Wednesday, 12 November 2014

With more than $1 billion per quarter in advertising revenue and 1.2 billion monthly active users, few realize that Facebook is more than just a social networking site – it’s a shrewdly run corporation, worth more than $100 billion.
The Numbers Speak For Themselves
Skillfully targeting ads based on personal information users share, the site knows what it’s doing.
Annual revenue by year
2008 2009 2010 2011 2012 2013
$272M $777M $1.97B $3.71B $5.09B $7.8B
82%
Proportion of first-quarter 2012 revenue from advertising
$872 million
Facebook’s first-quarter 2012 advertising sales
The rest of its millions is due in large part to its virtual games.
$186 million
First quarter 2012 payments generated from non-advertising revenue, such as selling credits for games like FarmVille

The Biggest Spenders

Here’s a look at some of the biggest advertisers who’ve invested big money in Facebook — and how they utilize the site:
FORD
This vehicle giant believes that when someone “likes” you on Facebook, they’re more likely to advocate the brand.
HSBC 
This bank has a large Facebook footprint in Asia and Europe.
ANHEUSER-BUSCH INBEV 
In 2010, Budweiser offered a free beer to people turning 22.
MCDONALD’S
Has more than 30 million likes and was the first location-based check-in marketer in 2010.
VISA 
Spent big on the summer Olympics in 2012.
NIKE 
Known to break campaigns on Facebook before they appear on TV.
JPMORGAN CHASE 
This bank has more fans than its rivals.
STARBUCKS 
Starbucks saw a 38% lift from users who saw Starbucks appear in their feed.
DISNEY 
Utilizes the network for its online games and its more than 46 million fans.
DELL 
Utilized a Facebook app to help advertise its promotion of Lollapalooza. It has made more than $9 million in advertising through social media.
SAMSUNG 
Was the first company to buy Facebook’s logout page to advertise its new Galaxy S III phone.
NESTLE 
With over 5 million likes, its head of marketing and consumer communications is on Facebook’s client council.
UNILEVER 
Utilizes its partnership with Facebook to provide clean drinking water to communities in need.
VERIZON 
Offers fans exclusive access to TV content, such as a Green Day concert via FIOS.
GOOGLE 
Advertises its Chrome browser, which has a set of Facebook extensions downloaded 34,000 times a week
WAL-MART 
In addition to its own Facebook page, almost 4,000 of its stores have their own Facebook pages.
GROUPON 
Its contract with AdParlor is worth tens of millions, as the company uses Facebook extensively to drive email signups and sell daily deals.
AMERICAN EXPRESS 
Amex’s Facebook app “Link, Like, Love” allows cardholders to link their cards to their accounts and in return get deals from such companies as Whole Foods, Dunkin’ Donuts and Sports Authority.
AT&T 
The company has worked together with the social media giant on hackathons to help developers create apps that allow payments to be collected via AT&T’s phone bills.
ELECTRONIC ARTS 
After investing $2.75 million in advertising on just one of its games, Battlefield 3, the company saw a 440% return on its investment in sales.
ZYNGA 
Creator of popular games such as FarmVille and Zynga Poker, it spends more than $200 million in its “player acquisition costs.”

What They’re Paying For

While Facebook invites advertisers of all sizes, they’re all after the same thing: likes and shares.
The cost of Facebook ads varies but generally ranges from 5 cents to 5 dollars per click. Cost goes up based on targeting, bids and engagement.
Sidebar ads
The most common ads, these appear on the side of the site. Cost is about $1-$5 with most types of targeting.
Sponsored stories
Status updates from businesses turned into ads. Usually cost around 50 cents per click, since they get higher engagement (more likes and comments).
Promoted posts
Posts that are targeted to fans and friends of fans. Typically cost about $5 per every 1,000 people targeted.
A $1,000 budget for Facebook ads might look something like this:
Sidebar ads: 700 clicks to website – $700 ($1 per click)
Sponsored stories: 400 clicks to Facebook page – $200 ($.50 per click)
Promoted posts: 20,000 views – $100 ($5 per 1,000 views)
With more than $1 billion per quarter in advertising revenue and 1.2 billion monthly active users, few realize that Facebook is more than just a social networking site – it’s a shrewdly run corporation, worth more than $100 billion.
The Numbers Speak For Themselves
Skillfully targeting ads based on personal information users share, the site knows what it’s doing.
Annual revenue by year
2008 2009 2010 2011 2012 2013
$272M $777M $1.97B $3.71B $5.09B $7.8B
82%
Proportion of first-quarter 2012 revenue from advertising
$872 million
Facebook’s first-quarter 2012 advertising sales
The rest of its millions is due in large part to its virtual games.
$186 million
First quarter 2012 payments generated from non-advertising revenue, such as selling credits for games like FarmVille

