HACKING: What it really means to you and me

Hey everyone, so at work we’ve had a couple vulnerabilities pop up so I was privileged with writing this up and I wanted to share it with you. I hope you find it interesting! Sorry it’s such a long read. There’s two parts, one for SQL injection and one for Cross Site Scripting.

SQL Injection Check out SQL injection on OWASP

SQL injection is, simply put, a user adding additional requests to your database calls. For instance if you ask for a search term and compare that term to the database with something like:

SELECT title, author, text FROM books WHERE text LIKE '%$input%'

Developers can defend against SQL injection by validating all inputs. This means that we use a function that strips away characters that is required to run SQL from that input.

validateInput() would be a function we define that removes characters such as  *, `, or ". Something else to put in your validateInput() function would be PHP's  MySQLi escape function. It's also wise to not allow Users to type in what tables they want to access in the database. Use separate queries instead of a dynamic one.

One of the simplest ways to test your inputs is to add " or 1=1" to the end of the input. If we put '''something%' OR 1=1''' into the example above we get:

SELECT title, author, text FROM books WHERE text LIKE '% '''something%' OR 1=1''' '

Cross Site Scripting (XSS ) Check out XSS on OWASP

XSS is similar to SQL in the sense that a user is trying to add their own code to our website. This time instead of affecting our database, it's adding a javascript script (or a similar tag) to our pages code. Do you know what this is below?

%3C%2Fh2%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E%3Ch2%3E

It looks like a lot of gibberish to me! While we don't expect our normal users to type this into our log-in field, a hacker wouldn't hesitate. While it looks like nothing, this is actually the HTML escape characters for <script>alert(1);</script>. The user just added their own javascript to our website!

Just like the input we use for SQL queries we need to validate all inputs! I can't say that enough. If the page is grabbing something, we need to pass it to a function that strips out anything illegal. In XSS's case, we want to remove anything that is or could be a tag.

Our validation function needs to remove all tags, and the easiest way to do that is with PHP's strip_tags function!

Want to see if you can add your own javascript to the website? Use the alert(1) from above. It's harmless and has a nice visual to show you that your site is indeed vulnerable to XSS.

Something pretty basic that I didn’t cover early on is anonymity. Do bank robbers wear masks? Unless you want the police knocking on your door the next day. I suggest you look up the Tor project. It’s a proxy network that divides your data into packets and sends each one randomly through different bots on the network.

While some may say Tor isn’t secure. You need to realize that nothing is perfectly secure. Driving a get away car after removing the license plate might make it hard to be caught but police can still catch you using the color, make, etc of the car.

Ok, lets review, we know our basics. We know how to use a computer, we know how to write code, we know what unix systems like Linux are, and we know how to use Unix tools like those provided in Kali.

Wait, I still can't get into my friends Facebook account, what are we really learning anyways? Well giant corporations like Google or Facebook are hard to hack, especially for people new to hacking like us. Not to mention it's usually illegal to try to hack a company without permission.

So in the meantime, use the VMs we set up in step 3 to practice known vulnerabilities and learn basic hacking methods! Now, OWASP's BWA isn't something we fully understand; but the developers who wrote it also provided some awesome documentation! To become a hacker you need to explore how to gain information for yourselves. Here's some links to get you started with OWASPs BWA.

Great! I’ve installed Kali… now what?

Step 4: Get into the toy chest

If you’ve never played with BASH/terminal or you don’t know what Linux is. I suggest you read into that first before you get much further into hacking. Most of Kali’s toys are based off of the terminal, so in order to run them, you will be typing commands like “nmap -A http://your-ip-address”. The link above is Offensive Security’s website where they have some awesome documentation about what’s available on Kali.

Everyone wants to break into their neighbors wifi or steal someones password at Starbucks, but depending on National, State, and local law, even packet sniffing could be illegal. So how do we safely practice how to hack before we are ready to find Sony's back door? We set up a environment for virtual machines on our local computer or server!

For those of you who don't know what a Virtual Machine is, it's a "computer" inside your computer. Using programs like VMware or Oracle's VM VirtualBox (which is free) you can have multiple systems running on your computer depending on your computer's RAM and processing power. I suggest you download VirtualBox to get started: https://www.virtualbox.org/wiki/Downloads

After you have that installed, you need to get the operating systems that'll make up your VMs. I suggest using Kali for your "hacker" machine and OWASP's BWA for your "victim" machine. OWASP is a open source community for watching web application security. You should check out http://www.owasp.org to learn more about them. Be sure to check out their top 10 vulnerabilities for websites. You can download the files for both VMs at the links below. Special note about the BWA VM: It's made of VMware files, there's no installing like you would with Kali. Be sure to use an existing harddrive and select one of the files from the .zip folder you downloaded. https://www.kali.org/downloads/ http://www.slideshare.net/michael_coates/lab-setup-28126110

Follow these tutorials to get your systems online! Installing Kali as a Virtual Macine Installing OWASPs BWA as a Virtual Machine

If you've never used a linux operating system before, I suggest you learn fast! Check out how to use the bash commands (terminal) and learn some of the tools that Kali has to offer.

Now, your "victim" is specifically made to have vulnerabilities! Its up to you to find them, or if you want more of a step by step then I suggest you google how to get in or check out the BWA project files

Lesley Carhart, Incident Response, Motorola Solutions

Step 2: Learn the basics

When people say "I want to be a Hacker" a lot of people don't know where to start. Google is a good option but there's a lot of dead ends.

Step 1 to becoming a Hacker:

Find communities both online and local.

There are forums, IRC chats, and tutorials online that are very beneficial to learning how to hack. Finding experienced people willing to help you along the way is also an amazing advantage. 

Joining local communities are the fastest and possibly the most fun way to get into hacking. Cities have hackerspaces, guides, and classes; where you can learn quite a lot. But one of the most important opportunities are the conventions!

Why go to Conventions?

Last weekend there was a convention in Washington DC that covered three tracks: "Build it, Belay it, Bring it on". Click the main link to check out the official website. This convention was so popular that their tickets sold out in 5 minutes.

Who’s excited for the next Chris Hemsworth movie coming out Friday January 16th?!? He’s trading in his hammer for a laptop in this up and coming action packed thriller.

Now, granted, anyone who calls themselves a hacker would cringe to call Hemsworth a "black hat hacker". But there’s one thing I love about movies like this one. It opens your minds to the endless wonders of what hacking can do. (Please note: it's never as easy as movie magic makes it look) 

In fact, a movie like this is what first got me interested in finding a job with computers. Watching people drain billionaires bank accounts in seconds, or controlling the traffic signals to get away.

Hello There, I’m James, everyone calls me that and its probably the only name I respond to. However my name has one problem. Google it and you’ll find little about me.

That’s where my username came in. Greenjam94 is my alias for anything and everything on the internet from gaming to social media. I've used this username since the 8th grade when I first realized my Internet presence would stick with me throughout my life. Click the link and it’ll show you so many links, almost all of which are a part of my digital footprint.