Lab10 SQL Injection Attack Lab
Yukui Ye
SUID: 439644268
Task1: SQL Injection Attack on SELECT Statements
Setup: Turn off build-in SQL injection protection
Set magic_quotes_gpc value to ‘off’ in file /etc/php5/apache2/php.ini in order to turn it off.
Then restart it:
Task1.1: Log into another person’s account without knowing the password
Check the login part code to see how it login works.
Following is the PHP codes run at server side.
From the above code, we can tell how server send query to Database. But we can still guess to login without knowing the user’s passward by typing “bob’);-- “( space after the comment’--’ )
By doing above thing, we successfully log into user’s account.
Task1.2: Find a way to modify the database.
…show more content…
Step2: Now, we are trying to modify the password of bob. Login as alice and modify the profile. Change name to bob. ATTENTION: The password we are going to write in the company field should be hashed. By searching for the internet, I found that string” 123456” is “7c4a8d09ca3762af61e59520943dc26494f8941b”
In the company field, type like this :
SU’,pass=’7c4a8d09ca3762af61e59520943dc26494f8941b’ where ID=3 --
Now login bob with our password 123456
We can successfully login and changed the bob’s profile.
Task3: Countermeasures
I add debug output information in login function at PHP file in order to what will happen with following countermeasures.
Task3.1: Escaping Special Characters using magic_quotes_gpc
Set magic_quotes_gpc to on, and restart server.
when you press “comment a” on the keyboard, it immediately show code on the top of the window.
We could see there is blackslash before single quote that we input in user name field. This setting escape the quote automatically, therefore even if we use’--’to comment the statement, we cannot match the quote. Thus, we cannot login.
Task3.2: Escaping Special Characters using mysql real escape string
Set magic_quotes_gpc to Off.
Uncomment mysql_real_escape_string in PHP file for login section.
Do the same task in Task1, but we cannot login successfully, The code shows on the top of the window is the same as the previous task, there is blackslash before
All user-chosen passwords should be complex in nature (e.g., containing mixed case and two non-alphabetic characters. Non-alphabetic characters include numbers (0-9) and punctuation. The use of control characters and other non-printing characters is discouraged because they may inadvertently cause network transmission problems.
Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why?
Pass-the-Hash – to steal and reuse password hash values, which can be used directly as an authenticator to access services on behalf of the user through single sign-on (SSO) authentication
Heart-Healthy password policy guideline is a recommendation for creating a new user password. This policy is a guideline to help end users in:
shown in Table 2. It indicates that all the default alphabet password which is "jackson" can be
In-game username: My IGN is currently PwnHub but in two days it will become my original which is {PwnZwn123}
Notice that the commands that you entered to establish passwords for the various modes of access are now password protected and that you can read the passwords. (1 point)
Use keys received in step2 to login as authenticated user. 4. If authentication is
Your username would be your email address that I am replying to, and if you ever log into our website it would be the same password that you have used in the past. If you have forgotten your password you can reset it online on the log in page , or call me at my direct line listed in the signature below. Please feel free to reach out if you have any questions or concerns.
The User ID and Password will be provided to the user once the user completes the
In preparation of the approval of Mr. K. Grooms’ request, the Web Developer sent a reminder what his login ID is and reset his password. The new password was securely sent to him.
Thank you for writing. After looking over your account, you have an online account already created. The username is "bigwillokc", please let us know if you need assistance resetting the password.
Can you pick out the password from the packets in Wireshark? Record your observations. These observations will help you with your lab report. After inserting the password and userid it can clearly be seen on the last line of the detail area.
Two-factor authentication (2FA) essentially adds another level of authentication for your log-ins. Instead of using only your username and password, you need
The Merriam-Webster’s Dictionary defines cyber security measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Most people think that hackers are just people that want to mess up your computer, but real hackers break into systems because they want to see what they can do, then they might leave a message on the victims computer, but that’s it. So, the computer security people protect from those other hackers that want to mess up peoples computers. The means we take can as individual to protect ourselves in the cyber world is be anyomous on websites, don’t post your personal information ,have virus protection install on your computer, get spy