This is a very basic presentation describing Cyber Security through a hacker's perspective.That is how hackers break into a system and what tools they use! Download

Fuzzing

Fuzzing can easily be defined as a procedure to automate bug findings in an application , by providing it with different parameters.

Basically here i am going to show you what an simple http (url) fuzzing is. And how to write a Simple HTTP (url) Fuzzer. its very simple you just have to send GET /(variable) HTTP/1.0 to the remote web server and simply increase the variable size. for example , in the variable first put aa and then keep on increasing the "a" x 2. And keep sending the requests and if an error occurs in the webserver note the string and your good to go :) . So heres the code :

Simple Http(url) Fuzzer : Fuzzer Download

XSS

Xss or cross site scripting can easily be illustrated by : script and slashscript tags

This usually happens when input parameters are not properly sanitized , that is or other html tags are not checked or filtered out.correctly.
Basically this is what happens , usually servers echo back the input you gave to them with an error message or an approved one, that is the best place to inject xss code.

SQL Injection

Sql injection happens usually when in an application the input post variable is first checked for SQL syntax and then the embedded query is executed. For example:
In a login form if you enter �OR 1=1� in the admin field it allows access. Now what just happened ?First off when the form is posted the application is fooled by �� , it thinks that because of the Single quote it�s an sql query thus by checking 1=1 thus forcibly accepting that admin/root = root and because of � letting the rest to slip by it allows full admin access.

To Explain this concept here is an example :
For instance : in a php code this is the query : �SELECT * FROM users WHERE name =��+Username+��;� Now according to my example given above , if I enter usman� or �1�=�1 ! The SQL query on the whole would look like this :
SELECT * FROM users WHERE name = �usman� or �1�=�1�;
Thus giving off the record of 1 = 1 or admin. Because if usman does not exsist it will goto the �or� part and bring up admin record.

Exploitation

Exploitation means to take advantage of a weakness for personal gain .Here is a simple example to what an exploit really means !?
I know most of the people know the language C ! so here is a little program to explain :
int main(int argc , char **argv)
{
char illdie[10];
strcpy(illdie , argv[1]);
printf("%s",illdie);
}
Compile it ! it makes an exe example.exe
Normal Input : example.exe hi there
Normal Output : hi there.

Input greater then characters : example.exe AAAAAAAAAAAAAA
Output : Error , instruction at 1a2133fa tried to access the location at 41414141 [This is the hex for AAAA]. Hence the Intruction pointer changed.

Now our example.exe is the is a weak program thus can easily be exploited.