This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Thursday, 29 January 2015

What is mysql and How to use php myadmin

What is mysql and How to use phpmyadmin



Let’s take a brief tour of What is MySQL and how to use PHPMyAdmin to get a broad overview of its capabilities. This is the home page of a local installation of phpMyAdmin being viewed in a browser. Depending on your set up, you might need to login with a user name and password to get to this page. This is a fresh installation of phpMyAdmin.
It was installed using XAMPP/WAMP on Windows, so you might see a slightly different list of databases on the left here, depending on how you installed.
The Database Server panel at the top right says that the user that’s logged in is root at local host.
Root is the MySQL superuser, which has all privileges, including creating and deleting databases and adding new user accounts. Local host means I’m using a local connection to the MySQL server. Because I’m logged in as root, I can see a full list of all the databases on this server in this column on the left.
Information schema is a virtual database that contains detail about all the databases. “You can’t edit it.”
The next one, mysql, stores details of all user accounts and privileges.
You should never edit this database directly.
The others performance schema, phpmyadmin, and webauth (if you are using XAMPP ) are all created and used directly by phpMyAdmin.
They’re there. You don’t need to bother with them. You’ll create your own database completely separate from that. But they’re used by PHPMyAdmin for certain administrative purposes. The database names are links that take you directly to a tab that displays the structure of the database.
I’m going to click the link of this cdcall (If you are using WAMP, you might not seen this database).
It’s the sample database. It doesn’t matter if you can’t see this, we’re just going to take a very quick look at what you get.
So the first thing that you get is the structure of the database. This particular database has got only one table called CD’s then in action you can browse that table you can see the table structure you can search the table insert new data empty. Removes all the data from that particular table, but leaves the table structure intact and Drop drops the table completely. It wipes it out, not only the table data but also the table structure. You will get a warning. If you click Drop, it’ll tell you that it’s going to delete the database and asks you to confirm it.
If you do that, everything disappears completely. There is no recycle bin or trash in MySQL. Once you delete something, it’s gone forever. As well as dropping tables, you can create new tables down here, and let’s just click this browse.
This shows as the contents of the table. This sample database was created in Germany. That’s why these titles here are in German. You can edit, copy, and delete individual rows. You can even change the value of a particular cell. By double-clicking and then just typing in the new value, and then it will update that particular row within the database.
Something to notice about the tabs at the top is that they are context sensitive. If I click structure now, it won’t take me back to the structure of the database, it’ll take me to the structure of this individual table.
Databases lists all of the databases on the server.
And then we’ll be going through the various options up here as we go through the course. I’m showing you everything in English, but if your native language is different from English, you can open this Language menu. An let’s say you are, Finnish.
You can change everything in, phpMyAdmin. To work in Finnish.
Conclusion:
It’s a browser-based front-end to MySQL that not only allows you to inspect the contents of a database, but also to add new tables, and to insert, update, and delete data.

Limits of phpMyAdmin in hosted environments

Limits of phpMyAdmin in hosted environments


Many hosting companies provide phpMyAdmin as the default way of  administering MySQL databases, but you won’t be able to log in as the root super-user unless perhaps you’re the administrator of a dedicated server. So let’s consider the limitations you’re likely to encounter with phpMyAdmin.
In a hosted environment. What you see here is the version of phpMyAdmin running on my own remote webserver. I’m viewing it in a browser on my local computer, but for security reasons, most hosting companies don’t permit direct access to MySQL from a remote computer, so to display this page, I first had to log in to the control panel of my remote server. And then display phpMyAdmin from there.
In the database server panel, it shows my username, and then @localhost, so even though it’s on my remote server, it still gives the server name as localhost.
What that means is that MySQL and this version of phpMyAdmin are local to each other. So in other words, I’m viewing the contents of my database server just like an ordinary website. But phpMyAdmin gives me the option to edit certain parts of my databases.
I know there are several other databases running on the server, but this list on the left shows only my databases. Significantly, it doesn’t include MySQL, and the tabs at the top don’t include users.

