Resistance Anonymous quick start guide to hacking.

Greetings Anons, my name is Daniel and I am a computer systems engineer with expertise In both hardware and software. This guide is to give you a very basic overview of how hackers work and the basic exploits they do. If you are interested please PM me on Facebook and ask me for links to getting started. So lets take a look at the common vulnerabilities:

As you can see the common one's are SQLi (SQL Injection) and XSS (Cross-Site Scripting) followed by malicious file execution as part of the unknown category. So lets get started...

XSS
For the purpose of this demonstration we are going to use an XSS training website, this is a specially designed site that you can test out exploits. http://testasp.vulnweb.com/search.asp. Ok, so lets start. In this case we are going to test if the site vulnerable. For this we simply inject a little Javascript, in the search box type in the following: <script>alert('this site is vulnerable');</script>

Ok, so what happened? Well we injected code into the website and made the webpage process that code. It outputted as a Javascript alert box. Now we know we can inject code into the site lets get more technical. Lets input a HTML form that we can POST variables into the site. Enter the following into the search box: <br><br>Anonymous login:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><input type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form>

well here we simply inject a form in html that the webpage then displays. From here we can post variables to the underlying php code and even access, update or remove entries from the database as well as the server files. And there you have it, simple XSS in 5 minutes! You should also note that the URL uses a default $_GET function to also display variables. The URL can be manipulated in much of the same way. Now at this point I am expecting you to have a little knowledge of coding. When php gets variables from html it does so by identifying the <input name> <?php $MyPass = $_GET['password']; $MyName = $_GET['login']; echo(Hello $MyName); ?>

So now we have the ability to manipulate php and SQL. So in this case I managed to do a defacement on this page by updating the database. Everyone that loads this page up will now view my image by using the <img src=> tag and I have managed to spread the #AntiSec movement further.

There are many arguments that can be passed in XSS and this is it at its most simplest form. The more advanced XSS techniques rely on running pre-written scripts from a server owned by you. Even sometimes telling the code to download files or directories from the root server. There is theoretically no limit to what XSS can do if you can pull it off properly.

SQL Injection
SQL Injection is a form of attack on websites that uses the power of SQL. SQL Is a database language that has the power to store and retrieve data very much like an excel spreadsheet. With SQLi we can pass many arguments into the code. So lets get started, this is the php code that normally runs a webpage:
<?php // DB connection here: $Host = 'localhost' ; $User = 'Romekiller' ; $Pass = 'Alric' ; $DB = 'Resistance_Anonymous' ; mysql_connect($Host, $User, $Pass); mysql_select_db($DB); // Start of php code: $Name = $_POST['login'] ; $sql = "SELECT * FROM members WHERE FirstName=$Name"; print(<table border='1'> <tr><td>Name</td><td>Email</td><td>Password [MD5]</td></tr>); while ($row = mysql_fetch_array($sql)) { echo(<tr><td>$row['FirstName'] . "</td><td> . $row['EMAIL_ADDRESS'] . </td><td> . $row[Password'] . </td></tr>; } Print(</table>); ?>

The webpage will look something like this:

The code has been told to select all entries in the database where the firstname is equal to the name in the input field (in this case Peter) and display them in a table. So how do we exploit this? Well the answer lies in these statements:
$Name = $_POST['login'] ; $sql = "SELECT * FROM members WHERE FirstName=$Name";

The $Name variable is the value of whatever name is input into the textbox. For our test we input the name peter. But for an sql injection to work we need to populate this field with code. So lets get started... As the variable in the original was called Peter then this is how the code looks like in plain text.
$sql = "SELECT * FROM members WHERE FirstName=Peter";

If we were to input this as a username: or '1'='1 then the code (in plaintext) will look like this:
$sql = "SELECT * FROM members WHERE FirstName= ' or '1'='1";

As it reads now the code now selects the values from the database from where 1 is equal to 1. Because 1 is always equal to 1 then it will select everything from the database and output it. For further info please visit http://pastebin.com/uBhCjT4X

This has been your guide on XSS and SQLi in 5 minutes. Join me next time when I give you a brief introduction to Brute Force hacking, FTP hacking and malicious file execution.

We are Anonymous We are Legion We do not forgive We do not forget Expect us...