Hacking For Beginners – Manthan Desai

2010

Now this will step up one directory (to directory E ) and look for 'etc' but again it will return nothing Now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../etc/passwd

Now this will step up two directories (to directory D) and look for 'etc' but again it will return nothing.So by proceeding like this, we go for this URL

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../../../../../etc/passwd

It takes us 5 directories up to the main drive and then to 'etc' directory and show us contents of 'passwd' file.To understand the contents of 'passwd' file, visit

http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

You can also view etc/profile; etc/services and many others files like backup files which may contain sensitive data. Somefiles like etc/shadow may not be accessible because they are accessible only by privileged users.

If proc/self/environ would be accessible; you might upload a shell on server which is called as Local File Inclusion.

Database Servers

• The Database server is a key component in a client/server environment. Specially the Websites which have a User LoginArchitecture.• Database Server holds the Database Management System (DBMS) and the Data Records. Upon requests from the clientmachines, it searches the database for selected records and passes them back over the network.• Software to setup a Database Server:– Oracle– SQL Server– MySql

www.hackingtech.co.tv

Page 57