Friday, March 31, 2017

SQLMAP PART TWO -----
IT IS SQLMAP PART 2 . IN THIS PART I WILL PRESENT THE FEATURE AND THE OPTIONS AND HOW TO USE THE TOOLS ,AVAILABLE ON SQLMAP.
SQL injection is a code injection technique, used to attack data driven applications. There are so many option . Here it is-
-h, --help Show basic help message and exit
-hh Show advanced help message and exit
--version Show program's version number and exit
-v VERBOSE Verbosity level: 0-6 (default 1)
Target:
At least one of these options has to be provided to define the
target(s)
-d DIRECT Connection string for direct database connection
-u URL, --url=URL Target URL (e.g. "http://www.anyvulanarablesite.com/vuln.php?id=1")
-l LOGFILE Parse target(s) from Burp or WebScarab proxy log file
-x SITEMAPURL Parse target(s) from remote sitemap(.xml) file
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target URLs
-c CONFIGFILE Load options from a configuration INI file
Request:
These options can be used to specify how to connect to the target URL
--method=METHOD Force usage of given HTTP method (e.g. PUT)
--data=DATA Data string to be sent through POST
--param-del=PARA.. Character used for splitting parameter values
--cookie=COOKIE HTTP Cookie header value
--cookie-del=COO.. Character used for splitting cookie values
--load-cookies=L.. File containing cookies in Netscape/wget format
--drop-set-cookie Ignore Set-Cookie header from response
--user-agent=AGENT HTTP User-Agent header value
--random-agent Use randomly selected HTTP User-Agent header value
--host=HOST HTTP Host header value
--referer=REFERER HTTP Referer header value
-H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
--headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123")
--auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI)
--auth-cred=AUTH.. HTTP authentication credentials (name:password)
--auth-file=AUTH.. HTTP authentication PEM cert/private key file
--ignore-401 Ignore HTTP Error 401 (Unauthorized)
--proxy=PROXY Use a proxy to connect to the target URL
--proxy-cred=PRO.. Proxy authentication credentials (name:password)
--proxy-file=PRO.. Load proxy list from a file
--ignore-proxy Ignore system default proxy settings
--tor Use Tor anonymity network
--tor-port=TORPORT Set Tor proxy port other than default
--tor-type=TORTYPE Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))
--check-tor Check to see if Tor is used properly
--delay=DELAY Delay in seconds between each HTTP request
--timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
--retries=RETRIES Retries when the connection timeouts (default 3)
--randomize=RPARAM Randomly change value for given parameter(s)
--safe-url=SAFEURL URL address to visit frequently during testing
--safe-post=SAFE.. POST data to send to a safe URL
--safe-req=SAFER.. Load safe HTTP request from a file
--safe-freq=SAFE.. Test requests between two visits to a given safe URL
--skip-urlencode Skip URL encoding of payload data
--csrf-token=CSR.. Parameter used to hold anti-CSRF token
--csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
--force-ssl Force usage of SSL/HTTPS
--hpp Use HTTP parameter pollution method
--eval=EVALCODE Evaluate provided Python code before the request (e.g.
"import hashlib;id2=hashlib.md5(id).hexdigest()")
Optimization:
These options can be used to optimize the performance of sqlmap
-o Turn on all optimization switches
--predict-output Predict common queries output
--keep-alive Use persistent HTTP(s) connections
--null-connection Retrieve page length without actual HTTP response body
--threads=THREADS Max number of concurrent HTTP(s) requests (default 1)
Injection:
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s)
--skip=SKIP Skip testing for given parameter(s)
--skip-static Skip testing parameters that not appear dynamic
--dbms=DBMS Force back-end DBMS to this value
--dbms-cred=DBMS.. DBMS authentication credentials (user:password)
--os=OS Force back-end DBMS operating system to this value
--invalid-bignum Use big numbers for invalidating values
--invalid-logical Use logical operations for invalidating values
--invalid-string Use random strings for invalidating values
--no-cast Turn off payload casting mechanism
--no-escape Turn off string escaping mechanism
--prefix=PREFIX Injection payload prefix string
--suffix=SUFFIX Injection payload suffix string
--tamper=TAMPER Use given script(s) for tampering injection data
Detection:
These options can be used to customize the detection phase
--level=LEVEL Level of tests to perform (1-5, default 1)
--risk=RISK Risk of tests to perform (1-3, default 1)
--string=STRING String to match when query is evaluated to True
--not-string=NOT.. String to match when query is evaluated to False
--regexp=REGEXP Regexp to match when query is evaluated to True
--code=CODE HTTP code to match when query is evaluated to True
--text-only Compare pages based only on the textual content
--titles Compare pages based only on their titles
Techniques:
These options can be used to tweak testing of specific SQL injection
techniques
--technique=TECH SQL injection techniques to use (default "BEUSTQ")
--time-sec=TIMESEC Seconds to delay the DBMS response (default 5)
--union-cols=UCOLS Range of columns to test for UNION query SQL injection
--union-char=UCHAR Character to use for bruteforcing number of columns
--union-from=UFROM Table to use in FROM part of UNION query SQL injection
--dns-domain=DNS.. Domain name used for DNS exfiltration attack
--second-order=S.. Resulting page URL searched for second-order response
Fingerprint:
-f, --fingerprint Perform an extensive DBMS version fingerprint
Enumeration:
