The Newbie Hacker Guide from a n00b HimselfThe Newbie Hacker Guide from a n00b HimselfThis blog is a step-by-step guide for newcomers to hacking. I go through everything from downloading the best Operating System, installing it, and so on and so forth. Every step of the way is clearly spelled out.
Articles:
1, 2
Articles
Launched New Website
2008-02-12 19:29:00 I was busy reading up on PHP programming and server stuff. While learning I played around a bit, and came up with this new website. The address is http://jotdown.info . I'll just copy what I wrote in the FAQs, so you'll get an idea of what it is.Are you ever on a computer somewhere and you want to save a link that you found? Or maybe some text that you’re copying. Well, in the olden days, you would log in to your email account, start a new email, and enter your own address, paste it in and send it to yourself. Then when you get home, you go through the whole business again.What a pain in the neck!! Well, here's the solution.Go to JotDown.Info and put in your name and a name for the note (i.e. Links, old MacDonald, hahaha), paste whatever you want and click to save. Sounds easy, doesn't it? Well, it is.Now when you come home, go again to JotDown.Info, and enter your name and the name of the note, click to retrieve, and there it is for you.------------------------------------N ow... More About: Website , Launched
Going Out of Town
2008-02-08 04:19:00 Sorry to all those waiting for the SQL Injection tutorial. I am going out of town and the next post will probably only be after February 15th. If you sign up to the feed, you'll know whem I'm back. I may be able to get away from my wife for a couple of hours, but I can't count on that. We'll be in touch. More About: Town
SQL Basics - Creating and Changing Tables (Last Lesson)
2008-02-05 16:08:00 Up until now, we dealt with retrieving, inserting, and manipulating data. Today, we'll discuss manipulating the table itself.CREATING A NEW TABLETo create a new table, we use the CREATE TABLE clause. When we create the table, we must specify the name of the new table, and the name and datatypes of the columns, with each column separated by a comma. For example, to creat the table 'OrderItems' that we've been working with, we do the following:CREATE TABLE OrderItems(order_num INTEGER NOT NULL,order_item INTEGER NOT NULL,prod_id CHAR(10) NOT NULL,quantity INTEGER NOT NULL DEFAULT 1,item_price DECIMAL(8,2) NOT NULL)As you can see, we specified the datatype, and if it allows a NULL value or requires you to givwe a value. You can also define a default value, as we've done with the quantity column. This creates the table we have used in this tutorial.CHANGING AN EXISTING TABLETo make changes to an existing table we use the ALTER TABLE clause. Different applications have very differen... More About: Tables , Creating , Changing , Lesson , Basics
SQL Basics - Changing and Deleting Data
2008-02-04 17:43:00 Last post we discussed adding a new entry into a table. Today I want to talk about updating previous data, or deleting it. It's actually quite simple. To update, we use the UPDATE clause. Cool, isn't it? Our customer, Fun4all moved, and we want to change his address.UPDATE CustomersSET cust_address = '123 Drunk Drive'WHERE cust_id='100000003'This replaces the customer's old address, 1 Sunny Place, with his new address.WARNING!!! WARNING!!! WARNING!!! WARNING!!!If I had left out the WHERE clause, this query would have gone through without a problem, except that now all my customer's addresses are '123 Drunk Drive'. You must make sure to use the WHERE clause.If we need to change his city and zip too, we can use the same query qith the new fields separated by commas.UPDATE CustomersSET cust_address = '123 Drunk Drive',cust_city = 'Jailcell',cust_zip = '07734'WHERE cust_id='100000003'To delete data is even easier, using the DELETE clause. Fun4all moved and isn't buyin... More About: Data , Changing , Basics
SQL Basics - Inserting Data into a Database
2008-02-04 06:55:00 Up until now, we dealt with retrieving data. Now we're going to discuss inserting and updating the database data. If we just want to add a record to the table, we use the INSERT clause, or INSERT INTO. There are basically two syntaxes that can be used. I will describe both ways. INSERT INTO Products VALUES ('BNBG04','DLL01','Monkey bean bag toy',4.49,'Cute monkey toy that your kids will love') This will add a full new record to our Products table. When using this simple format, you must specify a value for all columns in the table. If you don't have a value to enter, you must enter it as NULL. There is another format that you can use, and it is more recommended, although a bit more tedious. INSERT INTO Products(prod_id,vend_id,prod_name,prod_p rice,prod_desc) VALUES ('BNBG05','DLL01','Monkey bean bag toy',4.49,'Cute monkey toy that your kids will love') The difference here is that we provided the column names that we are inserting to. This is recommende... More About: Data , Database , Basics
SQL Basics - Combining Queries Using UNION
2008-02-03 07:41:00 Many times you have two queries that you want to make, but you want the results all in one table. You can do it with the OR function in the WHERE clause, but you can also use unions. Why not just use OR? Well, if you are retrieving the data from two different tables containing similar data, such as sales from two different years. You can't use joins, because there are no connecting columns. What do you do now? Use Union s. It's very simple. You take your 2 SQL queries, or 10 SQL queries and put the word UNION in between. Such as.:SELECT prod_name, vend_idFROM ProductsWHERE vend_id='DLL01'UNIONSELECT prod_name, vend_idFROM ProductsWHERE vend_id='BRS01'As stated above, you can connect two different tables, even if they don't contain the same columns. For example:SELECT prod_name, vend_id FROM Products WHERE vend_id='DLL01'UNIONSELECT cust_name, cust_address FROM CustomersORDER BY 1Now why you want to do what I just did is beyond me, but at least you see it works.BEWARE OF THE ... More About: Basics
SQL Basics - Using Joins
2008-02-03 06:34:00 What are joins? We explain in last post (Subqueries) what relational databases are. Basically, there are many different groups of data stored in many different tables. We used subqueries to filter data based on multiple tables. Now what if we need to retrieve data from multiple tables. Well, we can do many select squeries with many subqueries and add them all together. But there must be an easier way. That is what we use joins for. What joins do is virtually connect all the tables based on the columns that connect them, so that for our application we treat it as one big table.Creating a join is very similar to what we've been doing up until now. Two things change. In the FROM clause, we put in all the table names that we're using. Second, we must match the columns with a WHERE statement. For example:SELECT OrderItems.order_num,OrderItems.prod_id,V endors.vend_nameFROM OrderItems,Vendors,ProductsWhere OrderItems.prod_id=Products.prod_id AND Products.vend_id=Vendors.vend_id; What we ... More About: Basics
SQL Basics - Using Subqueries
2008-02-01 05:40:00 Most databases use relational tables. What that means is that the data is not stored all in one table. It is split up into various tables. For example , one table would contain customer information, one would contain the order numbers, one would contain the products ordered, and yet another would contain the store products. All the tables are related in some way. The order table would have a column containing the customer that made it, and the order products table would have a column containing the order number it refers to.To show an example, we'll use our good old database that we obtained at the beginning of this course. Let's say you have a recall on the Rabbit bean bag toy. It's a terrible choking hazard for little children. We now need to send a return envelope to all the customers that purchased it.These are the steps we need to do.1. Get the product ID of the rabbit bean bag toy from the Products table.2. Get the orders that contain that item number from the OrderItems ta... More About: Basics
SQL Basics - Grouping Data
2008-01-31 19:05:00 We previously learned now to use aggregate functions to rerieve the average of a column or of entries matching a specific condition filtered with WHERE. Now we will learn how to get all the averages of the table grouped by a column entry. For example, you are a teacher with 20 kids in your class. Each student took six exams and you want ot get each child's average. You can use AVG() and WHERE student_name='whatever', but you would have to do it 20 times for all your students. Here's where grouping comes into play.SELECT AVG(test_score) FROM table_testsGROUP BY student_nameAnother example. Using our old database we'll get the sum of each order in a separate entry.SELECT order_num, SUM(quantity*item_price) FROM OrderItemsGROUP BY order_numHow about if we want to get a list of all students with an average below 65. We would think to use the WHERE clause, but it won't work. WHERE filters rows only, not groups. For groups, we use the HAVING clause.SELECT AVG(test_score) AS average ... More About: Data , Basics
SQL Basics - Using Functions (cont.)