The Biggest Spenders

Here’s a look at some of the biggest advertisers who’ve invested big money in Facebook — and how they utilize the site:
FORD
This vehicle giant believes that when someone “likes” you on Facebook, they’re more likely to advocate the brand.
HSBC 
This bank has a large Facebook footprint in Asia and Europe.
ANHEUSER-BUSCH INBEV 
In 2010, Budweiser offered a free beer to people turning 22.
MCDONALD’S
Has more than 30 million likes and was the first location-based check-in marketer in 2010.
VISA 
Spent big on the summer Olympics in 2012.
NIKE 
Known to break campaigns on Facebook before they appear on TV.
JPMORGAN CHASE 
This bank has more fans than its rivals.
STARBUCKS 
Starbucks saw a 38% lift from users who saw Starbucks appear in their feed.
DISNEY 
Utilizes the network for its online games and its more than 46 million fans.
DELL 
Utilized a Facebook app to help advertise its promotion of Lollapalooza. It has made more than $9 million in advertising through social media.
SAMSUNG 
Was the first company to buy Facebook’s logout page to advertise its new Galaxy S III phone.
NESTLE 
With over 5 million likes, its head of marketing and consumer communications is on Facebook’s client council.
UNILEVER 
Utilizes its partnership with Facebook to provide clean drinking water to communities in need.
VERIZON 
Offers fans exclusive access to TV content, such as a Green Day concert via FIOS.
GOOGLE 
Advertises its Chrome browser, which has a set of Facebook extensions downloaded 34,000 times a week
WAL-MART 
In addition to its own Facebook page, almost 4,000 of its stores have their own Facebook pages.
GROUPON 
Its contract with AdParlor is worth tens of millions, as the company uses Facebook extensively to drive email signups and sell daily deals.
AMERICAN EXPRESS 
Amex’s Facebook app “Link, Like, Love” allows cardholders to link their cards to their accounts and in return get deals from such companies as Whole Foods, Dunkin’ Donuts and Sports Authority.
AT&T 
The company has worked together with the social media giant on hackathons to help developers create apps that allow payments to be collected via AT&T’s phone bills.
ELECTRONIC ARTS 
After investing $2.75 million in advertising on just one of its games, Battlefield 3, the company saw a 440% return on its investment in sales.
ZYNGA 
Creator of popular games such as FarmVille and Zynga Poker, it spends more than $200 million in its “player acquisition costs.”

What They’re Paying For

While Facebook invites advertisers of all sizes, they’re all after the same thing: likes and shares.
The cost of Facebook ads varies but generally ranges from 5 cents to 5 dollars per click. Cost goes up based on targeting, bids and engagement.
Sidebar ads
The most common ads, these appear on the side of the site. Cost is about $1-$5 with most types of targeting.
Sponsored stories
Status updates from businesses turned into ads. Usually cost around 50 cents per click, since they get higher engagement (more likes and comments).
Promoted posts
Posts that are targeted to fans and friends of fans. Typically cost about $5 per every 1,000 people targeted.
A $1,000 budget for Facebook ads might look something like this:
Sidebar ads: 700 clicks to website – $700 ($1 per click)
Sponsored stories: 400 clicks to Facebook page – $200 ($.50 per click)
Promoted posts: 20,000 views – $100 ($5 per 1,000 views)

Wednesday, 17 September 2014

How Does Work Google Adsense?

Whether you’ve been blogging for five minutes or five years, monetizing is one of those topics that almost always comes up. Should I try to make money from blogging? Can people really make a living online? How should I try to make money from my blog?

Google AdSense is one of the most common ways to monetize, though I’ll warn you now: AdSense is NOT a get rick quick scheme. In fact, it can take a long time to make more than a few pennies. But it can also pay off big in the long run.

What is AdSense?

AdSense is a program that allows bloggers and website owners to make money by displaying Google ads. You’ve probably seen the ads all over the place, including in Google search results. Basically, Google gets the largest cut and you get a small percentage. There are two ways to make money from AdSense:

Impressions – this is based on the number of pageviews of pages or posts with ads
Clicks – this is based on how many people click on the ads (don’t EVER click your own – more on this later)
To make it as basic as possible, you sign up for an AdSense account and add the code to your blog or website. You can choose how your ads look, where they show up, and even what kind of ads you’ll accept. Once you get to a minimum threshold of $100, Google will either send you a paper check or make a direct deposit into your bank account.

Who’s Eligible?

If you use Blogger, you can use the Monetize tab to set up and manage an AdSense account.

If you use self-hosted WordPress, you can visit the AdSense website and apply for an account. You’ll receive a code that you can place wherever you’d like, or you can use a plugin to help with placement.

*If you use free WordPress, you cannot use AdSense, but you can use WordAds if you have your own custom domain. (Just another reason why self-hosted WordPress is better.)

How Much Can I Make?

As I told you before, you will not get rich quick using AdSense. It took me 9 months to make $2 (yes, two dollars) on my personal finance blog. However, I made $81 last month. That’s still pathetic compared to many blogs – some people can earn a full-time income from AdSense alone. But it takes a LONG time to get there, and you have to have a ton of traffic.

Some ads are worth more money per click than others. This is also affected by the amount of traffic you get, the keywords the person searched for, the percentage of visitors who click on a particular ad, etc. There are a LOT of factors that determine how much you’ll make, but a rule of thumb is that newer blogs simply won’t make as much money.

My personal finance blog is about 14 months old. Some days, I don’t get any ad clicks at all and I might still make 10 cents or so just from impressions. Sometimes every click is worth $2 or more. Yesterday the clicks were worth a whopping 26 cents each.

Many people get impatient when they’ve had the code up for a month or two and haven’t made more than a few pennies. If you’re looking for something that will pay TODAY, AdSense may not be for you. And to be honest, I don’t know of anything instant – if I did, you can bet I’d be using it!

How Can I Make More from AdSense?

Basically, your best bet for ad clicks is increasing your search traffic. Remember the other day when we talked about why your blog needs SEO? When people are trying to solve a problem, they usually turn to search engines like Google or Bing. If you have a post that solves that problem, using SEO will help your post rank well in search results. SEO will also help AdSense serve up relevant ads, so when people click on your blog post, the ads may answer the exact question they’re asking. Result? Ad clicks!

Here’s an example. Let’s say I write a post about the health risks of liposuction. I use SEO techniques to help Google realize what my post is about, and my post is the third one when someone searches for “liposuction risks.” AdSense also knows what my post is about, so people reading my post will see an ad that might say something like, “Safe liposuction services in New Hampshire” (or wherever).

If the person is interested in finding the safest place for liposuction, s/he is likely to click that ad. As I said before, the rate per click depends on a lot of factors, but my concern is making sure that people read MY post and not others! If they go to another blog to read about liposuction risks, they’re possibly clicking that person’s ads instead of mine.

IMPORTANT!

There are a few things you need to know about AdSense before you ever put the code on your blog.

1. Never, ever click your own ads. In case you aren’t aware, Google pretty much knows everything. And they can tell if you’re clicking your own ads. It’s very tempting to click about 50 times and make some money, but all it will do is result in being banned.

2. Never, ever encourage friends or family to click your ads. Same as above. You can and will be banned from AdSense, and don’t ever think Google won’t figure it out. I don’t know how they do it, but I have seen it happen to people I know. JUST DON’T.

3. Pay attention to your ad clicks. If you average 2 clicks a month and you suddenly get 100 in a day, chances are that something is wrong. If you’ve pissed someone off and they decide to fight back by clicking all over the place, you can get banned even though you didn’t do anything.

4. Never rely on AdSense as your sole income source. Even if you get really good at SEO and you have 100 websites making thousands of dollars each month in AdSense, you never know when something could happen to trigger Google’s no-no sensors. You can make good money with AdSense, but you should also use other monetization strategies just in case.

5. Don’t use more than 3 ad blocks on a single page. Google allows up to 3 ad blocks on a page. So if you have one in your header, one in your sidebar, and one at the end of your post, that’s the limit for that page. Also, don’t plaster ads all over the place and annoy your regular readers! There are ways to implement the ads without making your site ugly.

Thursday, 31 July 2014

Xiaomi breaks new sales records in India sold out in 5 seconds



Today the recently unveiled Xiaomi Mi 4 went on sale in China for the first time. Given its specs and low price tag, you'd expect it to do well. Maybe not this well, though.
Xiaomi is proudly announcing that it sold out its entire first batch of Mi 4 smartphones in exactly 37 seconds. That's obviously incredible performance, but the Chinese company has strangely left out the most important detail: how many units were part of this particular batch.
If that number is, say, below 10,000, then the aforementioned sales achievement is certainly less impressive.
The situation is similar in India, where today the second flash sale for the Xiaomi Mi 3 was held. This is the Mi 4's predecessor, but it's still a decent performer with nice specs, so understandably it sold like hot cakes too - since its successor is going to be China-only for a while.


The Mi 3 went out of stock at Flipkart, Xiaomi's exclusive retail partner in India, in a whopping five seconds. This is a much shorter time than the 39 minutes the company took to sell its previous batch last week. So the Mi 3 may be more and more sought-after in the subcontinent.
On the other hand, Xiaomi is staying mum on how big the batch was in this case too. And some rumors recently claimed that it only had around 10,000 units on sale last week, so maybe it was the same this time around.

Friday, 4 July 2014

                       Tools For Facebook 



FACEBOOK
                                                                                                                                                                                                                                                               
If you want to block facebook on your/victim's  computer then download and install it:

Download here

Wednesday, 11 June 2014

How to hack remote computer using IP Address

You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.
Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.
Well, both of the hacking has the same process. Let’s summarize what we must do.
  1. Confirm the website or a computer you want to hack.
  2. Find or trace their IP address.
  3. Make sure that IP address is online
  4. Scan for open ports
  5. Check for venerable ports
  6. access through the port
  7. Brute-force username and password
Now let me describe in brief in merely basic steps that a child can understand it.
First, getting the IP address of victim.
To get the IP address of the victim website, ping for it in command prompt.
For example,
ping www.google.com
will fetch the IP address of Google.com
This is how we can get the IP address of the victims website.
How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.
One of the widely used method to detect IP address of your friend is by chatting with him.
You might find this article helpful
Now you got the IP address right? Is it online?
To know the online status just ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner to scan all open and venerable ports.
Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port]
c How to hack remote computer using IP Address
You’ll be asked to input login information.
d How to hack remote computer using IP Address
If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one.
In this way you’ll able to hack remove computer using only IP address:

Tuesday, 10 June 2014

GOT FIRST PAYMENT OF 50 EUROS FROM MARKETGLORY BY PLAYING GAME FREE

Hello friends, this is to inform all Hackingloops users that Marketglory has passed the payment test. Today i got my first payment of 50 Euros from marketglory, so they really pay. So friends its safe to join marketglory, your time will not be wasted. Marketglory is an strategic game very similar to mafia wars which allows you to convert all virtual money into real money and you can cash out that when you reach minimum withdrawal amount i.e. 20 Euros. Earning is little slow at start but once you get rhythm then its an perfect money making opportunity. So why you guys still waiting join market glory now and earn real money for playing game for which you previously get nothing but marketglory pays for it. Join Now by clicking image below


Click here to Join
Click to Join Now
  
Tips to earn fast in Market Glory:

There are too many things to do in market glory game, but i will first explain the start up things fast so that you can earn and upgrade fast.
There are 4 basic things in game :
1. Energy
2. Experience
3. Knowledge
4. Productivity : Its mean of above three.

1. Referral Fights : After registering in marketglory, you can see fight option in menu there first one is Referral fights. In one day you can fight 10 times, you will get fight bonus of everytime based on your energy. If you regularly fight 10 times you will be some amount depending upon your energy.
Energy can be increased by Consuming milk, food, coffee, wine, cheese, buying clothes, buying house. But remember for first two days no need to buy anything from market.  On third day when you have some balance buy high quality milk from local market because it costs lowest and gives 5 Energy points. So from third day first consume milk and then fight for next one week but note milk can only be purchased once in 24 hours. This will boost your funds a bit, then you can focus on clothes, clothes give energy for 10 days.

2. Work Daily : Work is important task and you can work once in 24 hours and will get paid according to your productivity. If you work 3 days consecutively without miss then you will get work bonus on third day which is 10 times normal daily wage. So if you get wage of 1 then you will get work bonus of 10 on third day. So continuity is the key in work field.

3. Markets : There are two types of markets in marketglory, one is local market and other is global market. In local market you can buy products in local currency and in global market you can buy things in gold. 10 Currency is equal to 1 Gold and 5 Gold is equal to 1 Euro. Average keeps fluctuating around it.

Initial days tasks to do (maintain the order to gain maximum profits):
Day 1: Nothing, 10 referral fights, work
Day 2: Nothing, 10 referral fights, work
Day 3: Buy High Quality Milk, 10 Referral fights, work ( will get work bonus)
Day 4: HQ Milk, 10 referral fights, work
Day 5: HQ Milk, 10 referral fights, work
Day 6: HQ Milk, work, 10 referral fights, Work bonus based on productivity, first work then fight because you will get 10 times approx work bonus.
Day 7: HQ Milk, One HQ Food ( please set according to food timings as its served 4 times in a day), so you will have 11 energy now, 10 referral fights, work. Now do this regularly, but always check the food consumption timing and milk consuming both should be close to each other. 10 fights will give you atleast 10 local currency. Now for this day repeat the day 7 for as long as you want. Then you can buy clothes and houses to keep constant energy above 25. Means near 2.5 Local currency per fight.

Note: Don't use financial market for currency exchange too frequent because tax is deducted for using it. Convert once a week is a good option. First week you will have near 10-15 Local Currency but by next week it will be near 20+ and then constantly increase.

Join Market Glory now :

http://www.marketglory.com/strategygame/Abhishek12



We all know there are shortcuts to everything, if you want to earn fast invest some Euros in your account and spend them wisely like open companies in countries like Phillipines, turkey etc, upgrade you area rank to get regular euro bonus. Arena is important to earn fast. Daily arena bonus is provided depending upon your arena rank but for arena there are 3 basic requirements i.e. one attack weapon, one defense weapon and 5 Energy points. This should be present in your account at time of 12:00 server time to get arena bonus.

If you have any queries ask me in form of comments. Have fun and earn money.

Friday, 6 June 2014

Hello Guys welcome back , Today I am going to share with you all "How to verify the Paypal Account Without having Credit Card or Debit Card" . This is the General Problem, So we are discussing that.Most of us Think that its Pity Difficult to verify Paypal Account without Credit or Debit Card but believe me Guys its Easy like 123... in a Go...So Read On...


For Verifying Paypal Account you will need two Things:
1. A Paypal Account (lol its Obvious).
2. A Bank Account (that you will attach with paypal to verify ur Account).



VERIFY YOUR PAYPAL ACCOUNT:
Follow the Below Simple Steps to Verify your Paypal Account and Enjoy the Full Features of Paypal Without Restrictions:

Step1 : Login to your PayPal account then Open “my account Tab”. Go to “Profile” then click “Add/edit Bank Account”.  Add and then complete all the needed information.




Step2: PayPal will email you a notification on how to confirm your bank accountand get verified. PayPal will make two small deposits to your bank accounton a specific date.

Step3: Check your bank account and note the exact amounts of those deposits.


Step4: Log in to your PayPal account and click Confirm bank account on the Account Overview page. Enter the two deposit amounts to get verified.



That's all the Process to Verify the Paypal Account. So Enjoy Guys.
If you have Any Query Ask in Form Of Comments :)
Premium cookies are those cookies which provides us authorization or rights to access the premium account without actually having or Owning it. Cookies are basically strings that have the information of the session for a particular user and the website path. By using the premium cookies, we can get the access of the premium account access and thus we can download as much as we want from those file hosting websites like Hotfile, Fileserve, Filesonic, Rapidshare, Megaupload etc..


How to use premium accounts cookie for Hotfile, Fileserve, Filesonic, Rapidshare

Below i have shared how to use premium cookies for different websites and get the access of premium account to download unlimited from paid file hosting websites.
  
First of all you need to install Cookie Editor:
1. Install the latest version of Firefox
2. Go to this link -- https://addons.mozilla.org/en-US/firefox/addon/13793/
and install add and edit cookies and restart Firefox.


HOTFILE Instructions:


1. Sign up a new Free account on http://hotfile.com
2. Sign in with your hotfile free account.
3. From the Firefox menu, click to Tools then select Cookie Editor.
4. Now in filter bar search for hotfile
5. The cookie name is AUTH ( you need to sign-in first to hotfile before you can see the cookie auth ) .
6. Now copy the Premium Cookie to the content bar. Click on save.
7. Copy/Paste the link that you want to download to Firefox.


FILESERVE OR FILESONIC Instructions:

1. Open www.fileserve.com
2. Now on firefox click tools>cookie editor
3. Now in the top of cookie editor you will see a filter bar
4. Now in filter bar search fileserve
5. The cookie name is PHPSESSID
6. Now copy the Premium Cookie to the content bar. Click on save.
7. Copy/Paste the link that you want to download to Firefox.


RAPIDSHARE Instructions:

1. Sign in with your Rapidshare free account.
2. From the Firefox menu, click to Tools then select Cookie Editor.
3. Now in filter bar search for Rapidshare
4. The cookie name is ENC ( you need to sign-in first to rapidshare before you can see the cookie enc ) .
5. Now copy the Premium Cookie to the content bar. Click on save.
6. Copy/Paste the link that you want to download to Firefox.


MEGAUPLOAD Instructions:

1. Sign in with your megaupload free account.
2. From the Firefox menu, click to Tools then select Cookie Editor.
3. Now in filter bar search for megaupload
4. The cookie name is USER ( you need to sign-in first to Megaupload before you can see the cookie user ) .
5. Now copy the Premium Cookie to the content bar. Click on save.
6. Copy/Paste the link that you want to download to Firefox.


Thursday, 5 June 2014

HOW TO HACK DATABASE ONLINE TUTORIAL PART 1 - BASICS OF DATABASE HACKING

Posted By: Abhishek Anand


Hello friends, welcome to worlds one of the best Ethical Hacking Teaching websites online. Today we will learn basics of Database Hacking, how to hack database online. In this tutorial we will learn what should we know prior to begin database hacking like what is database? Different types of Databases? What is Query? What all things we must know before starting to hack a Database? Most of us have heard things daily in the news that some website is Hacked? 1000's of customers crucial information is leaked. Millions of credit card information stolen by some Hacking Group. What is that? Well that is nothing just Hackers have owned the Database of the Company or website. In layman terms, Database is the heart of any Website. Like our heart pumps in blood in our veins similarly Queries flow though the database to and fro on all requests. Similarly like heart, if we own the database that means we have captured everything because its the database where everything small piece of information is stored. So Hackers only rule should be forget the rest OWN the database.  Lets learn what all things hacker should know or have before hacking any database online.




What Is a Database?

A database is a system of software to store and retrieve information in a structured format. Early databases were flat files, kind of like a big Excel file. As databases got bigger and bigger, this simple structure proved inefficient.

As a result, a scientist at IBM, Dr. Codd, developed a structure that came to be known as the relational database model. It is this model that about 97% of all databases now use, and this includes all the major software companies.

The basics of the relational model is that data should be placed in separate tables with unique keys that link the tables to avoid data duplication and to ease the retrieval of this data.

The Structure of a Database

This relational database model links data from separate tables by using a shared column or "key". The diagram below is of a simple relational database model where all the tables are linked by the column "ID". Structure sample is shown below:



Major Vendors in the Database Market

The enterprise database market has multiple vendors offering products that can accomplish the same task, but in different ways. The major players in this market are:

Oracle : They are the behemoth in this market with nearly 50% market share. They own multiple different database software products, including their namesake and MySQL.

Microsoft SQL Server : Microsoft entered this market in the early '90s by teaming up with Sybase to develop an enterprise database offering. As a result, MS SQL Server and Sybase still share many similarities. Originally, Microsoft was only a player in the small business market, but is slowly gaining traction in the larger enterprise market.

MySQL : This is an open-source database that you will find behind so many web sites, in part, because it's free.

IBM DB2 : IBM was the original enterprise database provider and made many the major developments in database design, but like everything about IBM, it has been in decline in recent decades.

Other major vendors include Sybase, SAS, PostgreSQL (open source), and many others. Generally, like any hack, we need to do good recon to determine the software and version to be successful as most of the database hacks are vendor specific.

Structured Query Language (SQL)

When IBM developed the early databases, they also developed a programming language for managing and manipulation this data. They called it "Structured Query Language" or as it is generally known, SQL.

This is a simple language that uses English words in similar ways that humans who speak English use them. For instance...

SELECT means "select some data from columns in a table"
FROM means "get the data from this table"
WHERE means select the data that meets this condition (lastname = 'Singh').

Furthermore, words such as UPDATE, INSERT, and DROP mean in SQL exactly what you would expect them to mean.

SQL is not picky about syntax, but it is picky about logic. Although best practice is to CAPITALIZE all keywords (SELECT, FROM, WHERE), it's not required. In addition, white space is ignored. All but Microsoft, though, require that a SQL statement to end in a semicolon (;). On Microsoft products, it's optional.

SQL is standardized by ANSI, but this standardization only includes about 80% of the language or the core of SQL. Software publishers are free to add additional commands and features that are not part of the standard. This can sometimes make it difficult to transport SQL code between DBMS. It also makes it critical to do good reconnaissance on the database to know the manufacturer and the version before attacking as the attacks are often specific to the manufacturer and the version.

Each of the DBMS can be used from a command line, but each has its own GUI. Recently, MySQL released a new GUI called Workbench as seen in the previous section.

Oracle, Microsoft, and the others have similar GUIs that allow the administrator to access their systems.

Basic SQL Query

When we need to extract data from the database, it's said that we are "querying" the database. As databases are repositories for data, the ability to extract or query data is among the most important functions. As a hacker, we want to extract data, so the query is critical to getting the goods.

The basic structure of the query looks like this:

SELECT <columns>
FROM <table>
WHERE <conditions>

This statement says "give me the data in the columns listed in the SELECT statement from the table that comes after the FROM keyword but only give me the rows that meet the conditions that come after the WHERE keyword."

So, if we wanted to get first name, last name, username, and password from the staff table for employees with the last name of "Singh" we could construct a statement like this:

SELECT first_name, last_name, username, password
FROM staff
WHERE last_name = 'Singh";

SQL Injection

SQL injection is the most common database attack and is probably responsible for the largest dollar volume of losses from cyber crime and advanced persistent threat (APT).

It basically involves putting SQL commands in the data forms of webpages that connect to a database. These forms then send these SQL commands back to the database and the database will either authenticate the user (yes, authentication is a database function) or give up the target data.

In future tutorials, we will spend quite a bit of time using SQL injection tools and executing SQL injection attacks.


Other Vulnerabilities

Besides showing you how to do SQL injection, we will examine some of the other of vulnerabilities in databases. These involve authentication, using the database to compromising the operating system, and several others.

Now that we having covered the basics things related to databases, in future tutorials I will show you how to hack into these databases, so keep coming back!

If you have any queries ask me in form of comments. 

Popular Posts