Skip to content

Latest commit

 

History

History
223 lines (150 loc) · 11.8 KB

README.md

File metadata and controls

223 lines (150 loc) · 11.8 KB

SQL _Injection And Password cracker

This Repo contains a detailed usage of subprocess, hashlib modules.I have used the subprocess module to process my 'NETSH WLAN SHOW PROFILES' command and output your current working PC wifi connectivities and thier passwords.This Repo consists a msg 5 hash Alogrithm to generate a 'md5 hash' and the 'SHA Algorithm' to produce the corresponding hashes.A password generator using random library and shows the working of SQL Injection and prevention.

SQL Injection

What is SQL Injection?

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.It occurs when a attacker infuses malicious code into SQl statement using, via web page input.

SQL is a standardized language used to access and manipulate databases to build customizable data views for each user.

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

Example:

SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = ItemNumber

From this, the web application builds a string query that is sent to the database as a single SQL statement:

sql_query= "
SELECT ItemName, ItemDescription
FROM Item
WHERE ItemNumber = " & Request.QueryString("ItemID")
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
-- Above query is valid and returns data from users, since 'OR 1=1' is always true

Demo:

I have created a form using html and created a database using php where the data is stored.

The attacker can run the above mentioned queries to exploit the data in the database

Below shows how to build parameterized queries in PHP :

 <?php

    $username = $_POST['username'];
    $password = $_POST['password'];

    $conn = new mysqli('localhost', 'root', '', 'sql_injection');

    if($conn->connect_error){
        die('connection Failed : ' .$conn->connect_error);
    }else{
        $stmt = $conn->prepare("insert into sql_injection(username, password)");

        $stmt->bind_param("ss",$username, $password);
        $stmt->execute();
        $stmt->close();
        $conn->close();
    }
?>

If you a Database Administrator or a database enthusiast like me then you can use python or R to connect to database rather than php.

# pip install cx_oracle 
import cx_Oracle    # for oracle any verison
# pip install pyodbc
import pyodbc       # for sqlserver
# pip install mysql.connector
import mysql.connector      # for MySQL
# pip install psycopg2
import psycopg2      # for postgre SQl

# you can connect to your database using these imports and creating a 'cursor' to access output queries

Types:

1.In-band SQLi :

The attacker uses the same channel of communication to launch their attacks and to gather their results. In-band SQLi’s simplicity and efficiency make it one of the most common types of SQLi attack

2.Inferential (Blind) SQLi :

The attacker sends data payloads to the server and observes the response and behavior of the server to learn more about its structure. This method is called blind SQLi because the data is not transferred from the website database to the attacker, thus the attacker cannot see information about the attack in-band.

Prevention :

1.Update your database management software :

You can protect yourself by just patching and updating your database management software.

2.Enforce the principle of least privilege (PoLP) :

PoLP means each account only has enough access to do its job and nothing more. A web account that only needs read access to a given database shouldn't have the ability to write, edit or change data in any way.

3.Use prepared statements or stored procedures :

As opposed to dynamic SQL, prepared statements limit variables on incoming SQL commands.

4.OWASP :

The Open Web Application Security Project, OWASP for short, is the leading authority on web applications and they have lots of additional reading on how to prevent SQL injections.

For any additional information do check SQL Injection

-------------------------------------------------------------------------------------------------------------------------------------------------------------

                               __________________            ___________________  
                             /                             /                     \            |                  
                            |                             |                       |           |    
                            |                             |                       |           |     
                            |                             |                       |           |
                            |                             |                       |           |
                            \                             |                       |           |
                             \________________            |                       |           |
                                               \          |                       |           |
                                                |         |                 \     |           |
                                                |         |                  \    |           |
                                                |         |                   \   |           |
                                                |         |                    \  |           |
                                               /           \ ___________________\/            |________________________   
                           __________________ /                                  \                       
                                                                                  \
                                                                                   \
                                                                                   ` \     

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Password Cracker And Hash Algorithms

Hashing :

Hashing is a technique or process of mapping keys, values into the hash table by using a hash function. It is done for faster access to elements. The efficiency of mapping depends on the efficiency of the hash function used.

hashlib implements a common interface to many different secure hash and message digest algorithms. Included are the FIPS secure hash algorithms SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA’s MD5 algorithm (defined in internet RFC 1321).

hashlib - The hashlib module defines an API for accessing different cryptographic hashing algorithms.

HASH Algorithms:

1.md5

2.sha1

3.sha224

4.sha256

5.sha384

6.sha512

7.sha3_224, sha3_256, sha3_384, sha3_512

MD5 (Message Digest Method 5) is a cryptographic hash algorithm used to generate a 128-bit digest from a string of any length. It represents the digests as 32 digit hexadecimal numbers.

Hash Function :

A function that converts a given big phone number to a small practical integer value. The mapped integer value is used as an index in the hash table. In simple terms, a hash function maps a big number or string to a small integer that can be used as the index in the hash table.

NOTE : A good hash function should a Efficiently computable and Should uniformly distribute the keys (Each table position equally likely for each key)

Generating md5 hash:

Requirement:

import hashlib
import hashlib

user_pass = input("Enter any Character or string or number : ")
enco = hashlib.md5(user_pass.encode())     # encode the input

res_hash = enco.hexdigest()          # convert to hexa decimal format
print("Your Hash Value : "+ str(hash(user_pass)))
print("Your encoded Hash code : ",res_hash)

SHA 256 is a part of the SHA 2 family of algorithms, where SHA stands for Secure Hash Algorithm. SHA-256 Algorithm is currently used most for secure hashing, since of 256 in the name stands for the final hash digest value, i.e. irrespective of the size of plaintext/cleartext, the hash value will always be 256 bits.

Characteristics :

Message Length :

The length of the cleartext should be less than 264 bits. The size needs to be in the comparison area to keep the digest as random as possible.

Digest Length :

The length of the hash digest should be 256 bits in SHA 256 algorithm, 512 bits in SHA-512, and so on. Bigger digests usually suggest significantly more calculations at the cost of speed and space.

Irreversible :

By design, all hash functions such as the SHA 256 are irreversible. You should neither get a plaintext when you have the digest beforehand nor should the digest provide its original value when you pass it through the hash function again.

import hashlib
user_pass = input("Enter Any character or String or Number :")
sha1 = hashlib.sha1(user_pass.encode())
sha224 = hashlib.sha224(user_pass.encode())
sha256 = hashlib.sha256(user_pass.encode())
sha384 = hashlib.sha384(user_pass.encode())
sha512 = hashlib.sha512(user_pass.encode()
# digest the function
print("SHA1 hash Code :", sha1.hexdigest())
print("SHA224 hash Code :", sha224.hexdigest())
print("SHA256 hash Code :", sha256.hexdigest())
print("SHA384 hash Code :", sha384.hexdigest())
print("SHA512 hash Code :", sha512.hexdigest())

Applications :

My Database is Starving !!!

If any necessary commits are required to increase the elegance of this repo! i'm always open for a PR.

With this signing off..!!,BHARATH GUNTREDDI ..🤞