2008-01-31 15:57:00 Today we're going to talk about some more text manipulation functions that are a bit tricky to get right. The reason being that each application has different syntax for these functions. I will post all the different syntaxes for the popular programs and will indicate in a chart which syntax each program uses.CONCATENATEWe already spoke about Concatenating, but I bring it up because the chart will tell us which syntax your program uses.1. SELECT col1 col2 FROM tablename WHERE .....2. SELECT col1 + col2 FROM tablename WHERE .....3. SELECT CONCAT(col1,col2) FROM tablename WHERE .....____________________________________ _____________SUBSTRINGThis function is similar to the LEFT and RIGHT function we learned about in last lesson. Except it takes a string from in middle of another string. For example, to take the third and fourth letter of the string in the column, we would enter it so:1. SELECT SUBSTRING(colname FROM 3 FOR 2) FROM tablename WHERE .....2. SELECT SUBSTR(colname,3,2) FROM ... More About: Functions , Basics
SQL Basics - Using Aggregate Functions
2008-01-31 05:38:00 AGGREGATE FUNCTIONSAggregate functions are used to summarize values, such as getting the sum of many rows, the average, etc. Let's go through the most used functions.AVERAGEAVG() is used to get the average of a collection of rows.Usage: SELECT AVG(colname) FROM ..... [WHERE...]_______________________________ __________COUNTCOUNT () is used to return the number of rows in a given column or rows that are defined in a WHERE clause.Usage: SELECT COUNT(colname) FROM ..... [WHERE...]Using the above syntax will return the number of rows that don't have a NULL value. To return the full number of rows including rows with a NULL value use:SELECT COUNT(*) FROM .....____________________________________ _____MAX MAX() is used to get the greatest value in the column or defined rows.Usage: SELECT MAX(colname) FROM ..... [WHERE...]_______________________________ ___MINMIN() returns the lowest value in the column or defined rows.Usage: SELECT MAX(colname) FROM ..... [WHERE...]________________________... More About: Functions , Basics
SQL Basics - Using Functions (Text Manipulation)
2008-01-31 01:54:00 We really started working with functions in the last post using concatenation. Today we'll discuss one of two types of functions. The first is string manipulation functions, which concatenation is part of. The second category is the aggregate functions, which summarizes values, such as sums and averages. This second function will be discussed in the next post.STRING MANIPULATION FUNCTIONSLTRIMThis function is used to remove all spaces to the left of the table entry. For example, if the entry was ' hello', we only want the word 'hello to be returned, and to do this we use LTRIM.Usage: SELECT LTRIM(colname) From .....____________________________________ ____RTRIMThis function is used to remove all spaces to the right of the table entry. For example, if the entry was 'hello ', we only want the word 'hello to be returned, and to do this we use RTRIMUsage: SELECT RTRIM(colname) From .....___________________________________L EFTThis function is used to return a specified number of ch... More About: Functions , Text , Basics , Manipulation
SQL Basics - Sorting Your Results
2008-01-30 21:47:00 To sort your results returned from a SELECT command,we use the ORDER BY clause. SYNTAXSELECT * FROM table_name [WHERE condition]ORDER BY column-name(s)EXAMPLESSELECT * FROM TeethEyes ORDER BY child_age You can also sort text in alphabetical order.SELECT * FROM TeethEyes ORDER BY child_EyesHow about if you want to sort in a descending order, such as the older child first. You use the DESC parameter.SELECT * FROM TeethEyes ORDER BY child_age DESC One last thing. You can sort by multiple columns, and have it sort first by one and then the other, for example:SELECT * FROM TeethEyes WHERE child_teeth>3ORDER BY child_eyes, child_age DESC First it sorted by the eye color in ascending order, then it sort by age in descending order.We'll be in touch. More About: Results , Sorting , Basics
SQL Basics - Using Wildcards With The LIKE Operator
2008-01-30 15:00:00 If you've worked with computers you know about wildcards. In Windows '*' stands for an indefinite number of characters and '?' means one character. You can do a similar representation in SQL WHERE statements. In most SQL applications the '*' is replaced with '%' and the '?' is replaced by the '_' (underscore) symbol. In Microsoft Access you must use the standard wildcards, * and ?. The way we use it is with the LIKE operator:SELECT * FROM column_name WHERE LIKE '__sample*'What the above example does is find entries in column_name that have any two characters, then the word 'sample', then whatever else.Here are some examples of the syntax:SELECT child_name FROM TeethEyesWHERE child_name LIKE '__rr%'; In Access you would type: WHERE LIKE '??rr*'Here's another example:SELECT child_name FROM TeethEyesWHERE child_name LIKE '%y'; IMPORTANT NOTE: I think I failed to mention all along the difference when entering text strings or entering numbers. When entering text i... More About: Operator , Basics
SQL Basics - Calculated Fields and Aliases
