Comments on: Protect your phpMyAdmin folder, or … http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html WordPress, JavaScript, Android and some random stuff Fri, 30 Jul 2010 13:51:32 +0530 http://wordpress.org/?v=2.9.1 hourly 1 By: infySEC Staff http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-585975 infySEC Staff Wed, 26 May 2010 22:42:48 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-585975 Hi Mayur. Check out our new upcoming hackEDGE 2010 - 2 Days Ethical Hacking Hands-On Practical Workshop program in Chennai, TamilNadu. http://www.infysec.com/events/hackedge/ Thanks! Hi Mayur. Check out our new upcoming hackEDGE 2010 – 2 Days Ethical Hacking Hands-On Practical Workshop program in Chennai, TamilNadu.
http://www.infysec.com/events/hackedge/

Thanks!

]]> By: Mayur http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-585405 Mayur Fri, 21 May 2010 08:13:04 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-585405 This is very interesting, i never knew there are such practical events based on hacking, it must be great. Hacking seem to be a good field. This is very interesting, i never knew there are such practical events based on hacking, it must be great. Hacking seem to be a good field.

]]> By: Sudar http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-545040 Sudar Thu, 13 Aug 2009 03:53:23 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-545040 @Vino, Sure :) Send you an email with my details. @Vino,

Sure :)

Send you an email with my details.

]]> By: Sudar http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-545039 Sudar Thu, 13 Aug 2009 03:52:35 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-545039 @InfySEC Staff, Thanks for the event. Yes the *lesson* learned was priceless :) Will send a mail to you guys with my feedback. BTW is it possible to get copies of the presentation which were made during the event? @InfySEC Staff,

Thanks for the event. Yes the *lesson* learned was priceless :)

Will send a mail to you guys with my feedback. BTW is it possible to get copies of the presentation which were made during the event?

]]> By: Vino http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544899 Vino Wed, 12 Aug 2009 22:27:01 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544899 can i hv ur chat id sudarmuthu.thanks vino can i hv ur chat id sudarmuthu.thanks
vino

]]> By: InfySEC staff http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544804 InfySEC staff Wed, 12 Aug 2009 17:10:47 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544804 Great hack. Congratulations on *hacking* all the flags! You have learned the priceless lesson. Let me go into a big more details of your hack, as it highlights the importance of fingerprinting: when performing a formal pentesting, it is crucial to have a clear picture of the entire site, including installed applications, location, version etc. Take phpMyAdmin for example, it is a very good bet to look for phpMyAdmin to break into the site when you are conducting a small-medium sized website. However, you need to figure out its path, there are couple ways for doing it: google hack, guess - base upon experience or learned information, bruteforce, learn it from page sources etc. (Note: the path is case sensitive on Linux, on phpmyadmin != phpMyAdmin) Once you figured out the path, then you will need to break into the it, by either applying known vulnerabilities (base upon its version), or attack its weak configuration. And hey, don't forget phpMyAdmin (as well other open source apps) are open source, which means you own their source code, so?....you know what I meant :) Again, thanks for attending hackintosh and I wished you enjoyed the presentations & ctf. It would be great if you can send me some feedback of how you thought about the event and what can be improved. Thanks! Great hack. Congratulations on *hacking* all the flags! You have learned the priceless lesson.

Let me go into a big more details of your hack, as it highlights the importance of fingerprinting: when performing a formal pentesting, it is crucial to have a clear picture of the entire site, including installed applications, location, version etc.

Take phpMyAdmin for example, it is a very good bet to look for phpMyAdmin to break into the site when you are conducting a small-medium sized website. However, you need to figure out its path, there are couple ways for doing it: google hack, guess – base upon experience or learned information, bruteforce, learn it from page sources etc. (Note: the path is case sensitive on Linux, on phpmyadmin != phpMyAdmin) Once you figured out the path, then you will need to break into the it, by either applying known vulnerabilities (base upon its version), or attack its weak configuration. And hey, don’t forget phpMyAdmin (as well other open source apps) are open source, which means you own their source code, so?….you know what I meant :)

Again, thanks for attending hackintosh and I wished you enjoyed the presentations & ctf. It would be great if you can send me some feedback of how you thought about the event and what can be improved.

Thanks!

]]> By: sudarmuthu (Sudar) http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544738 sudarmuthu (Sudar) Wed, 12 Aug 2009 09:21:23 +0000 http://sudarmuthu.com/blog/2009/08/12/protect-your-phpmyadmin-folder-or.html#comment-544738 Protect your phpMyAdmin folder, otherwise you are asking for trouble. http://bit.ly/1QLxoa Protect your phpMyAdmin folder, otherwise you are asking for trouble. http://bit.ly/1QLxoa

]]>