![Consider php backend for login validation check as show below:
<?php
session_start();
include 'db.inc.php';
mysql_select_db("user",$con) or die(mysql_error($con));
if(isset($_POST['submit']))
{
if(!isset($_SESSION['logged']) || $_SESSION['logged'] != 1)
{
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$query="SELECT * FROM site_user WHERE
user_name='".$_POST['username']."' AND password='".$_POST['password']."'";
$result=mysql_query($query,$con) or die("<center><br><br><b>USER NOT
FOUND</b><br><br>".mysql_error()."</center>");
if(!$row = mysql_fetch_assoc($result)) { echo"<script>alert('Wrong User
Credentials ... Please Retry....');</script>";}
else {echo "<script>alert(' Hii there ... You are logged in Sussessfully');
</script>";}
}
}
}
?>
10](https://image.slidesharecdn.com/myppt-140930224657-phpapp02/85/Website-Hacking-and-Preventive-Measures-10-320.jpg)
Website Hacking and Preventive Measures
- 1. Presented By: Shubham S. Takode B.TECH- TY CSE 2012BCS518 Department of Computer Science and Engineering , Shri Guru Gobind Singhji Institute of Engineering and Technology, Vishnupuri, Nanded. 1
- 2. What is Hacking? Website Hacking ? Typical communication over Internet. Types of Attacks. Step By Step : SQL Injection Attacks. Session Hijacking Attacks: • Wireshark. Hacking Facebook Account with Wireshark. RFI and LFI Attacks. XSS Attacks. DDOS Attack. Purpose of Hacking. Preventive Measures. Conclusion 2
- 3. Hacking refers to an array of activities which are done to intrude some one else’s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. Becoming a hacker will take intelligence, practice, dedication, and hard work. 3
- 4. • Unauthorized access to the Resources on Web Server. ( RFI, LFI, Admin account password hacking ) • Changing the contents on Webpage . (XSS Attacks) • Hacking User Accounts on typical Website. • Sniffing data packets over network. (Session Hijacking and Packet Sniffing) 4
- 5. Client INTERNET Web Server DNS Server DHCP Server Local DNS Server http://www.google.com/ ISP 127. 120.120.110 5
- 6. • SQL Injection • Session Hijacking or Packet Sniffing. • RFI ( Remote File Inclusion ) , LFI ( Local File Inclusion ). • XSS Attacks. • DDOS ( Distributed Denial of Service ) Attack. 6
- 7. • All about SQL Queries and vulnerable URL. • Aim is to find the name and structure of your database and then step by step extract data from Database. •For this hackers uses various sql commands, string parsing functions and try to make query result true. • Extracted data could be anything stored in your db. • Username , Passwords • Emails • Credit Card Information , Personal Information 7
- 8. • Consider you wants to build a login page for your website as shown here 8
- 9. • Consider database table as show below: userid user_name Password 1 shubham shubham 2 anand anand Table : site_user 9
- 10. Consider php backend for login validation check as show below: <?php session_start(); include 'db.inc.php'; mysql_select_db("user",$con) or die(mysql_error($con)); if(isset($_POST['submit'])) { if(!isset($_SESSION['logged']) || $_SESSION['logged'] != 1) { if(!empty($_POST['username']) && !empty($_POST['password'])) { $query="SELECT * FROM site_user WHERE user_name='".$_POST['username']."' AND password='".$_POST['password']."'"; $result=mysql_query($query,$con) or die("<center><br><br><b>USER NOT FOUND</b><br><br>".mysql_error()."</center>"); if(!$row = mysql_fetch_assoc($result)) { echo"<script>alert('Wrong User Credentials ... Please Retry....');</script>";} else {echo "<script>alert(' Hii there ... You are logged in Sussessfully'); </script>";} } } } ?> 10
- 11. • The login page we have just designed is vulnerable to sql injection attack. • If user enters correct username and password on login page then page will show alert message as “Hi there… You have logged in successfully ”. •If user enters wrong username and password then page will show alert message as “Wrong User Credentials … Please Retry”. •Now if user enters username as any string and password as “ ' or '1'= '1 ” then the page is showing “Hi there… You have logged in successfully ” . 11
- 12. • This is the SQL Injection . Evens if the logic we have written at backend is correct , the output we are getting is not valid. • Why this happens ? Next.. 12
- 13. • It’s happening because of the input in the password field making the sql query to be a true (valid) and that why it is executing and returning the a valid result. • Actual Query (when we enter valid or wrong input in login form): SELECT * FROM site_user WHERE user_name=‘shubham' AND password=‘shubham’; • Query with input ‘ or ‘1’ = ‘1 : SELECT * FROM site_user WHERE user_name=‘anything' AND password=‘’ or ‘1’=‘1’ ; 13
