LAMP, a commonly used web development combination. Linux, Apache, MySql and PHP. Since, the language, PHP is designed for web developing, the language is very simple and anyone can learn it easily. And combining it with MySQL allows you to build very powerfull web sites.

There is one dangerous mistake that some people may do. Directly passing the values from the user to the database. How it could be so dangerous? I’ll show you an example.

Let’s say you have a login form and line like this in the action page.

$result=mysql_query(”SELECT * FROM users WHERE username=’”.$_POST['username'].”‘ AND pwd=’”.$_POST['password'].”‘”) ;

Normally, The script will add the values from the user into the sql query. So, It will be something like :

SELECT * FROM users WHERE username=’sandaruwan’ AND pwd=’secret’

There is nothing wrong with it. But let’s say, Instead of typing my username, if i type something like :

sandaruwan’#
What would happen? The script will insert this statement into the query. So, It will be something like :

SELECT * FROM users WHERE username=’sandaruwan’#’ AND pwd=’secret’

The symbol # means, comment out the rest of the query. In that case, the final query is like :

SELECT * FROM users WHERE username=’sandaruwan’

So, no matter what is the password, The script will allow you to login. Very simple!!! but effective.

One day, in an afternoon, when you are relaxing in your home, you get a call from HSBC and they tell you they are rechecking credit cards. “Could you please tell me, your credit card number?”. Just without thinking much, most probably what you’ll do is tell it. And your personal details, etc. So, next month when the bill comes, you know someone has illegally used your credit card.

Basically, that’s social engineering; Gathering information by talking to the people. This is easier than hacking, and probably more effective. Because in a computer system, system admin can patch the vulnerable products but there is no patch for human stupidity.

Just wanted to tell you, “Beware of Social Engineers”.

When you guys wants to do packet sniffing what do you do? Just running a packet sniffer? That’ll work if your network is connected using a hub. Not in a switched enviroment. So, the solution is arp poisoning.

Arp Poisoning, one great method of hacking. The basic idea behind arp poisoning is changing the packet destination by fooling the computer. In a local area network the computers are uniqly identifical by the MAC address and IP address. The top level software communicate using the IP addresses. So, when a software wants to connect to another machine, it creates a data packet and put the destination IP address. Then, the kernel takes the packet. The kernel have a table called ARP table which have information about ip address againts the mac addresses. So, the kernel looks at the ARP table and then takes the relevent MAC address. If MAC address is not available in the table, it sends an arp request saying “Hey, xxx.xxx.xxx.xxx, send me your MAC address”. So, the other computer sends an arp reply. At that point first computer update it’s arp table. Then the kernel inject that MAC into the packet and give it to the network card. The network card only look at the MAC address. So, the packet’s final destination is the computer pointed by the MAC address; no matter what the ip address is.

Now think like this. Let’s say there are three computers. A,B and C. You are in the computer A and your MAC address is 00:00:00:FF:FF:FF. So, we want to track messages between computer B and C. What we have to do is create two fake arp replies. One is saying “I’m computer B, my MAC address is 00:00:00:FF:FF:FF” and other saying “I’m computer C, my MAC address is 00:00:00:FF:FF:FF”. So, you keep broadcasting both messages, the first message to the computer C and other to the computer B. Then you have to put an ip forwarding program and configure it to redirect the packets to it’s original destination. Now all packets go through your computer. It’s time to sniff.

You can also do some other interesting stuffs. If you want to ban someone from the network, what you have to do is send an arp reply to the gateway saying “Hey, I’m computer X, my MAC address is 00:00:00:00:00:00″. Since there is no MAC address like that, messages from the gateway won’t reach the computer. Ya, finally, you banned them.