2008-01-30 05:13:00 Very often you will find that you need to display data not in it's original form. Such as totals, averages, or multiples, or just reformatted. We can usually do it with the application we're using, but it is more efficient to do it using SQL. What happens is that SQL creates a virtual column containing your calculated field. Here are some of the most used operators. CONCATENATION This operator takes two or more strings and connects them into one long string. For this we use the '+' symbol in MS Access and some others. In some programs '||' is used (two straight up lines.) EXAMPLE SELECT child_name + child_eyes FROM TeethEyes; Not extremely readable, is it? Here's what we can do to help that SELECT child_name + ' has ' + child_eyes + ' eyes.' FROM TeethEyes; That's a little better.What we did is add the name, ' has ', which is a space, the word has ans a space. Then we added the eye color, a space and eyes. Pretty simple. MATHEMATICAL FORMATTING Yo... More About: Basics , Fields
Sorry for the mess up
2008-01-30 02:54:00 For a few hours today this blog was a mess. It was due to a tag I added to try to make it neater, and it went haywire, especially if you were using Mozilla. It's fixed and running as good as ever. Sorry again to all my readers. More About: Mess
SQL Basics - The WHERE Clause (AND OR and IN)
2008-01-29 21:28:00 CHECKING FOR MULTIPLE CONDITIONSIn last lesson we learned about the WHERE clause used to filter the results. How about if you wanted to filter the results further so that the output matches in two aspects. For this we use the AND operator. For example:SELECT prod_name FROM ProductsWHERE vend_id='BRS01' AND prod_price<9;This returns: It returned only the name of the products that are from vendor BRS01 and that are priced under $9.00.___________________________________ ________________CHECKING FOR ONE OF MULTIPLE CONDITIONSNow if we wanted to retrieve items that match one of various conditions, we would use the OR operator, like this:SELECT * FROM OrderItemsWHERE quantity>50 OR item_price>10;Here's what you get: You can also use both AND and OR together. The AND will get processed first, and the OR second, so to use the OR first use parentheses, as shown below.SELECT * FROM TeethEyes WHERE child_age<6 AND child_eyes='Gray' OR child_eyes='Brown' SELECT * FROM TeethEye... More About: Basics , Clause
SQL Basics - The WHERE Clause
2008-01-29 02:22:00 The WHERE clause is used to filter through the table and extract only the rows you want.BASIC SYNTAXSELECT column FROM tableWHERE column operator valueEXPLANATIONYou already know what SELECT and FROM is, the new part is:WHERE column operator valueWhat WHERE does is tell the SELECT Statement to only select the entries from the table that match a certain criteria. Let's give an example and then we'll explain it a bit more. Using our database we'll issue the following commandSELECT prod_id, prod_name FROM ProductsWHERE vend_id='BRS01';The output is shown below: What'd we do? We selected the product ID and product name of the products whose vendor code is BRS01.So WHERE column operator value means we write WHERE, the name of the column to check or 'vend_id', the operator which in our case was '=', and the value which was BRS01.This is a list of the basic operators, although we will learn other ones in the future.OperatorDescription=Equal<>N ot equal>Greater than<Les... More About: Basics , Clause
Opening Database and Sending Queries
2008-01-28 18:57:00 Here are the instructions on how to set up you're own practice range for SQL learning. I am going to write the instructions using Microsoft Access, because that is what I am using. You may want to use something else, especially if you're using Linux. There is a free Java based SQL client called Aqua Data Studio. It can be downloaded at http://www.aquafold.com/. If you go with that option, read up on their website about how to get started.If you are using Microsoft Access, then read on:You should already have the database downloaded from 2 posts ago, or find any other MS Access database online to use as a practice DB.1. Click on the .mdb file you downloaded to open MS Access and the database. It will open with a smaller window inside that look like this: Select 'Queries' from the side menu. Then click on 'New' from the top menu. In the 'New Query' popup, select 'New Design' and press OK. In the next popup, 'Show Table', press 'Close'.Go to the 'View' menu on top, and ... More About: Opening , Database , Sending
Learning the Basics of SQL - Part One - The SELECT Statement
2008-01-28 05:17:00 Let's get straight down to business.We'll start with the most often used statement:THE SELECT STATEMENT:Basic syntax:SELECT column_name(s)FROM table_name------------------------------- -------For example (using the table Products in the previous post): SELECT prod_nameFROM ProductsWill return : --------------------------------------Or we can retrieve multiple columns such as:SELECT prod_name, prod_priceFROM Productsand you'll get: --------------------------------------Or you can use wildcards and retrieve all the columns:SELECT *FROM Productsand you'll see:In SQL, spaces don't count, and Enter presses don't either. Meaning that you can type:SELECT * FROM Productsand get the same results.Next we will discuss the WHERE clause. Before that, I will post instructions on how to open the database in Microsoft Access and send it SQL queries. More About: Learning , Part , Basics , Select , The Basics
