin(port 513)
• For any other ports you can use Raw as connection type and enter the port number.

How to open Command Prompt:

• All system executables such as Command Prompt, telnet, calculator etc are stored in C:\Windows\System32
• Open Command prompt:
  > Press start + r  (This will open run window)
  > Type cmd or cmd.exe (This will open command prompt)

Check reachability of IP using Ping command:
ping 192.168.2.5


Link for netstat commands usage:
http://www.tecmint.com/20-netstat-commands-for-linux-network-management/

How to transfer files from remote machin1e to local machine.?
In my case remote machine is Linux Ubuntu and local machine is windows.

1. Use Winscp application
2. put files in /var/www/html so that the file can be accessible from any browser.

1. Use Winscp application:
a. Download winscp, type host ip address and enter credential, Please refer below:

b. Once you login to winscp , left window is your local window and right window is your remote window.
c. just navigate to the file location from where you want to copy file from remote machine and copy that to left window which is local machine, refer below.

2. put files in /var/www/html so that the file can be accessible from any browser.
a. Check if remote machine is reachable or not, for that type ping 192.168.0.4 (remote ip) in your local command prompt.
b. Open putty, enter details refer below:

c. Once you logged in, type sudo su to switch user as root, for that you have to enter root password.

d. root@linux --> here root is username who is logged in, Linux is host name.
i.e username@hostname.
e. type hostname as Linux and you will be able to view host name as linux.
f. Type cp filename /var/www/html to copy the file, i.e deploy the file in /var/www/html so that it can be accessible via any browser.
g. Now start the apache2 service, this is important to access copied file in /var/www/html
h. Enter service apache2 start , this will start the apache3 service.
I. If you get below error i.e could not bind to address, meaning 80 port is already used by some different service.

j. Kill the process/service that is using port 80
k. Before that find out the services that are making use of port 80, for that type below command
l. netstat -nap | grep 80

netstat --> it is command line tool used to monitor network connections, i.e what are the services ports etc in use.
n--> ip number in integer
a--> all services
p--> process id
grep --> to reduce the output i.e to filter to specific input, in this case only filter port 80

m. now as you can see that python is the service that is running on port 80 with process id 1141, hence just kill the process id as below
kill 1141

now just start apache service and it will be executed without any error.
service apache2 start

apache2 is a webservice

n. now just enter remote ip 192.168.0.4 in browser and the files will be visible to you from any browser.

Linux Basics

Linux File System:

Here’s what you need to know about filesystems:
✓ Linux uses a forward slash (/) between directories, not the backslash
(\) that Windows uses. So, the file yum.conf in the directory etc is
etc/yum.conf.
✓ Files and directories can have names up to 256 characters long, and
these names can contain underscores (_), dashes (-), and dots (.) any-
where within. So my.big.file or my.big_file or my-big-file are
all valid filenames.
✓ Upper- and lowercase matter. They have to match exactly. The files
yum.conf and Yum.conf are not the same as far as Linux is concerned.
Linux is case-sensitive — it pays attention to the case of each character.
Windows, on the other hand, is case-insensitive.
✓ The same filesystem can span multiple partitions, hard drives, and
media (such as CD-ROM drives). You just keep going down through
subdirectories, not having

File System and Hard Disk

File System:The way the files are organized on the disk that is Hard Disk.

• Hard Disk internal Image:

Platter : As shown in below image there are multiple Platter. Data is stored in Platter inside Hard disk.
Platter is just like CD but the data is written on both sides, unlike CD in which data is written on only one side.


Platter:  (just like CD- writable on both sides in HD).  contains multiple Tracks , Below image is one Platter (just like CD- writable on both sides in HD).

Track: There are multiple Tracks inside Platter.




What is Hard Disk Sector:

Sector is a part of Platter, One Sector = 512 bytes. refer above image.

File system blocks:

• Blocks is combination of multiple sectors.
• It is group of sectors.

What is File System:

It gives us below information:

• Name of File
• File Size
• Where it is stored in Hard Disk
• Each file is stored in unused sector of Track inside Platter inside Hard disk.

Pendrive also called as USB or USB Flash Stick or USB Flash drive.



File System is a Table where information is stored.
Types of File System:

1) FAT (File Allocation Table):

FAT12 was used for old floppy disks. FAT16 (or simply FAT) and FAT32 are widely used for flash memory cards and USB flash sticks. It is supported by mobile phones, digital cameras and other portable devices.

FAT or FAT32 is a file system, used on Windows-compatible external storages or disk partitions with size below 2GB (for FAT) or 32GB (for FAT32). Windows can not create FAT32 file system over 32GB (however Linux supports FAT32 up to 2TB).

 2) NTFS (New Technology File System):
NTFS was introduced in Windows NT and at present is major file system for Windows.

3) ReFS (Resilient File System):
ReFS is the latest development of Microsoft presently available for Windows 8 Servers.   
it is Copy-on-Write (CoW): no metadata is modified without being copied; no data is written over the existing ones and rather into a new disk space. With any file modifications a new copy of metadata is created into any free storage space, and then the system creates a link from older metadata to the newer ones. As a result a system stores significant quantity of older backups in different places which provides for easy file recovery unless this storage space is overwritten.


4)
MacOS file systems

Apple Mac OS operating system applies HFS+ file system, an extension to their own HFS file system that was used on old Macintosh computers.


Linux file systems


Open-source Linux OS always aimed to implement, test and use different concepts of file systems. Among huge amount of various file system types the most popular Linux file systems nowadays are:

• Ext2, Ext3, Ext4 - 'native' Linux file system. This file system falls under active developments and improvements. Ext3 file system is just an extension to Ext2 that uses transactional file write operations with journal. Ext4 is a further development of Ext3, extended with support of optimized file allocation information (extents) and extended file attributes. This file system is frequently used as 'root' file system for most Linux installations.
  
• ReiserFS - alternative Linux file system designed to store huge amount of small files. It has good capability of files search and enables compact files allocation by storing file tails or small files along with metadata in order not to use large file system blocks for this purpose.
  
• XFS - file system derived from SGI company that initially used it for their IRIX servers. Now XFS specifications are implemented in Linux. XFS file system has great performance and is widely used to store files.
  
• JFS - file system developed by IBM for their powerful computing systems. JFS one usually stands for JFS, JFS2 is the second edition. Currently this file system is open-source and is implemented in most modern Linux distributions.
   

BSD, Solaris, Unix file systems

The most common file system for these OS is UFS (Unix File System) also often referred to FFS (Fast File System – fast compared to a previous file system used for Unix). UFS is a source of ideas for many other file system implementations.



==============================================

RAID:


Redundant Array of Independent Disk

CD ROM:
"Compact Disc Read-Only Memory". Computers can read CD-ROMs, but cannot write to CD-ROMs which are not writable or erasable.


optical compact disc which contains data.























L























ROM:
ROM stands for read-only memory. It's used to store the start-up instructions for a computer, also known as the firmware. Most modern computers use flash-based ROM. It is part of the BIOS chip, which is located on the motherboard.

 

l



The BIOS Is What The Computer Runs When It's First Booted And Is Responsable For Initializing A Computer Once That's Done it Hands off The Boot Sequence To The Hard Drive Where The OS (Windows) Is Located.