- 14. • As per our login page backend login “Things are getting valid /true line by line” because the query is returning valid output. • 14
- 15. • Aim is to capture the packets / data / cookie / session by using packet sniffing tools such as WireShark. • Hackers takes advantage of stateless nature of HTTP. • They capture the packets flowing across network, extracts data from packets and inject required data such as cookies and browser state in their own browser and due to this Web Servers unable to differentiate between hacker and actual user. 15
- 16. • Hacker requires packet sniffing tools such as WireShark • Hacker need to connect to the local network in which the user is also connected. 16
- 17. • Consider any websites such as Facebook , Gmail, Yahoo Mail which uses cookies for tracking user (As HTTP is stateless Web Servers needs to track users for indentification). • To be specific we will consider Facebook. • Suppose you logged in successfully on your facebook account using some wifi access point. • When you logs in on your facebook account, the Facebook Servers sets cookies with names “ datr” and “cuser” which are used to indentify you and track your sessions on server. 17
- 18. • With each request (GET/POST) this cookies are sent in headers of request back to facebook server and facebooks server matches those values of cookies with the one that on the server and if match found then your request is served otherwise not. • So if anyone able to access this cookies then he/she can easily logged in to your account. • When we are accessing internet through any local networks such as Wifi Hotspots or Cyber Cafes then this network uses broadcast mechanism for moving data across any node in the network. 18
- 19. • In broadcast network mechanism data packet moves across the whole network that is even if the packet is not for your PC (Node) still it comes to your PC and you can even capture it. • This flowing packets contains data such as PROTOCOL HEADERS , COOKIES . • The packets flows underneath of domain. • Softwares such as Wireshark are able to capture such flowing packet and Hacker uses such softwares for sniffing your cookies. • Once hacker gets your cookie he/she just need to inject those cookies in the browser and once page is refreshed hacker gets logged in to your account. 19
- 20. 20
- 21. 21
- 22. 22
- 23. • Both are old method. • Aim is to upload .php , .asp , .sh script on server and execute those script. • RFI Consider url http://downloadlabss.com/p?u=http://www.pragyaa.org/q/1.txt It means resource on one server is accessible/executable on other server • LFI • Vulnerable Upload Servers 23
- 24. • A Play with JavaScript and vulnerable backend logic. • Example: A Comment Box Hack. 24
- 25. •Worlds most powerful attack technique. • DDOS stands for Distributed Denial of Service Attack • More than one Users (PCs) are involved. • Whole server may crash down. • Idea is to take control of hundreds of PCs on Internet and send bulk request to target server. 25
- 26. • Sometimes uses Exponential Approach Hacker’s Server Network Server 1 Network Server m Network with X1 PCs Network with X2 PCs Target Server Bulk Requests 26
- 27. • To stole information and sale it. • Spying by different Government Agencies for sake of international or national politics . • Getting access to money resources .. Bank accounts , share markets and commodity markets accounts. • To become world famous. • Just for the fun. 27
- 28. • For SQL Injection : • Use mysql_string_parse( ) function. • Avoid use of urls from which backend logic accesses data directly. • Parse or validate input data in well manner. • Use POST method for sending data. • Use latest version of PHP and MY_SQL. • For Session Hijacking : • Use SSL / HTTPS connection which encrypts data flowing across network • Avoid use of cookie , use session instead to track user • Encrypt cookies 28
- 29. • For RFI and LFI Attacks : • Use proxy servers instead of using PROXY SERVER SOFTWARE (As a Web App). • Develop a mechanism to parse the contents received from other servers. • Improve business logic. • For XSS Attacks : •Well parse the user inputs . • For DDOS Attacks: • Use firewalls and antivirus programs. • Avoid giving major permission to websites. •Block IPs on server which send bulk request. 29
- 30. Developers thinks that once web application is developed then work is finished but this is not true for web apps. In case of web apps maintenance is much more important and things are need to be well updated, if not so then single hole of vulnerability may crash down your whole web app and servers. Be careful !!!! 30
- 31. 31
- 32. 32