The Database On Which We'll Be Basing Our SQL Guide
2008-01-27 05:49:00 I quickly learned SQL from a book named Sams Teach Yourself SQL in 10 Minutes (3rd Edition) (Sams Teach Yourself). It's well written and simply put. If you want to get more information than I'll be putting up, and don't want to spend to much time, I would recommend this book. They based it on a database available on their website. I don't know if they only let you download if you own the book, but it's available here:www.forta.com/books/0672325675I will also post the tables below, so that if you're not going through the guide hands-on, at least you'll be able to follow the outcomes. Table named 'Customers':cust_idcust_namecust_addressc ust_citycust_statecust_zipcust_countrycus t_contactcust_email1000000001Village Toys200 Maple LaneDetroitMI44444USAJohn Smithsales@villagetoys.com1000000002Kids Place333 South Lake DriveColumbusOH43333USAMichelle Green 1000000003Fun4All1 Sunny PlaceMuncieIN42222USAJim Jonesjjones@fun4all.com1000000004Fun4All8 29 Riverside DrivePhoenixAZ88888USADe... More About: Database , Guide
An Introduction to SQL itself
2008-01-25 07:51:00 Before we really start with SQL Injection, I think it is imperative that we first understand the SQL syntax on a basic level. I just finished reading a book from SAMS titled "SQL in 10 Minutes ". I must admit it took me quite a bit longer than 10 minutes, but it was definitely manageable. I skimmed through a big chunk and just got the needed information, which I will share with you. It will take More About: Introduction
TheNewbieHacker.com is up and running
2008-01-24 01:53:00 I finally had a chance to register and setup a new name. It's thenewbiehacker.com . It it just a link that takes you to the blog. Hopefully, it's a little easier to remember than the old n00bhacker.blogspot.com. Enjoy. P.S. I am in the middle of reading a book on SQL so that I can understand and explain everything needed to know for SQL injection. Hopefully, by Sunday I'll be starting to post More About: Running
Sorry for being a little slow
2008-01-23 16:33:00 If you're anything like me, once you start learning something you can't get enough and don't have patience to wait for more. I understand and I apologize. First of all, for all those who commented that they want a writeup on WAP hacking, I'll post it after I finish with SQL injecting. I am reading a whole bunch of different sources to try to get the simples and most accurate information regarding More About: Slow
Starting out with SQL injection
2008-01-21 16:07:00 Let's jump right in. There are many different types of SQL injections. We'll begin with the simplest form. A majority of websites have some form of login interface. You must log in to either see your account, get administrative priveleges, get user priveleges, and so on. You have a user name and password that you use to log in. How does it work. Somewhere in the behind the scenes of the website More About: Injection , Starting Out
What is SQL Injection
2008-01-20 21:54:00 For that matter, what is SQL. SQL stands for Structured Query Language. A majority of websites offer more than just pages of data. They offer products, articles, or any other data stored in a database. A database, as we know is a collection of tables containing data sorted into columns and rows. When you select a specific product you would like to see, we must find that product in the database More About: Injection
Putting SQL Injection on hold
2008-01-20 04:49:00 I previously wrote that the next topic will be SQL injection. I am short on time these next few weeks and I realized that to make a quality article will take a lot of reading and trial and error. Therefore, I am putting that topic on hold and would appreciate some feedback on other topics of interest. One person asked for WPA cracking. Maybe I'll do that next. I am going to wait a day or two to More About: Putting , Hold , Injection
Injection with MAC filtering on
2008-01-17 16:17:00 There are many reasons that attack 1 won't work. One reason could be that you're not close enough to the AP. Moving your network card or laptop a couple of inches in different directions may help. It's amazing what a little turn can do. There is another thing that can cause it to fail. MAC filtering may be turned on on the AP. What this means is that the AP only let's associations with MAC More About: Injection
SQL injection coming up
2008-01-15 16:13:00 Due to the lack of responses regarding what I should explore next, we'll have to do what has peaked my interest these days. I have a great interest in SQL injection. It amazes me how simple it seems. It may take me a few days to fully research and perfect it, but I promise the same step-by-step, in depth exploration of the subject. Until then, I did promise some additional info on WEP hacking if More About: Injection
The final step - Aircrack
More articles from this author:2008-01-14 17:01:00 Now for the finale. We should have at least a few thousand IVs captured. We can start the aircrack program, and see if we have enough. If not, aircrack will wait for more IVs to be captured and try again. So let's get it started. It's pretty simple. Open a fourth Konsole shell. At the prompt, Type : aircrack-ng *.ivs That's it. That was easy. *.ivs means aircrack should open all files (in the More About: Final , Step 1, 2 |
|
 |
|
 |
