Hacking Sri Lankan websites – think like a thief

Past recent days was not auspicious for the community of srilankan cyber security. Several government websites, media websites, banking and financial websites hit in spate of cyber attacks. Some sites were defaced and DB information published online. There might be numerous reasons behind those cyber attacks, but this is kind of alarm for us.

catch a thief

Huge numbers of websites get attacked every day around the world. Unsecured websites as well as well secured websites include into this. So, there is no big deal in attacking SL websites. Problem is if there are no basic level security implementations, can we handle massive cyber threats?

Script kiddies are everywhere. Exploiting websites vulnerabilities, defacing, dumping databases is not a rocket science with hacking tools. Even if some attacked websites have high profile status, they didn’t put enough concern on information security. That’s where we all went wrong so far. We are always worried about actions not quality.

Well, most attacked websites are at top of the Google dorks results, if you are looking for certain vulnerabilities.

This graph shows the most popular web attacking techniques in year 2012.

web hacking techniques

 

It is cleared that, most SL websites hacked through sql injections. Developers usually lock down their application/site on login portal. But login is not the only place where application interacts with the database. Forums, comments, user profiles, news and search areas all link with DB. XSS, remote file inclusions, CMS issues and IM level vulnerabilities would be the next top methods.

When I was at interview in university, there were software professionals from industry. When they got to know that I am keen in security stuffs, said “we have experienced CISSP guys and network security engineers, so nothing to worry about security”. But they are software vendors.

Website or application can be hacked in two different scenarios. One is the lack of security implementation in infrastructure level and other is poor security standards in application level. So, breached in SL sites could happen because of hosting company or site developers. But most sites were hacked through sql injections, this directly focus on application developers and testers.

I know, explaining something is easy than implementing. But still I can rarely see that developers/software firms concern on their products’ security. This is very same for government sector.

We develop…develop…and someone breaks

Okay, whoever attacked those sites might get their self-satisfaction. Some organizations may lose their privacy and dignity. I think government will much focus on cyber security than finding whose IP was that. Prominently, we should wake up on this alarm.

Most script kiddies are likely to be insiders.

 

“To catch a thief, we must think like a thief”

 

Sql Poizon to find vulnerable web sites

Once you learnt about Sql injection methods, you may need to analysis them practically. The problem is where I can find a vulnerable website for testing.

white hacker

The easiest way to find that is “Google dork” or we call “Google hacking database” (http://www.exploit-db.com/google-dorks/)

Anybody can manually search via Google dorks and find vulnerable sites. But Sql Poizon tool makes this more simple by automating dork search.  It has included so many dorks in different categories. Let see how this works,

1. Download Sql Poizon latest version – freeware.

sql poizon

 

 

 

2. Select any dork you need and click on Scan. Here you can select maximum number of sites and country.

select a dork

 

 

 

 

3. In result pane, will list vulnerable site urls according to your dork. To verify the urls, write click on one url and select “Send to Sqli Crawler” – All

send to sqli crawler

 

 

 

 

4. Urls will forward to Sqli Crawler to validate. Here they use simple Sql validation by putting single apostrophe at the end of url and check the error code. Click on Crawl to validate.

crawler

 

 

 

 

5. After verification of each links, sign will appear in front of link. Mostly right symbol and yellow bulb symbol sites are not vulnerable, but red cross symbol links likely to be vulnerable for Sql attacks.

vulnerable sites

 

 

 

 

Now you can test these uncommon sites with your own methods, but only for educational purpose.