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables. Moreover you can run your own SQL statements
-a, --all Retrieve everything
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--hostname Retrieve DBMS server hostname
--is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes
--privileges Enumerate DBMS users privileges
--roles Enumerate DBMS users roles
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--count Retrieve number of entries for table(s)
--dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries
--search Search column(s), table(s) and/or database name(s)
--comments Retrieve DBMS comments
-D DB DBMS database to enumerate
-T TBL DBMS database table(s) to enumerate
-C COL DBMS database table column(s) to enumerate
-X EXCLUDECOL DBMS database table column(s) to not enumerate
-U USER DBMS user to enumerate
--exclude-sysdbs Exclude DBMS system databases when enumerating tables
--pivot-column=P.. Pivot column name
--where=DUMPWHERE Use WHERE condition while table dumping
--start=LIMITSTART First query output entry to retrieve
--stop=LIMITSTOP Last query output entry to retrieve
--first=FIRSTCHAR First query output word character to retrieve
--last=LASTCHAR Last query output word character to retrieve
--sql-query=QUERY SQL statement to be executed
--sql-shell Prompt for an interactive SQL shell
--sql-file=SQLFILE Execute SQL statements from given file(s)
Brute force:
These options can be used to run brute force checks
--common-tables Check existence of common tables
--common-columns Check existence of common columns
User-defined function injection:
These options can be used to create custom user-defined functions
--udf-inject Inject custom user-defined functions
--shared-lib=SHLIB Local path of the shared library
File system access:
These options can be used to access the back-end database management
system underlying file system
--file-read=RFILE Read a file from the back-end DBMS file system
--file-write=WFILE Write a local file on the back-end DBMS file system
--file-dest=DFILE Back-end DBMS absolute filepath to write to
Operating system access:
These options can be used to access the back-end database management
system underlying operating system
--os-cmd=OSCMD Execute an operating system command
--os-shell Prompt for an interactive operating system shell
--os-pwn Prompt for an OOB shell, Meterpreter or VNC
--os-smbrelay One click prompt for an OOB shell, Meterpreter or VNC
--os-bof Stored procedure buffer overflow exploitation
--priv-esc Database process user privilege escalation
--msf-path=MSFPATH Local path where Metasploit Framework is installed
--tmp-path=TMPPATH Remote absolute path of temporary files directory
Windows registry access:
These options can be used to access the back-end database management
system Windows registry
--reg-read Read a Windows registry key value
--reg-add Write a Windows registry key value data
--reg-del Delete a Windows registry key value
--reg-key=REGKEY Windows registry key
--reg-value=REGVAL Windows registry key value
--reg-data=REGDATA Windows registry key value data
--reg-type=REGTYPE Windows registry key value type
General:
These options can be used to set some general working parameters
-s SESSIONFILE Load session from a stored (.sqlite) file
-t TRAFFICFILE Log all HTTP traffic into a textual file
--batch Never ask for user input, use the default behaviour
--binary-fields=.. Result fields having binary values (e.g. "digest")
--charset=CHARSET Force character encoding used for data retrieval
--crawl=CRAWLDEPTH Crawl the website starting from the target URL
--crawl-exclude=.. Regexp to exclude pages from crawling (e.g. "logout")
--csv-del=CSVDEL Delimiting character used in CSV output (default ",")
--dump-format=DU.. Format of dumped data (CSV (default), HTML or SQLITE)
--eta Display for each output the estimated time of arrival
--flush-session Flush session files for current target
--forms Parse and test forms on target URL
--fresh-queries Ignore query results stored in session file
--hex Use DBMS hex function(s) for data retrieval
--output-dir=OUT.. Custom output directory path
--parse-errors Parse and display DBMS error messages from responses
--save=SAVECONFIG Save options to a configuration INI file
--scope=SCOPE Regexp to filter targets from provided proxy log
--test-filter=TE.. Select tests by payloads and/or titles (e.g. ROW)
--test-skip=TEST.. Skip tests by payloads and/or titles (e.g. BENCHMARK)
--update Update sqlmap
Miscellaneous:
-z MNEMONICS Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
--alert=ALERT Run host OS command(s) when SQL injection is found
--answers=ANSWERS Set question answers (e.g. "quit=N,follow=N")
--beep Beep on question and/or when SQL injection is found
--cleanup Clean up the DBMS from sqlmap specific UDF and tables
--dependencies Check for missing (non-core) sqlmap dependencies
--disable-coloring Disable console output coloring
--gpage=GOOGLEPAGE Use Google dork results from specified page number
--identify-waf Make a thorough testing for a WAF/IPS/IDS protection
--mobile Imitate smartphone through HTTP User-Agent header
--offline Work in offline mode (only use session data)
--page-rank Display page rank (PR) for Google dork results
--purge-output Safely remove all content from output directory
--skip-waf Skip heuristic detection of WAF/IPS/IDS protection
--smart Conduct thorough tests only if positive heuristic(s)
--sqlmap-shell Prompt for an interactive sqlmap shell
--tmp-dir=TMPDIR Local directory for storing temporary files
--wizard Simple wizard interface for beginner users
Refer to the wiki for an exhaustive breakdown of the features.NEXT TIME I WILL COME WITH MORE .. THANKING YOU ...


