Whitehats CyberSecurity

Ever since wanna cry and petya Ransomware spreads have started, cyber security has become a major topic to discuss on. Effective Cybersecurity approach can help gain maximum out of cyber security program. Few steps can help us make a good start with respect to infrastructure 1- start with identify objectives of cyber security. 2- vulnerability assessments of infra is must 3- malware scanning should be a part of every vulnerability assessments 4- policy testing should be done to identify organisation Security violations as password violations 5- Disabled users and guest accounts should be checked​ 6- Admin passwords, blank passwords , root accounts, privilege levels should be verified 7- Business needs to be tested for escalation on user privileges 8- Find out most critical cves and newly discovered CVS

Database Dump using SQLMap Find out the parameter of application that is vulnerable to SQL injection . Vulnerable Parameter  : “User ID” Enter ‘ and then click on Submit button. will get the SQL Error. Now Intercept the Request in burp. Copy the incepted request and save it in sqlmap installed directory. Open CMD and go to the directory where SQL map is installed (C:/sqlmap) and type sqlmap.py –r sqlinjection (filename) –-dbs and then enter. (dbs is used for dump database name). Then type Y and enter. Type N and enter, it display all the database . Now we have to find out the table in database. Type sqlmap.py –r sqlinjection –D dvwa(database name) –tables.     In the above snap we got the table name in dvwa database. Then we have find out the column name. type sqlmap.py –r sqlinjection –d dvwa –T users –column. Now we are going to dump the userid and password from column. Type sqlmap.py –r sqlinje