Welcome back, my hacker apprentices! Although there is a multitude of different hacker types, the one target they all share is the database. I often refer to the database as the hacker's Holy Grail, or the ultimate prize for an effective hack.
SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack
Know thy enemy — wise words that can be applied to many different situations, including database hacking. It is essential to performing adequate reconnaissance on a system before even thinking about launching an attack — any type of attack — and this is no different for SQL injection.
Welcome back, my greenhorn hackers! In a previous tutorial on hacking databases, I showed you how to find online databases and then how to enumerate the databases, tables, and columns. In this guide, we'll now exfiltrate, extract, remove—whatever term you prefer—the data from an online database.
The key to becoming a competent white hat is knowing how the technology that you are trying to exploit actually works. SQL injection is one of the most common methods of attack used today and also one of the easiest to learn. In order to understand how this attack works, you need to have a solid grasp of ... you've guessed it ... SQL.
Welcome back, my budding hackers! When we are looking for ways to hack a system, we need a specific exploit to take advantage of a certain vulnerability in the operating system, service, or application. Although I have shown you multiple ways to exploit systems here in Null Byte, there are still many more exploits available that I have not yet shown you.
Welcome back, my amateur hackers!
Hundreds of Windows 10, macOS, and Linux vulnerabilities are disclosed every single week, many of which elude mainstream attention. Most users aren't even aware that newly found exploits and vulnerabilities exist, nor that CVEs can be located by anyone in just a few clicks from a selection of websites online.
The ability to stay organized and be resourceful with data gathered from recon is one of the things that separates the true hackers from the script kiddies. Metasploit contains a built-in database that allows for efficient storage of information and the ability to utilize that information to better understand the target, which ultimately leads to more successful exploitation.
It's been said time and time again: reconnaissance is perhaps the most critical phase of an attack. It's especially important when preparing an attack against a database since one wrong move can destroy every last bit of data, which usually isn't the desired outcome. Metasploit contains a variety of modules that can be used to enumerate MySQL databases, making it easy to gather valuable information.
Hello my fellow hackers, it's been a while since my last post, I can't get the time now-a-days for the posts but can manage to tend to comments.
Attacks against databases have become one of the most popular and lucrative activities for hackers recently. New data breaches seem to be popping up every week, but even with all of that attention, databases continue to be a prime target. All of these attacks have to start somewhere, and we'll be exploring a variety of methods to gather information on PostgreSQL databases with Metasploit.
Welcome back, my fledgling hackers! The database is the hacker's "pot-of-gold," as it contains information that is very valuable to both the business and the hacker. In this, the second of my series on hacking databases, we're on the "hunt" for Microsoft's SQL Server. Although far from the most commonly used database (Oracle hold's that title), Microsoft's SQL Server is very often found in small-to-medium sized businesses. Even a few big businesses use it.
Welcome back, my rookie hackers! A short while back, I began a new series on database hacking, and now it's time to continue and extend your education in that field. As you know, the database contains all of the most valuable info for the hacker, including personally identifiable information, credit card numbers, intellectual property, etc. So, it's the ultimate goal of cybercrime and the APT hacker.
Welcome back, my hacker novitiates! There are many ways to hack databases, and most of these techniques require SQL injection (SQLi), which is a way of sending SQL commands back to the database from a web form or other input. In this tutorial, we will use SQL injection to get access to the underlying server. So instead of getting access to the database and its data, we will use the database as an intermediary to gain access to the underlying server.
To name just a few companies, VK, µTorrent, and ClixSense all suffered significant data breaches at some point in the past. The leaked password databases from those and other online sites can be used to understand better how human-passwords are created and increase a hacker's success when performing brute-force attacks.
If there are words that you use often but Swype doesn't know them yet, you can easily add them to the database of your texting program. In this clip, learn all about adding uncommon or unique words to your Skype dictionary so that you can text even faster. You can even add web addresses, e-mails, nicknames and anything else you use often and don't want to tap out.
Watch Jeffrey Scudder demonstrate his GData Python Client Library extension that makes it easy to use Google Spreadsheets as a database in the information cloud.
Learn how create a Point Of Interest (POI) database using Google Earth and KML2CSV. You can upload this file to your GPS or GPS-enabled phone to create custom tracking searches.
To start off the process of publishing your access database online we first look at a sample MS ACCESS database with typical formats and a online searchable application where users can search by library name or city and get details of the library. There are 3 steps to publish the database. The first step is importing data which can be done through clicking on the file menu and then click on import data through a Microsoft Access Database. Now select the file you want to import through the bro...
While you cannot directly open a Microsoft Access database file in OpenOffice Base, it is possible to connect Base to an Access database, and manipulate the data contained within it.
Databases allow you to store data in a systematic and organized format, making it easy for you to search, sort and edit.
