Antisec and Anonymous are the hacker groups that involve in hacktivism activities and they are playing with law enforcement agencies from a long time. Previously they have released different dumps that are related with the high profile companies and organization including government agencies and military information. Anonymous claim Syrian MOD web site defacement before.
This time they have released another dump 7.4 GB of US law enforcement web sites on Bittorrent that contains email, personal details, training videos and other data from around 70 law enforcement agencies in the US. The data has been stolen from 76 websites of 11 states and they are hosting on the same server that is compromised.
These hackers use their own exploits for the vulnerabilities which allow them to root the server of law enforcement web sites. Brooks-Jeffrey Marketing (BJM) is a server hosting company that closed the sites down while it took action. That action appears to have been to install a new server and move the web hosting software with, said Anonymous, its backdoors, over to the new server. "In less than an hour, we rooted the new server and defaced all 70+ domains" said an Antisec statement.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
Posted: 09 Aug 2011 03:02 AM PDT
SQL injection is the biggest threat for web applications, there are so many hackers group on the Internet involve on website defacement. The main bugs on application is SQL error based so that an intruder use some sort of tools and even manual techniques to get the administrator information from database.
Securing a database is not a big problem but first of all the need is to find out the SQL vulnerability that can be inject and exploit by a hacker, find SQL injection vulnerability on your web application by doing a small penetration testing. There are different tools can used to find the vulnerability for both Windows and Linux operating system. Some of the best tools and SQL-injection tutorial as follows:
Beside these wonderful tools there is Havij also.
Introduction to SQL Injection Using Havij
Havij is an advanced and automatic SQL injection tool that provides a variety of features for exploiting the SQL vulnerability. It helps penetration tester to exploit SQL vulnerability so that the web administrator fix them soon.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Havij can run on windows based operating system however if you are using Linux than you can use Wine to get havij, there are two version available first one is free havij and the other is commercial also called Havij pro. Below is the list of some supportive database, however the list is not completed there are more features are available.
| MsSQL 2000/2005 with error |
| MsSQL 2000/2005 no error union based |
| MsSQL Blind |
| MySQL time based |
| MySQL union based |
| MySQL Blind |
| MySQL error based |
Download Havij
Havij is a wonderful tool that will really help you to measure the security of your web applications, havij tutorial is normally not needed because it is easy to use, more user friendly than other SQL injection tool. If you have any question regarding the usage than ask.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
No comments:
Post a Comment