SQL Injection

Discussion in 'Ethical hacking' started by gsingh2011, Sep 13, 2008.

  1. gsingh2011

    gsingh2011 New Member

    Joined:
    Sep 13, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    Hey, I'm new here, and I have to say I'm a computer/programming nerd. Even hacking, I barely know anything, and I consider everything ethical for me because I would never do anything wrong, I simply love the knowledge and want to know how to do things. However, I understand why so many people can't trust you when you say that... Anyway, there have been a few hacking questions that have been bugging me for a while.

    Why does SQL injection only work for some sites (and even then not many) ? It must be some change in the code, but what? Is there any way to open the file that checks the password to see if SQL injection will work?

    Can sites track brute force password crackers? What are packet sniffers? Can they be tracked?

    Why do people recommend Linux or Unix for hacking?

    Thanks!
     
  2. gsingh2011

    gsingh2011 New Member

    Joined:
    Sep 13, 2008
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    btw, sorry for the double post, it was an accident.
     
  3. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    746
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    SQL injection work for sites that use a SQL Database engine to retrieve login information and such by using stored procedures, you can get the table names and such by using injections and retrieving errors, you can then inject the right SQL command to get the target to use the specified database table. Yes sites can track Bruteforce password breakers (That is why Brutus has the option to use a proxy server), a packet sniffer is a tool that capture packets between a router and another computer or another computer and another computer from your computer, the main reason to sniff packets wireless is to get the password, the main reason to sniff between computers is to engage a man in the middle attack by sniffing with APR (Cain and Able is a good tool to use for that), sniffers can not be tracked, reason is that you never made any contact with any of the remote computers you are monitoring, all you are doing is capturing data as is flows on the network. Then linux is the best for hacking because tools like Ophcrack, Aircrack-ng, Nessus, pdf-crack, and a few other much needed hacking tools work best on linux, e.g: Aircrack-ng for linux can inject packets into wireless network by using Aireplay-ng and its all free. Linux can have 10 IP addresses on one network interface, it can be a router, it can be dns server by one simple command, it is very good with NAT. Put webmin on and you can control the linux box from anywhere the same way you do with a linksys router (for example), and it is all free. If you have tools that only work on windows and you need them then get wine windows emulator for linux by using this command you have it:

    apt-get install wine

    and in seconds you will be able to run windows apps in linux.
    Most people still prefer windows but I use them both so that I can do basically anything.
     
  4. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    sql injection is really easy to learn i reccomend going to http://www.milw0rm.com for the latest sql injection exploits i also posted a tutorial on how to sql on this site as well as

    i also wrote this on how to use milw0rm.com some arabic guy stole my tutorial i posted on this site and didnt give me any credit for my work unfortanaty i dont know arabic language if any of u guys do can u make me a account on that site and tell me what it is because i want to say some stuff to that guy

    www.is-sw.net/vb/showthread.php?t=5617
     
  5. mayjune

    mayjune New Member

    Joined:
    Jun 14, 2009
    Messages:
    814
    Likes Received:
    33
    Trophy Points:
    0
    Occupation:
    Student
    Location:
    Pune,Delhi
    hey immortal
    i was able to create an account in that arabic site, i have pm you the username and password i created for it
    ps - i would recommend you download babel fish translator before you go, thanks to this and i was able to understand and create the account....
    https://addons.mozilla.org/en-US/firefox/addon/7004
    chears :)
    and thanks for your sql injection thread
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice