How to Create a Bootable Windows 7

How to Create a Bootable Windows 7 

# Run Command Prompt as an administrator. To open a command prompt, go to the Start menu and search for CMD. Right-click on it and select Run as Administrator to use it with admin rights.

# Using the Diskpart utility find the drive number of your flash drive. To do so, type in the following command in the command prompt: DISKPART

• Running DISKPART will display the version of DISKPART you are running and the name of your PC.
• Type “list disk” to see a display of all your connected disk drives. Make a note of the number assigned to your Flash drive.

# Format the drive. Execute the following list of commands one-by-one. Make sure you replace Disk 1 with the proper Disk number from DISKPART.

> list disk 

> select disk 1
> clean
> create partition primary
> select partition 1
> active
> format fs=NTFS QUICK
> assign
> exit







# Make the flash drive bootable. Use the bootsect utility that is shipped with Windows 7/Vista. To do so:

• Insert the Windows 7/Vista DVD and note down the drive letter of the DVD drive. For this guide, the DVD drive is D: and the USB drive is G:.
• Navigate to the directory where bootsect is found.
  
  D:
cd d:\boot
• Use the bootsect to make the USB Drive bootable. This updates the drive with BOOTMGR compatible code and prepares it to boot Windows 7/Vista.
  
  BOOTSECT.EXE/NT60 G:
• Close the Command Prompt windows.

# Last step : go to the file where windows file exist and copy all the files to USB drive 

تابع القراءة ←

Column Truncation SQL Injection Vulnerability

Introduction

Some time back I was in NotSoSecure CTF competition, challenge was to use SQL injection(any kind) for obtaining 2 flags, to capture one flag, users were required to register as an admin. The application was vulnerable to column truncation sql injection vulnerability. column truncation sql injection vulnerability is a very interesting vulnerability, its actually a buffer overflow vulnerability, O yeah you heard me. You might think I have gone insane, because usually buffer overflow is related to system exploitation.Part of it is true, but this vulnerability is on Web applications, and amazingly was found on a most popular blogging platform WordPress.

Column truncation sql injection vulnerability description

This vulnerability arises when application’s structural logic mismatches with the database structural logic. When Database applies an input length limit and application allows input length to be of any size, this results in truncation of strings longer then the limit upon insertion into the database.Truncating strings longer then the limit allowed in the database is default behaviour, though it will emit a warning, but that warning won’t have any impact. So how is it a security vulnerability?

Lets take an example.

On a website , Users are allowed to register with any username (other then the ones that are already taken)

Application has no limit on the length of username

Database column username length limit is 20 Chars.

Mysql is in Default configuration

Explaination

Now if a user tries to register as “admin”, it won’t be registered because “admin” is already taken. What if the user tries to register with “admin “. It won’t get registered because trailing spaces after “n” will be ignored due to relaxation in string comparisons, however if MySQL does binary comparisons of strings, things would have been different because it will compare the strings byte by byte which makes heading or trailing spaces significant, but by default and in most cases, binary collation is not used.Binary collation(Collation defines a set to rules in MySQL for comparisons) should be used specially to get accurate results or case sensitive, cross language chars/strings comparisons. Some applications like in case of WordPress column truncation sql injection vulnerability , it used Trim() function on user login which removes leading and trailing spaces.

Now what if a user tries to register with this name “admin               x” , total chars 21, but the column limit is 20, so the last “x” will get truncated, then the spaces will get removed, so “admin” will be inserted into the database along with the password the user will provide during registration. Hence gaining the admin’s privileges.

Indeed a very interesting vulnerability 

تابع القراءة ←

Configure your Gmail in Outlook

Configure your G-mail in Outlook

1. Login  to your gmail and got to settings.
2. Under 'Forwarding and POP/IMAP', enable both POP3 and IMAP.
3. Now open your Outlook.
4. Add new account and put all the required information.
5. Put your incoming mail server as pop.gmail.com
6. Put your outgoing mail server as smtp.gmail.com
7. Click on the 'More Settings' as you need to enable few things.
8. At the 'Outgoing Server' tab, tick on "My outgoing server" and "use the same settings as my incoming mail server"
9. Then go to 'Advance' tab, Put the incoming server port as 995 and outgoing server as 465 with SSL connection. 
10. Save and try your connection. It should works! :)

تابع القراءة ←