PHP Application MySQL Injection Example

Here is a short video I put together to show the perspective of a PHP developer writing an application that makes MySQL queries as well as a BlackHat hacker who wants to steal data utilizing MySQL injection. I am running Kali Linux as an attacker and CentOS as a PHP developer/application host.

It takes you through a short bit of PHP development as well as creating a MySQL database table containing data. The PHP development bit shows a simple PHP application that fetches the data and echo’s it out leaving the ID parameter open to MySQL injection. Then after creating the application I go into detail about sqlmap and how basic it is to steal data.

Linux Shell Scripting Variables and Environmental Variables

Essential to every programming language, variables are utilized to hold different types of data.  Typically scripting languages don’t require you to declare variables so they can be set directly.  In Linux Shell Scripting, a variables value is always a string whether you assign it with or without quotes.  Special variables for the environment are stored by default and are called environment variables.

To view all of the environment variables related to a terminal, you can issue the “env” command.

TrueAbility – Prove Your Technical Abilities and Land a Sweet Job

Screen Shot 2014-04-28 at 10.50.09 PMWhile watching LinuxFest Northwest 2014 they mentioned a great new service called “TrueAbility.”  TrueAbility connects IT professionals with open positions at some of the most prestigious IT enterprise corporations by testing your abilities right on their site.

When a user is interested in a job, he/she can click “Interview Now.”  This then builds a virtual machine and provides remote access for the interviewee.   He/she can now remotely log in and perform the tasks that are being asks by the “AbilityScreen” as they call it.Screen Shot 2014-04-28 at 10.50.52 PMThe employer can customize the requirements to match the necessary skill-set they are seeking in an employee.

HTTP GET DDOS Reflection Attack using Facebook’s Servers

Facebook has some convenient features that we all enjoy. The ability to put a link to an image where Facebook then in the background requests that image so that it can be shown in the post is one. This functionality has been exposed as a usable DDOS reflection attack tool as of recent. Facebook does cache images, but so long as you throw some dynamic variables on the url(ie: whatever.jpg?randomstring2920392309), then Facebook considers it new and does not refer to its cached image.

Part 2: HTML, jQuery, PHP, and MySQL Basics for Creating a Web Application

In our previous post about how to store data in a data base and then query that data to display on an HTML page, we did not go over adding data from an HTML form and then refreshing the data that is displayed.  So today we are going to cover that since its an important part of creating a web application.

To get started, you can download our previous tutorials package and upload them onto your server.  You can then build out your database the same as we did in the first tutorial.

HTML, jQuery, PHP, and MySQL Basics for Creating a Web Application

This is a go-to stack of technologies for many web developers.  Whether your go-to is PHP, Python, Perl, or any of the other programming language, being able to store, update, and delete data in a database is essential.  You don’t need to be a database guru to create a database, create tables within, and put the data infrastructure to use in a web or desktop application.  Yes, in a corporate enterprise environment you are going to “phone a DBA” at times to optimize your web application by using database indexes in your query, but if you are a developer, or have the passion to become a developer, you should learn the basics.  For this session, I will be working on a CentOS server that has Apache, MySQL, PHP, and the PHP MySQL extension so that PHP can put MySQL to use.

Protect your Home Wireless Network from Hackers

 

When it comes to your home wireless network, you should often be aware of who is connected to it.

If a hacker gets onto your network, you risk having all your network traffic sniffed over the network by the hacker spoofing itself as the network router. This is called a MITM Man-in-the-middle attack and makes the attacker machine act as the router on the network for all the devices or a single victim machine.

iOS 7.1 Problems List Released and How to Fix Them

ios 7.1

Last week, the IOS 7.1 release was pushed to users with iPads, iPhones, and iPod touch. While it contained some useful features and functionality, it also came with a cost. Many users have started experienced less battery life since they have updated to IOS 7.1. BGR.com has recently published some methods to address the battery life issue with IOS 7.1.

Battery life is not the only issue and ZDNet has compiled a list of problems with IOS 7.1 for users to review. This list includes wifi and bluetooth connectivity issues, Apple Touch ID fingerprint scanner issues, and personal hotspot problems.

Is Apple missing something in the QA department that is causing updates to go out with problems? Or is Apple just deciding that battery life is not as important as the features they are rolling out? With the mass usage of iPhones and other Apple products, it doesn't speak very well for the software engineers and testers when such important things get overlooked in a release.

Phaser Javascript Game Tutorial Series – Flappy Bird – Getting Started

Screen Shot 2014-02-17 at 12.07.47 AMWelcome to my Phaser Javascript Game Tutorial. Phaser is a desktop and mobile html5 game framework created by Photon Storm Ltd. The framework makes it super simple to create 2D games in JavaScript with the canvas and WebGL libraries. With all the attention surrounding the popular game Flappy Bird, I decided to give Phaser framework a go by creating a Flappy Bird like game. For this example, we will call it.. FappyBird!

Anti-NSA Secure Smart Phone Called BlackPhone

blackphone

In a time where privacy is more of an idea than reality, security becomes a major focus for application developers, network engineers, system and database administrators.  Most importantly it becomes a hot and in-demand requirement for consumers of technology.  If you don’t already know, and I would be very surprised by someone not being aware with all the recent revelations, the NSA is above the law and can eavesdrop on phones, computers, tablets, and just about any device that utilizes network transmission without warrant or over-sight.