Python Tutorial - Part 2


Python Tutorials



Part 2
After installation of Python software on windows machine in previous tutorial, lets proceed with some simple Numericals and expressions, Modulus functions and exponents. We will see how to perform these in python easily. Hope you learn something.

Python Tutorial - Part 1


Python Tutorials



Part 1
Python is a programming language that is freely available and that makes solving a computer problem almost as easy as writing out one's thoughts. In this Tutorial , we will see how to download a Python software to windows machine and install it. After installation, an IDL interface will open, where you can write python codes to get the output.
Thats so simple, s stay tuned for next video on python

Advanced Encryption Standard (AES) Explained {Part 1}



AES (Advanced Encryption Standard), which is the best unbreakable encryption algorithm. Most widely used encryption standard.
We gonna learn AES complete from beginning.

Part 1: The birth of AES algorithm

introsadaes act 1 scene 03 cinderellaaes act 1 scene 04 startedaes act 1 scene 05 judgeaes act 1 scene 06 nbs decreeaes act 1 scene 07 luciferaes act 1 scene 08 anoint desaes act 1 scene 09 des ruledaes act 1 scene 10 des defeatedaes act 1 scene 11 triple desaes act 1 scene 12 nist decreeaes act 1 scene 13 ralliedaes act 1 scene 14 rijndaelaes act 1 scene 15 voteaes act 1 scene 16 wonaes act 1 scene 17 intelaes act 1 scene 18 crypto question


Hope you enjoyed learning the AES history. We are yet remaining with further Parts with the actual working behind the AES algorithm. Stay back and awaited for next part , till then tada. :)

Credits : Jeff moser

National Security Agency (NSA) Torn Apart {Infographics}


ABOUT NSA

Whether you like or not , your Internet activities and other telecommunication systems are being monitored every time you being online or use. Who are those spying me ??
Yes exactly, its National Security Agency (NSA) whose behind this privacy theft.
The NSA is an US intelligence agency responsible for monitoring, collection, decoding and analysis of data and information for foreign intelligence. NSA has been tied up with large gaints like Google, Microsoft, IBM, Verizon and Sprint.

NSA Infographic


Edward Snowden, an analyst/hacker worked with NSA (earning $200k/year) exposed the secrets of NSA privacy leak of 1.7 billion documents and phone calls. 
He changed the world thinking minds regarding Privacy. 
Here's the few leaks where NSA spies on us.




Hope you liked it. We will come with more on NSA on further posts. Stay tunned and please do like and share the post

A Short History on Hacking {INFOGRAPHIC}



The word 'HACKING' itself had came in existance a long time before. It was coined by John Nash  and famous mathematician. View the Whole Infographic on Hacking



Hope you loved the infomation and please do share and help us.

Top 7 PHP Security Vulnerabilities



Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential funk, being proactive to prevent the problem. PHP has some major vulnerabilities which can be xploited and even prevented too. So lets start ..
SQL Injection
Number one on the hit list is the SQL injection attack. In this case, someone enters an SQL fragment (the classic example is a drop database statement, although there are many possibilities that don’t include deletions which could be just as destructive) as a value in your URL or web form. Never mind now how he knows what your table names are; that’s another problem entirely. You are dealing with an insidious and resourceful foe.
So, what can you do to avoid this? First and foremost you need to be suspicious of any input you accept from a user. Believe everyone is nice? Just look at your spouse’s family… they’re weird and freaky, some dangerously so.
The way to prevent this sort of thing is to use PDO Prepared Statements. I don’t want to go through a full discussion of PDO now. Suffice to say prepared statements separate the data from the instructions. In doing so, it prevents data from being treated as anything other than data.  
Must Read: So more details, read this Preventing Sql injection through prepared statements

XSS (Cross Site Scripting)

Curse the black hearts who thrive on this type of deception. Parents, talk to you children today lest they become evil XSS’ers!
The essence of any XSS attack is the injection of code (usually JavaScript code but it can be any client-side code) into the output of your PHP script. This attack is possible when you display input that was sent to you, such as you would do with a forum posting for example. The attacker may post JavaScript code in his message that does unspeakable things to your site. Please don’t make me go into detail; my heart weeps at what these brigands are capable of.
For more information and how to protect yourself, I suggest reading these fine articles on PHPMaster:

Source Code Revelation

This one has to do with people being able to see the names and content of files they shouldn’t in the event of a breakdown in Apache’s configuration. Yeah, I dig it, this is unlikely to happen, but it could and it’s fairly easy to protect yourselves, so why not?
We all know that PHP is server side – you can’t just do a view source to see a script’s code. But if something happens to Apache and all of a sudden your scripts are served as plain text, people see source code they were never meant to see. Some of that code might list accessible configuration files or have sensitive information like database credentials.
The solution centers around how you set up the directory structure for your application. That is, it isn’t so much a problem that bad people can see some code, it’s what code they can see if sensitive files are kept in a public directory. Keep important files out of the publicly-accessible directory to avoid the consequences of this blunder.