Import Data Using PHPMyAdmin

Let’s take a look at the Import tab.
This is where you transfer data from another server. I’ll explain how to do that in a separate article. What’s important to check here, is the maximum permitted size.
In my case, it’s an incredibly generous 80 megabytes, but in most hosted environments, it’s usually 02 megabytes. And it might be even less. In the worst case scenario, file uploads might have been disabled altogether. The limit isn’t controlled by phpMyAdmin. But by the web server’s PHP configuration. Three settings are involved. File Uploads must be ON. Post Max Size controls the maximum amount of post data. And Upload Max File Size sets the upper limit on the individual file uploads. If file uploads are disabled, or you find the limit too small, you need to change the settings in the PHP configuration file, PHP.ini. And if you don’t have access to PHP.ini, ask your hosting company about increasing the upload limits.

Database Storage Engine Using PHPMyAdmin

Next, let’s take a look at the ” Engines “ tab.

Difference Between InnoDB And MyISAM

This lists the different storage engines supported by MySQL. The two most important are MyISAM, at the bottom here, and InnoDB, which is at the top.
If a description is grayed out, it indicates that particular engine isn’t supported on your server.
For many years, MyISAM was the default but it changed to InnoDB in MySQL 5.5. If both are enabled on your hosted server, you’re in luck because that’s the default engine in the new local installation of phpMyAdmin.
InnoDB also has the advantage of supporting foreign key constraints and transactions, two features that are missing from MyISAM. If the InnoDB description is grayed out, you’ll need to make sure you always select the MyISAM engine when working with a local version of phpMyAdmin.
In most respects, working with phpMyAdmin in a hosted environment is the same as in a local installation. The main differences are that you’re usually logged in with limited privileges. Although you could work with existing databases and user accounts. You usually can’t create new ones inside phpMyAdmin. You might also be limited in the size of files used to import data. And, you need to check whether the InnoDB storage engine is enabled on your remote server.

How to create and use mysql database using php myadmin

How to create and use mysql database using phpmyadmin


Designing a database takes time and thought. So, I think it’s a good idea to work with a local installation of phpMyAdmin. Make sure everything works as intended, and then transfer the database to your remote server. So, let’s create a database to work with for the rest of this articles. We’ll, also discuss the meaning of collation, which controls the sort order. If you haven’t already done so, launch your local installation of phpMyAdmin. And login if necessary as the root super user.
In the general settings panel at the top center. Sever connection collation is set by default to UTF8 general CI.
This sets the default sort order of all the databases on this server to “ case insensitive(ci) “. And I recommend that you don’t change this value, unless you’ve got a very strong reason for doing so. So to create the database, click the Databases tab at the top left. And if you are logged in as the root user, you should be able to see this Create database field. Which is where you enter the name for the database.

PHPMyAdmin Create Database


If the name of the database on your remote server has already been decided, use that. If you’re free to choose the name of the database, choose something that describes the data you plan to store.

Standards To Create Database

Although phpMyAdmin allows you to use spaces and special characters in database names. It’s best to use only letters, numbers, and the underscore. In other words, no spaces. And to avoid problems with case sensitivity, it’s also a good idea to use all lower case.
I’m going to call the database for this article and rest of MySQL articles “ learnkoding ”. And I’m going to use underscores to join the words. So in that field, “ learn_koding “.

Collation in MySQL

Collation here sets the collation, or the sort order, for this individual database. If you’re using English, don’t change the default. But, if you’re storing data in another language, you need to choose the appropriate collation, from the drop down menu. And if you open this drop down menu, you’ll see there’s an absolutely enormous choice of collations. Most of the time, you’ll want to use utf8. And it’s right down towards the bottom. And you can see this czech_ci, danish_ci, estonian_ci, the ci at the end stands for case insensitive. This one at the top which has got bin at the end, stands for binary sort order. There are other sort orders which end in cs, and that is case sensitive.
If you don’t know which one to choose just go for the default collation. You can change the value of collation for individual tables and even columns at anytime later, after the database has been created.

