Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking (http://www.go4expert.com/forums/ethical-hacking-forum/)
-   -   SQL Injection (http://www.go4expert.com/forums/sql-injection-t13793/)

gsingh2011 13Sep2008 06:46

SQL Injection
 
Hey, I'm new here, and I have to say I'm a computer/programming nerd. Even hacking, I barely know anything, and I consider everything ethical for me because I would never do anything wrong, I simply love the knowledge and want to know how to do things. However, I understand why so many people can't trust you when you say that... Anyway, there have been a few hacking questions that have been bugging me for a while.

Why does SQL injection only work for some sites (and even then not many) ? It must be some change in the code, but what? Is there any way to open the file that checks the password to see if SQL injection will work?

Can sites track brute force password crackers? What are packet sniffers? Can they be tracked?

Why do people recommend Linux or Unix for hacking?

Thanks!

gsingh2011 13Sep2008 06:47

Re: SQL Injection
 
btw, sorry for the double post, it was an accident.

SpOonWiZaRd 25Sep2008 13:08

Re: SQL Injection
 
SQL injection work for sites that use a SQL Database engine to retrieve login information and such by using stored procedures, you can get the table names and such by using injections and retrieving errors, you can then inject the right SQL command to get the target to use the specified database table. Yes sites can track Bruteforce password breakers (That is why Brutus has the option to use a proxy server), a packet sniffer is a tool that capture packets between a router and another computer or another computer and another computer from your computer, the main reason to sniff packets wireless is to get the password, the main reason to sniff between computers is to engage a man in the middle attack by sniffing with APR (Cain and Able is a good tool to use for that), sniffers can not be tracked, reason is that you never made any contact with any of the remote computers you are monitoring, all you are doing is capturing data as is flows on the network. Then linux is the best for hacking because tools like Ophcrack, Aircrack-ng, Nessus, pdf-crack, and a few other much needed hacking tools work best on linux, e.g: Aircrack-ng for linux can inject packets into wireless network by using Aireplay-ng and its all free. Linux can have 10 IP addresses on one network interface, it can be a router, it can be dns server by one simple command, it is very good with NAT. Put webmin on and you can control the linux box from anywhere the same way you do with a linksys router (for example), and it is all free. If you have tools that only work on windows and you need them then get wine windows emulator for linux by using this command you have it:

apt-get install wine

and in seconds you will be able to run windows apps in linux.
Most people still prefer windows but I use them both so that I can do basically anything.

XXxxImmortalxxXX 25Sep2008 20:46

Re: SQL Injection
 
sql injection is really easy to learn i reccomend going to http://www.milw0rm.com for the latest sql injection exploits i also posted a tutorial on how to sql on this site as well as

i also wrote this on how to use milw0rm.com some arabic guy stole my tutorial i posted on this site and didnt give me any credit for my work unfortanaty i dont know arabic language if any of u guys do can u make me a account on that site and tell me what it is because i want to say some stuff to that guy

www.is-sw.net/vb/showthread.php?t=5617

mayjune 6Jul2009 03:31

Re: SQL Injection
 
hey immortal
i was able to create an account in that arabic site, i have pm you the username and password i created for it
ps - i would recommend you download babel fish translator before you go, thanks to this and i was able to understand and create the account....
https://addons.mozilla.org/en-US/firefox/addon/7004
chears :)
and thanks for your sql injection thread


All times are GMT +5.5. The time now is 03:32.