Remote File Inclusion

Hang on while I try to explain this: remote file inclusion is when remote files get included in your application. Pretty deep, eh? But why is this a problem? Because the remote file is untrusted. It could have been maliciously modified to contain code you don’t want running in your application.
Suppose you have a situation where your site at www.myplace.com includes the library www.goodpeople.com/script.php. One night, www.goodpeople.com is compromised and the contents of the file is replaced with evil code that will trash your application. Then someone visits your site, you pull in the updated code, and Bam! So how do you stop it?
Fortunately, fixing this is relatively simple. All you have to do is go to your php.ini and check the settings on these flags.
  • allow_url_fopen – indicates whether external files can be included. The default is to set this to ‘on’ but you want to turn this off.
  • allow_url_include – indicates whether the include()require()include_once(), and require_once() functions can reference remote files. The default sets this off, and setting allow_url_fopenoff forces this off too.

Session Hijacking

Session hijacking is when a ne’er-do-well steals and use someone else’s session ID, which is something like a key to a safe deposit box. When a session is set up between a client and a web server, PHP will store the session ID in a cookie on the client side probably called PHPSESSID. Sending the ID with the page request gives you access to the session info persisted on the server (which populates the super global $_SESSION array).
If someone steals a session key, is that bad? And the answer is: if you aren’t doing anything important in that session then the answer is no. But if you are using that session to authenticate a user, then it would allow some vile person to sign on and get into things. This is particularly bad if the user is important and has a lot of authority.
So how do people steal these session IDs and what can decent, God-fearing folk like us do about it?
Session IDs are commonly stolen via a XSS attack, so preventing those is a good thing that yields double benefits. It’s also important to change the session ID as often as is practical. This reduces your theft window. From within PHP you can run the session_regenerate_id() function to change the session ID and notify the client.
For those using PHP5.2 and above (you are, aren’t you?), there is a php.ini setting that will prevent JavaScript from being given access to the session id (session.cookie.httponly). Or, you can use the functionsession_set_cookie_parms().
Session IDs can also be vulnerable server-side if you’re using shared hosting services which store session information in globally accessible directories, like /tmp. You can block the problem simply by storing your session ID in a spot that only your scripts can access, either on disk or in a database.

Cross Site Request Forgery

Cross Site Request Forgery (CSRF), also known as the Brett Maverick, or Shawn Spencer, Gambit, involves tricking a rather unwitting user into issuing a request that is, shall we say, not in his best interest. But rather than me going on and on about CSRF attacks, refer to an outstanding example of just what kind of content we have here on PHPMaster: Preventing Cross-Site Request Forgeries by Martin Psinas.

Directory Traversal

This attack, like so many of the others, looks for for a site where the security is not all that it should be, and when if finds one, it causes files to be accessed that the owner did not plan to make publicly accessible. It’s also known as the ../ (dot, dot, slash) attack, the climbing attack, and the backtracking attack.
There are a few ways to protect against this attack. The first is to wish really, really hard that it won’t happen to you. Sometimes wishing on fairies and unicorns will help. Sometimes it doesn’t. The second is to define what pages can be returned for a given request using whitelisting. Another option is to convert file paths to absolute paths and make sure they’re referencing files in allowed directories.
These are Top 7 Vulnerabilities in PHP. Please do like and share this post and do join our facebook page AnonHackSociety

How to Store Database records in an Multidimentional Array in PHP


About Array in PHP

Like any other programming languages or  web languages, array plays an important role in storing many data.
Storing single array elements in PHP in as any normal languages.
Syntax : array () ;
But to store many array within an array, there are Multidimensional Arrays. PHP have the Array of Array concept. 
Syntax: array (array());

Array in Arrays in PHP to store database values.

Well this post seems to be simple. Yes , i had an issue with storing the values in multidimensional arrays, but there haven't been any proper post till yet, of actual way of storing and dynamic looping used for storing data.

So lets start,
I want to store watches database values. For each watch there are 5 parameters (coloumns).

First I will extract the data from database using select query
$res = mysql_query("select * from watches ") or die(mysql_error());

Next, we should initialize array of array for storing data
$wat = array(array());

Now, below is the simple snippet to dynamically store values in that $wat array.

$i=0;
while($row = mysql_fetch_array($res))
{
$j=0;
  $wat[$i][$j++] = $row['brand'];
  $wat[$i][$j++] = $row['modelname'];
  $wat[$i][$j++] = $row['price'];
  $wat[$i][$j++] = $row['gender'];
  $wat[$i][$j++] = $row['movement'];
  $i++;
}

Now if we want to display all the contents of data in that array, we can do something like this.

for($i=0 ; $i<$rows ; $i++)
      for($j=0 ; $j< $columns; $j++)
      {
        echo $wat[$i][$j]."<br>";
      }
}

So we had store and displayed the data from the database successfully.
If you liked the post, do share and like us at AnonHackSociety