Conclusion

Creating a database is simple. The database learn_koding has been created. Just give it a name, and set collation, if necessary. Normally, you should use the same name as the database on your remote server. If you can choose the name yourself, stick to lowercase letters, numbers, and the underscore. Don’t use spaces. Collation sets the default order. For English, leave collation at the default value.

Wednesday, 28 January 2015

XSS Attack: Finding Simple XSS Vulnerability

XSS Attack: Finding Simple XSS Vulnerability


When reading "a lot of" request tutorial from you :-P, I will pick the topic about XSS Attack: finding simple XSS vulnerability. For some of you who already life in a web programming (client or server side scripting) maybe it's not a hard thing to find some web application bug that lead to XSS attack. But anyhow because I have slogan "from zero to hero" :-) I will start with the basic thing and we move to the advance part, that's why this tutorial I divided into 2 part.

This tutorial will cover finding the vulnerable website, set up the exploit server, creating bait for victim, and exploit them.

Firstly, as usual we need to know the basic of our topic today, what is XSS or Cross Site Scripting. According to Wikipedia:

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.

When I do browsing and read from one forum or blog to another about XSS, there is many people asking "is XSS dangerous?" and the funny thing is someone still say "no it's not dangerous" -_- . The name is already containing "vulnerability" word which is vulnerable or I can say its unsafe.

The XSS itself divided into 2 persistent XSS and non-persistent XSS. Persistent XSS will harm the web server and also harm the users who are visiting the website, and non-persistent XSS is only affecting the users…if the attacker smart enough, even the admin also can go into the non-persisntent trap :-)

I hope that simple explanation makes you clear about XSS….

Step by step finding simple XSS vulnerability:

1. Since XSS is a web application vulnerability, we will finding the vulnerable website by the help from Google dork. I will pick from the simplest one, a search feature in a website :-) .

inurl:.com/search.asp


As you can see the result there are 144 million website with TLD .com and page search.asp, you can configure the google dork to suit your search result.

2. I get several website with XSS vulnerability after do the manual checking from google search result. If you don't know how to do the simple XSS checking, you can view the Htutorail.blogspot.com 


or this website

3. After we get the XSS vulnerable website what is the next step?

The website result in the step 2 has a non-persistent XSS website, where this vulnerability not affect the web server directly but can affect the visitor who visit the malicious link.

4. The scenario will be like this.

Attacker already do the step one and two, the next step he will sending the malicious link to the victim (in this scenario is the website administrator). While website administrator log in to the XSS vulnerable website where he administer it, the attacker can steal the cookie and act as administrator.

For the next step about step by step how to create the malicious link, and how to steal the administrator cookie, I will continue in the upcoming tutorial about XSS attack Hacking and Exploit XSS Vulnerability. 



Monday, 26 January 2015

Batch File That Pops up with repeating messages

Batch File That Pops up with repeating messages


Hey guyz I hope you are enjoying my Batch Programming Series.
Before reading this post make sure you read my previous post you read my previous posts. You will get to know many posts about Batch Programmin. My first post What is Batch Programming And Need For It and the second one Learn Batch Programming Commands.
Now in this post we are going to make a batch file that pop ups with repeating message boxes.

below is the code for it.

:Begin
msg * Hi
msg * Are you having fun?
msg * I am!
msg * The admin of http://htutorail.blogspot.com
msg * since you are stuck reading
msg * I am gonna teach you
msg * Batch Programming series
msg * Did you learn anything new
msg * and are you enjoying it
msg * if yes then do subscribe
msg * to learn hacking
msg * the fastest growing ethical hacking site
msg * on net
msg * and you know what
msg * you have been P-w-n-e-d with a capital “P”
GOTO BEGIN

See, its as simple as that. I am sure you might have understood. Now you can use this and irritate your friends or can play this trick anywhere you like.

Now share this information and enjoy Learning Ethical Hacking.
And make sure you subscribe to http://htutorail.blogspot.com/. :)