Sql Injection

Sql injection is a very important aspect that a good hacker must be aware of .
A bad database design can be exploited by sql injection. Its like leaving a shop full of expensive goods without a good quality lock. One can easily break into it.
Suppose the database programmer has programmed databse in such a way that he retrieves the values like
"SELECT * FROM users WHERE name = '" + userName + "';"
Now the programmer thinks that whatever username the user enters will be appended in the query and the query is implemented accordingly. But what if i insert user name as
' or ' 1 ' = ' 1
The query becomes
"SELECT * FROM users WHERE name = '' or '1'='1';"  
which gives any user access to the confidential area.
Any good code must be protected against sql injection
There are various methods to protect your code. One can use parameterized  statements to give input to the sql instead of directly inputting the user specified value. If one uses ORM (object relational mapping) then that eliminates the need to write sql code...
Hope you will be able to secure your code against sql injection after reading this...

Hardening Mysql

Ill be discussing the basic steps to hardening mysql...

One of the most basic steps that one can take is restricting remote access to the server. The default port on whic mysql works is 3306. Using any host-based firewall like IPtables one should restrict access to this port.   

Now be sure to change your default root username and root password. As the default password is same for everyone it can be easily guessed. So be sure to change it. Remove any anonymous account that you find in the database or any account with no password as it may provide access to the system. 

Remove the sample database "test" that is created by default at the time of installation and always run mysql as an unprivileged user. Always grant minimum level permission to a user and limit access to the mysql logs. Encrypt the mysql data using inbuilt functions and keep a track of the latest patches coming out.

Also be sure to remove the mysql server history.

Backing up and restoring mysql data...

Now backing up of mysql data can be done in two ways.. either one can copy the raw mysql databse files  or export tables to a text file

Now as mysql uses the same format on all platforms so one can copy the mysql data i.e tables and index files from one node and store and use it on another node.

Another way is use the mysqldump utility to backup the mysql database to text files.

Now restoring data is very easy after backup. Just use the command "mysql" with administrator privileges and give the .sql file as input and u r done...

thats all for now.... :)

The beginning... i.e task 1

So my contribution towards solving task 1 was to solve the basic missions on the site hackthissite.org . Pretty easy huh... . Its easy only if you are looking in the right place else the answer may be in your face the whole time and still you will not be able to figure it out. The initial levels are just to get you warmed up. Tutorials are given on the site itself to help you out. Various hints are available on the mission page itself , the only condition being you are looking for them. 
The first mission should be a piece of cake for anyone who is a bit familiar with the field of computer science. the hint available is also available if it still does not strike you.( Common you must have at least seen the movie "source code").
Common the next mission is not even related to computer science . Read the text properly and yes .. the password is right in front of you. 

Hmmm this is where the fun starts.... Hint: Think in terms of directory structure .. :)

No to solve the next mission i.e 4 you must have the basic knowledge of how html pages work and whats the use of different tags in a page. Once you get a hold of this stuff the task is 99% solved. Get an addon to tamper the source data and bingo u are done

Now if you were able to solve the last mission you probably need no hint to solve this one. 

Congratulations you have reached level 6 now ( or you are just interested in the answers ... you wont be getting them here so better go and work :) )... just one hint is needed for this one :ASCII . Anything more than this will be similar to saying the answer.
Now get a unix book and revise your unix commands coz u r gonna need it. Find the proper command and use it to find the "list". The password is just lurking somewere ...
Now for level 8 and 9 revise your php basics. You need to be aware of the script tactics and workarounds. Just stay patient and think out of the box and youll get there...
Now comes the level 10. Now you need to be aware how cookies work . Doctors use injection to pump in medicines so do we... but we are engineers ... we use medicines for computers and what will be those....
You guessed it correct.. scripts.. use scripts to cure the disease (i.e cookies)


Okk so now i guess you should be able to solve the basic missions.. go on have a look at the advanced level missions.. so will I... . Till then adios... :)