Tuesday, March 28, 2017

SQLMAP PART ONE

SQLMAP PART ONE -----

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
Refer to the wiki for an exhaustive breakdown of the features.
IN NEXT PART WE WILL DISCUSES ABOUT ALL THE FEATURE ON SQLMAP...


Monday, March 20, 2017

MICROSOFT STARTED BLOCKING UPDATES FOR WINDOWS 7 / 8.1

If you're hoping to start running Windows 7 or 8.1 on a shiny new AMD Ryzen or latest intel i3 / i5 / i7 processor ,you might want to rethink those plans. 
Last week , Microsoft published KB 4012982, with the title "'Your PC uses a processor that isn’t supported on this version of Windows' error when you scan or download Windows updates", suggesting that the restriction was now being enforced.


If you have a Windows 7 or 8.1 machine on older hardware, you should be unaffected and continue to receive updates through each OS's support end date of January 14, 2020 and January 10, 2023, respectively. As for anyone trying to run the older OS versions on newer hardware, it looks like your only choice is to make the jump to Windows 10.
Users will get the following error message when they run the scan:
Unsupported Hardware
Your PC uses a processor that isn’t supported on this version of Windows and you won’t receive updates.
Microsoft notes that users may see other error messages when they use Windows Update, including:
Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Error(s) found:
Code 80240037 Windows Update encountered an unknown error.
That message, and another that cited error code 80240037, will be triggered when attempts to retrieve updates are made from Windows 7- or Windows 8.1-equipped devices powered by seventh-generation processors from Intel and AMD -- aka "Kaby Lake" and "Bristol Ridge," respectively -- or the next-generation Snapdragon 820 series mobile CPUs from Qualcomm.

The cause, according to Microsoft, is that "new processor generations require the latest Windows version for support". Microsoft mentions seventh generation Intel processors, AMD "Bristol Ridge" and Qualcomm "8996" processor families specifically on the support page.
SOLUTION - HOPE YOU CAN GUESS THE SOLUTION . YES ,you guessed it — is to upgrade to WINDOWS 10.
The company has a solution for users affected by the issue: upgrade to Windows 10:
We recommend that you upgrade Windows 8.1-based and Window 7-based computers to Windows 10..
Is there another option besides upgrading the operating system to Windows 10? Updates that are released for Windows 7 or Windows 8.1 are also made available on the Microsoft Update Catalog website.
I don't have access to one of the processors mentioned on the support page, but it is possible that manual installation of updates released for Windows 7 or 8.1 still works. While this means more work for the user, as it is necessary to monitor update releases to run searches on the Microsoft Update Catalog whenever they are released, it may be an option to keep on using the older version of Windows.
Microsoft does not mention this explicitly on the support page, but it does not deny it either.
Because of how this support policy is implemented, Windows 8.1 and Windows 7 devices that have a seventh generation or a later generation processor may no longer be able to scan or download updates through Windows Update or Microsoft Update.
Blocking Windows devices from using Windows Update is certainly an anti-consumer friendly move with the aim to get users to upgrade to Windows 10.

