Étiquette : hacking

Path traversal

Path traversal attack exploits improper handling of filenames in a website’s query string. Typically, the hackers are looking for private files not intended for user browsing, files that may contain sensitive data (payment data, server configuration elements, etc).

A way to prevent this kind of attack is by segregation. Public and private files are kept in different locations. For examples, the public files are on server A, the private files would be either in a secure partition on server A or on a secure file on server B.

Another way to prevent is to restrict permissions on the server. The principle of least privilege – systems operate with the least amount of privilege necessary.

Other measures are: keeping the server OS up-to-date, sanitizing paths for illegal character patterns or not relying on user input for filenames.

Session hijacking

A session ID is used to identify the visit of an user when he logs into a website. This information is exchanged between the server and the browser.

Typically, the session ID must be lengthy, random, unique and difficult to guess. This will increase the time for those trying to hijack it. If the session ID is predictable any type of hackers (novices, black hats, elites) could write a script to guess it.

A weak session ID can lead to the exposure of the user’s profile and his payment information and allowing the hackers to access the website without authentication.

Hackers can use a script to enumerate potential session IDs and try to access the website with them.

Many websites rely on web frameworks to generate safe and strong session IDs. Some measures like: deactivating session IDs after a period of time, change session IDs after each request or prevent reuse of session IDs. Also, some web frameworks choose to sign the cookies (append some encoded text to the cookie data) that hold the session ID. This digital signature is an enciphered value that can only be deciphered by the website. Cryptography!

SQL Injection

SQL injection is a very common and straight-forward website attack that can help hackers to expose a website database. With SQL injection we can execute unintended commands against website databases (many websites use SQL databases). Using SQL injection a hacker can become the database administrator and tamper with user data.

Typically,  the hackers use input fields on website to inject SQL.  For example, a form uses SQL to check the user’s account in the database – login, checkout , registration or contact forms. Any form on a website can be exploited during the SQL injection attempts.

The website can reject the suspicious form data by cleaning/sanitizing the input. That means ensuring that inputs don’t contain certain symbols, rejecting whitespace characters and using regular expressions to validate data. There are many characters that a hacker can use to exploit input

The best defense against SQL injection is to use parameterized SQL (prepared SQL). Parameters are placeholders and ensure input is safely used in SQL. They are interpreted by the database drivers.

There a lot of scripts to automate the SQL injection attacks.

 

Cryptographic hashing

Cryptographic hashing is used for storing passwords due to its one-way transformation, meaning there is no way to reverse the enciphering. Passwords are disguised and can’t be reversed to their original form.

When hashing, the output is usually 32 characters or more in length, no matter how long the original input is.

Hashing maintains privacy by allowing us to compare if two inputs are the same without knowing the content of the original inputs (the same input will always generate the same output).

The avalanche effect means that the slightest change in the input generates a totally different output. For example, even if a one letter change the resulting hash will be unrecognizable from the original.

There are different types of cryptographic hashing such as SHA-1 and MD5 (not safe anymore), the output length and the method of transformation being the primary way hash functions differ. SHA-256 or bcrypt are more secure.

Securing written communication, hiding words and providing secrecy are the mainly goals of cryptography.

Hacking

Hacking is about seeking vulnerabilities in software, searching for security holes. The reasons why a person would want to be a hacker are various including curiosity, personal challenge or stealing data.

The intentions choose the type of hacker a person want to be:

White-hat (ethical)

A white hacker acts in the legal zone and he has to follow the following steps:

  • get the permission of the owner of the system
  • hack the system
  • tell the owner about the vulnerabilities

White-hat hackers help keeping businesses, society and software that affects every life safe.

Black-hat (cracker)

A black hacker has malicious intentions and many people consider him as the classic  definition of hackers.

No matter what the intentions are hacking a system without getting the permission is illegal.  Hacking is just a tool. It is everyone’s responsibility to decide what to use it for.