A few times a year I read in my newspaper that someone from some organisation has leaked data by throwing a computer away without erasing all data first, loosing a non-encrypted USB stick or more recently, twittering information which should not have been public.
But there is another way of data leakage, and it is not as obvious and well known as the ones mentioned above.
(more…)
Archive for April, 2009
Data leakage through META-data
Sunday, April 26th, 2009Getting data through SQL injections… can get nasty!
Monday, April 20th, 2009When I first learned about SQL injections it sounded all pretty easy. Just put in some SQL code and you will get the output of your query ( and possible the data that was intended to be shown too ).
But as I found out today sometimes it isn’t that easy, especially when using a Blind SQL injection exploit.
Ten minutes after I first tried to hack the site I already found the way in, but it took me more than a day to get data out of it. It turned out the ASP page expected a numeric result set out of the query and based on that queried some more ( non-numeric) data. So when I did get an integer out of the database, the ASP looked it up in to the database and I turned up with legit data.
But then after I had fooled around a bit, I got an error message which returned a value out of the table I had intended to query! What I accidental had done was converting a integer to a varchar and vice versa so the SQL would generate an error, and return the value of the field in the error message.
Knowing this, I just wrote a small python script that filtered all field data out of the error messages.
<edit> This method is great as proof for your customer, but not to really dump the DB with it…. It had run all night and in the morning I had 1 MB of data pulled out of the database </edit>
Fun with www.hackthissite.org
Wednesday, April 15th, 2009Because penetration testing and hacking is best learned by just doing it, I decided to find a way of practicing various techniques.
Of course, I could be hacking just some website, but this has some disadvantages. ( You could call being arrested and put in jail a disadvantage 
)
So I decided to google for someone who had created a webpage that was created with the intention of being hacked. So, I found www.hackthissite.org.
After registration in the left menu several mission categories are presented, of which I have mastered the “basics” and currently busy with the “Realistic”. Especially the “realistic” missions give you a real rush if you have completed the mission. My current favourite mission was breaking into the website of bank and transfer money to a different account. Although the missions are quite realistic, the one with the bank is in a way unrealistic and realistic at the same time. It is realistic because of the mission ( transfer money to another account ) but banks now-a-days have much better protection that this one. For example, SSL is not used, no token based authentication, even clear text cookies and md5 password hashes are shown in HTML… But hey, if they had used ( or not at )all of these techniques it probably would not have been hackable 
I can really recommend this site if you want to learn more about hacking websites.
New Job
Friday, April 10th, 2009Yes, finally a new post! It took a long time, but as usual I had a lot of things to take care of first
This site is now officially co-located, and therefore I had to migrate everything to this new server. Besides this I decided to move from Apache2 to Nginx and thus had to rewrite all configuration files.
As the title of this post gives away, I have switched jobs! I am happy I have found a job in IT-Security and will be working from now on as a (network) penetration tester. Now I have everything on track again, I plan to post more often.