Wait, a query within a query? This function is possible within the framework of MySQL. Learn how to correctly implement a subquery or sub select in your next database project and avoid a couple perils that will make your program unstable.
Learn how to open up your old Access 2003 databases in MS Access 2010. Whether you're new to Microsoft's popular database management application or a seasoned MS Office professional just looking to better acquaint yourself with the Access 2010 workflow, you're sure to be well served by this video tutorial. For more information, and to get started using the Backstage view in your own Access projects, watch this free video guide.
Learn how to create (and tell the difference between) flat and relational databases in FileMaker Pro 11. Whether you're new to the FileMaker Pro database management program or just want to learn how to take advantage of FileMaker Pro 11's new features, you're sure to benefit from this free video tutorial from the folks at Lynda. For more information, including detailed, step-by-step instructions, take a look.
In this six-part video tutorial, learn how to create an access database. The following six parts go over the following:
New to PHP? There's no better way to learn a scripting language than to code with it. And this two-part video guide, which demonstrates how to use a web form to retrieve data from a database with PHP, will get you started on your way.
This CoffeeCup Web Form Builder software tutorial shows how to create a MySQL database to be used in CoffeeCup Form Builder to build web forms. Mike Lively shows you how to do this using cPanel and the Site Ground server for hosting since it allows an unlimited number of MySQL databases. Start by creating your database in cPanel and then upload the results to CoffeeCup Form Builder.
This video describes the initial creation of a database using File Maker Pro 10. While this video does not go into anything complicated, it does give a great preview of how their particular program works. The movie indicates there are templates available, however the series of movies explains how to create them from scratch. There seems to be another six or so official movies. This three minutes movie covers new database creation, naming, importing fields, naming new fields, relationship crea...
How to use Microsoft Excel as a simple database and how to organize and sort data on the fly.
In this Lynda video tutorial, learn how to use FileMaker Pro 10 software to create databases with pre-made templates. FileMaker offers these templates in a package called Starter Solutions. To access these options, click open FileMaker. Then, go to New Database under the File menu. Click the option "Create a database using a Starter Solution." The templates are grouped according to the nature of their use. Some are for the home, while some are for business. All you do is open the template you...
In this video tutorial, viewers learn how to detach and attach a database in SQL Server 2005. Microsoft SQL Server is a relational model database server. Begin by opening the Database and show all the tables. To detach the table, right-click the database and select Detach. Make sure that the database is not opened or it will not detach. To attach a database, right-click on Database and select Attach. Click on Add and find the table. Select the table and press OK. This video will benefit those...
In this short video we export a MySQL database table to a Microsoft Excel 2000 spreadsheet using cPanel and phpMyAdmin. You will need to have your login information for cPanel. Once you are in cPanel, go to phpMyAdmin in the database section and find the database you need to export, and export the database as a spreadsheet! See how to customize the exportation of a MySQL database to an Excel spreadsheet in this tutorial.
How to use PHP to login to a MySQL database. Part 1 of 4 - How to Use PHP to login to a MYSQL database.
MySQL is a database for serving data on the web. This video teaches viewers how to connect to a database and add data in PHP & MySQL. PHPMyAdmin is an interface that allows you to interact with MySQL more easily. Use the form in the program to create a database; choose the name for your database and select 'create'. Next you can create tables within your database, also using the forms provided. Within the tables you can set your variables; PHPMyAdmin has fields that allow you to choose the ty...
How to manage user logins by creating a MySQL user login database with PHP. Part 1 of 3 - How to Create a MySQL user login database with PHP.
The Microsoft Office Access 2007 relational database manager enables information workers to quickly track and report information with ease thanks to its interactive design capabilities that do not require deep database knowledge. In this Microsoft Access video tutorial, you'll learn about what queries are, and scratches the surface on what they can do, For more information, and to get started running your own database queries in Access, take a look.
If you're new to DreamCoder for Oracle, one of the very first things you'll almost certainly want to know how to connect to a remote Oracle database. Happily, this tutorial will walk you, step by step, through the process. To learn how to establish a connection between a given Oracle database and the DreamCoder for Oracle, take a look!
A PHP programming tutorial on how to set up a user database. Part 1 of 2 - How to Create a phpMyAdmin user database.
Lyndapodcast teaches you how to create a database using FileMaker Pro 10. You can link one contact with multiple addresses and information and store that into a single database. You can also add content from the web into your FileMaker layout, including maps, pictures and music. You have a security module where you can set permissions for the users using the database. You can also publish the FileMaker database to the web. For this go to File - Sharing - Instant Web Publishing. Another featur...
In this clip, we learn how to create a new database when using SQLite 3. Whether you're entirely new to the SQLite embedded relational database management system or are a seasoned developer merely looking to brush up on a few of the basics, you're sure to find much to take away. For more information, take a look!