Authentication Bypass Cheat Sheet

You must have read my previous article on how authentication bypass works.

This is a list of other combinations you can try that work similarly by becoming part of the original query.

The list has been given by Dr. Emin İslam TatlıIf , a former board member of OWASP( Open Web Application Security Project).

SQL Injection Series- Part I - Authentication Bypass

Being the first in a series of articles on the ways to achieve SQL injection, I must first explain what SQL injection entails.
Basically, each website you use is connected to a database at the back end. Whatever information you see on a website is information from a database. The most widely used language to communicate with databases is SQL(Structured Query Language). The syntax of queries may vary from one DB software to another but they all basically use SQL. In webpages, all the information you supply or anything you click on is converted to a query and passed to the database that you cant see.

Google-Dorks Commands

How many times have you had to go all the way to page 10 on google looking for an ebook?
You wanted a pdf but they give you all sorts of useless stuff!

How many times has a scenario occured where you wanted a power point presentation for your school/college project and looking for a ppt file on google yields about two ppt files per page?!

While looking for a login page to hack with authentication bypass, how many times have you taken days on end, almost reached the middle of the search results and still not found anything?(Mind you there are millions of search results , reaching the halfway point is a big deal!)

VPNs (Virtual Private Networks)

The internet is open, unprotected and accessible by almost everyone. When you communicate over the internet, any information you send/recieve, from emails to login details, from bank account details to your address , can be seen by people who shouldn't be seeing them.
Illustrated below is a "man in the middle attack":

Hiding Your Online Identity

Your IP address is what you are known as online.
If a router has a data packet for you here's how the conversation would probably go:

Router:      Hey 192.168.13.6! I got a data packet for ya!
Computer: Gee thanks 192.168.0.0! Pass it on!

Believe it or not that's definitely how they talk.

Given that you're in this section of the blog, you have intentions that a normal internet surfer does not. You want to hack into websites, servers,accounts and what not.

Hacking a WPA encrypted WiFi network

In my article  "Hack A WEP Encrypted WiFi In 10 Simple Steps", I mentioned how each data packet has a part of the network password. Over there we simply had to gather enough packets, apply permutations and combinations and we had our password.
Whoever came up with the idea of WEP now saw a huge shortcoming in the encryption.
Hence the need for a safer encryption was seen and WPA was introduced.

Now data packets don't have a sub pass key in them. The connection of router and computer is authenticated through a WPA handshake.

Hack A WEP Encrypted WiFi In 10 Simple Steps.

Before anything else, HACKING IS ILLEGAL! Be it a WiFi network or a website or a facebook account.
You can go to jail for it.

All the information divulged is meant for educational purposes only. Be stupid, it'll be on your head.

Lets first understand how wireless networks work. In case of a wired connection, it is the job of the router to send relevant information to the computers.

Suppose 5 computers are connected through a wired connection.
Computer 1 wants to access facebook, Computer 2 wants google.
The router sends data packets that are relevant to facebook to Computer 1 and google to Computer 2.

How to make a bootable USB drive with UNetbootin

There are certain times you need to use an Operating System but you don't want to overwrite you existing OS or make your machine slow by going for a parallel boot option.

In such a case the best option is to use a bootable USB drive.

All you need to do is set your first preference to USB drive/HDD in the BIOS setup. Insert a bootable USB drive and viola! Your computer runs at the same fast speed and there's a new OS in the machine without even installing it!

Its probably the easiest thing to do in a computer other than double click the MyComputer shortcut on your desktop.

Basic IP and MAC address Information

Whenever you use the internet through a modem, you are using a connection given by an Internet Service Provider(ISP).
Each computer connected to a router has two IP addresses.

• The WAN IP or the Global IP:   This is the IP of your router and all computers connected to a particular router will have the same Global IP. Generally these routers have dynamic IPs ,ie, the IP changes each time you reboot the router.They can have static IPs as well but that involves a long procedure. Want to check your Global IP? Go to www.ipchicken.com.

Sandbox and Sandboxie

A sandbox is a mechanism in computers that is used to isolate and quarantine unknown and untrusted applications and run them in this separated and secure environment.

Why do we do this?

Well, think of it this way. A man has a contagious disease. It's a disease he passes on to all those in his contact.Until he is well or until it is determined that his disease, in fact ,is not contagious, he is quarantined and kept in a room away from all the other people in the world. So every one is not infected with it.