Hashing is a really powerful tool that can be used to hide data such as passwords.. Hashing is one way, meaning once you hash it, you can't derive the original word from the hashed word. People might ask why hash it if it can't be brought back? Hashing can really be a good tool for passwords, people may have 1 password for all his/her accounts so if someone gets in the database and sees the password, he might be able to access that person's other accounts (bank, email, etc).. that is why passwords are hashed, then how can you compare a hashed password to a not hashed one? It's simple, just hash the "not hashed one" with the hashing that you used in the "hashed one", then compare the 2, if is equal then the password is correct.
I believe that hashing is really one way..because of the algorithm that it uses, but there is one thing that can "cheat" that. Lets say a password is from 6-10 characters long, so create a script that hashes and saved all possible combinations from 6 characters - 10 characters in a table
ex
Table hashtable
normal hashed(SHA1)
000001 0a620481ca00b00de7eedb407a68b9163dcabae3
000002 86dfb043360b0e9ef7767e6ea7ad09fb7fb81537
... ...
... ...
... ...
d3nn1s 7b7edb6fda80187ac8a3f18b2c2b9bfef7a95acc
... ...
ZZZZZZZZZX 3ae4c15d5da68511a49a6171d0df2f7e51207fa6
ZZZZZZZZZY 27fb26c695b91422e048b7ccd2557209472d7fbc
ZZZZZZZZZZ 5df31df13a3fe267e1ae0a35f71bdc70b0249d35
and if your script saved all these in a table, just search for example..
SELECT normal
FROM hashtable
WHERE hashed="7b7edb6fda80187ac8a3f18b2c2b9bfef7a95acc";
by that, you will surely get the reverse of that hashed word..which is d3nn1s, also, hash functions have a fixed length
MD4 = 32 characters
SHA1 = 40 characters
so it gives you a big clue on what hash function was used..unless if you do character stuffing..
and it is also a proof that hasing is one way (before the brute force), for example you hash this string using SHA1 "ang mantech na subject ay napakasayasayasayasayasaya talaga!", the result would be "5df31df13a3fe267e1ae0a35f71bdc70b0249d35", obviously, the string that you used is longer than 40 characters, and the end result is only 40 characters, so how can you derive a combination of 60 characters from 40 characters..it can only be done by "brute force" (hashtable)
Wednesday, October 24, 2007
Sunday, October 7, 2007
Attack!
The videos that were shown during our class were very interesting for me because creating web based programs is something that I do and the topics that were discussed in the videos were mostly on web based programs.
I have heard of SQL injection before but I didn't know how much things an attacker can do using SQL injection. For me, there are many ways on how to prevent this, or at least minimize the damage (if ever an attack happens).
Lastly, the thing that the guy from microsoft discussed about the attack on IIS, I think that this is really a problem when running a web server on winows. You can easily access files even from other folders by using "../", so if you use the "../" and know the folders of that server, you can traverse the folders of that server and steal some files. I think that this is not applicable in linux, in linux, you can set the permissions of folders. So if you plan to run your own web server, use linux :)
I have heard of SQL injection before but I didn't know how much things an attacker can do using SQL injection. For me, there are many ways on how to prevent this, or at least minimize the damage (if ever an attack happens).
- the most basic thing to do is to create a separate user with limited privileges which the web application will use (only the privileges that the application will need, no more) so that if an attack like DROP TABLES is used, the command wont work, unless a drop privilege is given to that user.
- Second, to avoid getting information about/from your database from a public page, don't put a code that would print information that your database server returns, because if you do that, and an attacker discovers that he/she can inject an sql code, that page would be like a sql client for him/her.
- This I think is the safest but i think is not practical (last resort), when getting information from forms, encrypt it before connecting it to the sql code, because if you put a textbox on a page and will directly use the string that will be typed in the text box and will put that in your sql code, a hacker can easily inject a code. Surely, when the information from a form is encrypted before inserting that into the code, an attack would be almost impossible but it is impractical because when you view the contents of the database, it will all be encrypted.
Lastly, the thing that the guy from microsoft discussed about the attack on IIS, I think that this is really a problem when running a web server on winows. You can easily access files even from other folders by using "../", so if you use the "../" and know the folders of that server, you can traverse the folders of that server and steal some files. I think that this is not applicable in linux, in linux, you can set the permissions of folders. So if you plan to run your own web server, use linux :)
Wednesday, October 3, 2007
Taking advantage..
Viruses for me are okay. I think that this is the fault of software makers. Viruses can be made by people who know a flaw/bug in a software. If this flaw/bug is not fixed, people can do something and take advantage of that flaw/bug.
It is like leaving a 500 peso bill on the ground, surely someone see it and someone would pick that up. Same with these softwares, if you leave a hole open, in time, people will discover these holes and someone would also create something that can take advantage of that hole... So.. if in time, it will be discovered, I believe that viruses are just one of the ways to speed up the discovery of the bug, and is a great reason why they should fix it right away, thanks to the people who make them.
I think that it is one of the responsibilities of computer users to protect themselves from these viruses.
It is like leaving a 500 peso bill on the ground, surely someone see it and someone would pick that up. Same with these softwares, if you leave a hole open, in time, people will discover these holes and someone would also create something that can take advantage of that hole... So.. if in time, it will be discovered, I believe that viruses are just one of the ways to speed up the discovery of the bug, and is a great reason why they should fix it right away, thanks to the people who make them.
I think that it is one of the responsibilities of computer users to protect themselves from these viruses.
Subscribe to:
Posts (Atom)