Sunday, March 19, 2017

WINDOWS OPERATING IS GETTING CHANGED ....
Windows 10 doesn’t behave like the Windows of yesteryear. Instead of a monolithic operating system replaced by a successor in a year or two, it’s more of a living, breathing entity—one that’s constantly changing with the release of massive new “named” updates. The most high-profile example was 2016’s Anniversary Update, which added features like the Bash Shell, a dark theme, Windows Ink, Xbox Play Anywhere, and a whole, whole lot more.
But that’s nothing compared to what you’ll find in this spring’s Windows 10 Creators Update. Let’s dig in to the goodies Microsoft has planned this time around, and don’t forget to sign up for the Windows Insider preview program if you want to get your hands on early-access test builds before the clamoring masses.
AT A GLANCE ON NEW UPCOMING UPDATES OF WINDOWS ---
1) Create amazing things with the Remix 3D and Paint 3D Previews.
2)Your new community for 3D. Browse thousands of models and get inspired.
3)A new world of mixed reality experience is waiting for you. With your Windows 10 PC and a compatible headset, you can enjoy familiar Windows apps, features and navigation, while discovering new apps, games and media perfect for AR, VR and everything in between..
4)The technology that powers mixed reality doesn’t have to be out of reach. Our partners – including HP, Lenovo, Dell, Acer and ASUS – will be introducing a range of VR headsets starting at $299 with innovative built-in sensor technology for more flexibility and easy, marker-free set-up. Watch for yours, coming in 2017.
5)Xbox Live and Windows 10 take you to the next level of epic with 4K gaming, built-in Beam broadcasting, and people-generated Arena tournaments.
6)The updated Photos app: Now in dark or light..hotos also now has a horizontal navigation bar, making it easier than ever to view your memories in different ways: your whole collection chronologically, or by Albums or Folders. We’ve also taken the time to add subtle animations throughout the experience to make your memories come alive.
7)Draw on your memories - We each use photos and videos to capture some of the most important moments in our lives. But sometimes, there is more to the story than what our pictures and videos can convey on their own, or you’d just like to personalize a message. Now you can use your stylus (or your finger if you have a touch screen device, or your mouse!) to draw on your memories directly.
8)Editing made simple - The photo editor now has a new, easy-to-use interface. The commands have been rearranged to emphasize the most common user needs, such as easy cropping and adjusting. All the other capabilities are still there under Enhance and Adjust. We’ve added a whole new set of filters too. Get creative with filters such as Zeke or Denim, then check out the other adjustable enhancements you can make to your photos, like tweaking the lighting or warmth.
9)Photos now on Xbox - As a Universal Windows application, Microsoft Photos is showing up throughout the Windows ecosystem. We’re also releasing Photos for the Xbox, which allows you to browse media you have stored on OneDrive for access on all your devices. Use your controller to navigate your memories just as you would expect with our Xbox optimized user interface.
FROM WINDOWS COMMUNITY--
We fixed an issue resulting in some unexpected visual distortion when watching certain mp4 videos in Movies and TV on recent flights.
We fixed an issue resulting in OOBE crashing when you tapped the birthday date field when creating a new account and email address.
We fixed a recent issue resulting in certain VPN connections being unexpecting missing from Network Connections.
We fixed an issue where in recent flights, some Direct3D 9 games might periodically fail to launch. To work around this, it was necessary that your default display resolution be the recommended setting for your system. You can now return your display configuration to your preferred settings.
AS A PART OF WINDOWS INSIDER PROGRAM AND WINDOWS DEVELOPER PROGRAM ; WE WILL TRY TO IMPROVE YOUR EXPERIENCE WITH WINDOWS ...THIS FEATURE ARE AVAILABLE FOR DEVELOPER ONLY AND WILL BE COMING SOON ....