Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Ethical Hacking from Scratch
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch

By : Sabih
4.4 (17)
close
close
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch

4.4 (17)
By: Sabih

Overview of this book

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You’ll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices. Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections. The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.
Table of Contents (24 chapters)
close
close
22
Discovering Vulnerabilities Automatically Using OWASP ZAP

SQLi authorization bypass

Now we know that we can put in any code we want and it's going to be executed on the system. So, let's have another look at the statement, which says select * from accounts where username = username, and password = password, which we put in the Password textbox. We will now see whether we can use that to log in without using a password, and we are going to be doing that with the admin. So, username is going to be admin, and we don't know what password is for admin, so we are going to enter any random password, for example, aaa. In the code that we were previously running, we put and 1=1, now instead of and, we are going to say or 1=1. So, once we inject the command, it is going to let us log in without even knowing the password of admin. Our code is going to look as follows:

select * from accounts where username = 'admin' and...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY