Marquel World Information Technology

We allready update to new theme & 2 GDesign custom theme coming up. Stay tuned for more updates coming soon By: Admin Kosmyn and the rest of the staff of this support forum
ChatBox

You are not connected. Please login or register

  • V.I.P
avatar
V.I.P

Hello friends , today i will explain all the methods that are being
used to hack a website or websites database. This is the first part of
the hacking websites tutorial where i will explain in brief all methods
for hacking or defacing websites. Today I will give you the overview and
in later tutorials we will discuss them one by one with practical
examples. So guys get ready for first part of Hacking websites class....
Don't worry i will also tell you how to protect your websites from
these attacks and other methods like hardening of SQL and hardening of
web servers and key knowledge about CHMOD rights that what thing should
be give what rights...



Note : This post is only for Educational Purpose only.






What are basic things you should know before website hacking?
First
of all everything is optional as i will start from very scratch. But
you need atleast basic knowledge of following things..

1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now
First two things you can learn from a very famous website for basics of
Website design with basics of HTML,SQL,PHP and javascript.

http://www.w3schools.com/


And
for the fourth point that you should be expert in removing traces. I
will explain this in my future articles. So keep reading.. or simply
subscribe my posts..

As we know traces are very important. Please
don't ignore them otherwise you can be in big trouble for simply doing
nothing. so please take care of this step.



METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.


1. SQL INJECTION

First of all what is SQL injection? SQL injection is a type of security
exploit or loophole in which a attacker "injects" SQL code through a
web form or manipulate the URL's based on SQL parameters. It exploits
web applications that use client supplied SQL queries.
The primary
form of SQL injection consists of direct insertion of code into
user-input variables that are concatenated with SQL commands and
executed. A less direct attack injects malicious code into strings that
are destined for storage in a table or as metadata. When the stored
strings are subsequently concatenated into a dynamic SQL command, the
malicious code is executed.



2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data
into a website, which causes the application to do something it wasn’t
intended to do. XSS attacks are very popular and some of the biggest
websites have been affected by them including the FBI, CNN, Ebay, Apple,
Microsft, and AOL.
Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site
scripting holes are web application vulnerabilities that allow
attackers to bypass client-side security mechanisms normally imposed on
web content by modern browsers. By finding ways of injecting malicious
scripts into web pages, an attacker can gain elevated access
privileges to sensitive page content, session cookies, and a variety of
other information maintained by the browser on behalf of the user.
Cross-site scripting attacks are therefore a special case of code
injection.

I will explain this in detail in later hacking classes. So keep reading..


3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote
File Inclusion (RFI) occurs when a remote file, usually a shell (a
graphical interface for browsing remote files and running your own code
on a server), is included into a website which allows the hacker to
execute server side commands as the current logged on user, and have
access to files on the server. With this power the hacker can continue
on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :

  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION
Local
File Inclusion (LFI) is when you have the ability to browse through the
server by means of directory transversal. One of the most common uses
of LFI is to discover the /etc/passwd file. This file contains the user
information of a Linux system. Hackers find sites vulnerable to LFI the
same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable
site, www.target-site.com/index.php?p=about, by means of directory
transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd

I will explain it in detail with practical websites example in latter sequential classes on Website Hacking.



5. DDOS ATTACKSimply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack)
is an attempt to make a computer resource unavailable to its intended
users. Although the means to carry out, motives for, and targets of a
DoS attack may vary, it generally consists of the concerted efforts of a
person or people to prevent an Internet site or service from
functioning efficiently or at all, temporarily or indefinitely. In DDOS
attack we consumes the bandwidth and resources of any website and make
it unavailable to its legitimate users.


6.EXPLOTING VULNERABILITYIts
not a new category it comprises of above five categories but i
mentioned it separately because there are several exploits which cannot
be covered in the above five categories. So i will explain them
individually with examples. The basic idea behind this is that find the
vulnerability in the website and exploit it to get the admin or
moderator privileges so that you can manipulate the things easily.

I
hope you all now have a overview of that what is Website Hacking. In
consecutive future classes i will explain all of these techniques in
details. So guys keep reading..

IF YOU HAVE ANY QUERIES ASK IN COMMENTS...

Read more: http://www.hackingloops.com/2011/07/6-ways-to-hack-or-deface-websites.html#ixzz2RHp8YsVx



http://www.symbianize.com/attachment.php?attachmentid=611250&stc=1&d=1343892095

View previous topic View next topic Back to top Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum