Skip to main content

6 Ways to Hack or deface Websites Online

By

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

 Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

 And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

 1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack(DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

Random post with specific label - Blogger Widget

By
1. go to blogger dashboard, select template and edit html. 2. search for </head> to add script. - you may download and upload to your site, or just use this link (no download required) script <script src='http://docs.google.com/uc?id=0B7xJbTAja8i0a0ZJbXJ2TkkwSW8&amp;export=download' type='text/javascript'/> 2. search for ]]></b:skin> to add style/css. img.label_thumb{ float:left; padding:5px; border:1px solid #8f8f8f; background:#D2D0D0; margin-right:10px; height:55px; width:55px; } img.label_thumb:hover{ background:#f7f6f6; } .label_with_thumbs { float: left; width: 100%; min-height: 70px; margin: 0px 10px 2px 0px; adding: 0; } ul.label_with_thumbs li { padding:8px 0; min-height:65px; margin-bottom:10px; } .label_with_thumbs a {} .label_with_thumbs strong {} 2. save template. 3. add a widget. 3. edit widget. at this example i use random post with label "blogger", you must replace it with your label. <div s...
1 comment
Read more

Submit your site for free to search engine~SEO TOOL SERACH ENGINE SUBMitt free

By
free Submit the main page of your site only. The rest of your site will be crawled by the search engines. Only 5 submissions in every 24 hours period are allowed. URL  * Email  * Name  * Business Phone  * Country  *   None Selected   United States   Afghanistan   Albania   Algeria   American Samoa   Andorra   Angola   Anguilla   Antigua and Barbuda   Argentina   Armenia   Aruba   Australia   Austria   Azerbaijan   Bahamas   Bahrain   Bangladesh   Barbados   Belarus   Belgium   Belize   Benin   Bermuda   Bhutan   Bolivia    Bosnia Hercegovina   Botswana   Bouvet Island   Brazil   Brunei Darussalam   Bulgaria   Burkina Faso   Burundi   Cambodia   Cameroon   Canada   Cape Verde   Cayman Islands   Central African Republic   Chad   Chi...
Post a Comment
Read more

Tips to Enable or Disable Toast Notifications on Windows 8

By
Windows 8 is among the most incredible and interesting kind of Windows version from Microsoft. It has visually eye catching design, which is found in modern user interface that is meant for redesigning a number of operating systems, worked out for users. If you have used or seen someone using Windows 8 you could have noticed the toast notifications in this modern version of windows, which simply appears the moment you install or uninstall any application. There are many users who are well versed with the bubble notifications, which were found in the earlier versions of Windows seen via the taskbar. The new application platform in Windows 8 comes with an integrated notification system for installing or uninstalling a number of modern applications. The Windows 8 style application can employ a number of notifications types including the traditional toast notifications, live titles and lock screen. These can be managed by either disabling or enabling the notification of your applicatio...
Post a Comment
Read more

List of all search engine by topics,genre and based on

By
Tweet General Baidu  (Chinese, Japanese) Bing Blekko Google Sogou  (Chinese) Soso.com  (Chinese) Volunia Yahoo! Yandex.com Yodao  (Chinese) P2P search engines FAROO Seeks  (Open Source) YaCy  (Free and fully decentralized) Metasearch engines See also:  Metasearch engine Blingo Yippy  (formerly Clusty) DeeperWeb Dogpile Excite Harvester42 HotBot Info.com Ixquick Kayak Mamma Metacrawler Mobissimo Otalo PCH Search and Win SideStep Thiv WebCrawler Geographically limited scope Accoona ,  China / United States Alleba , Philippines Ansearch ,  Australia / United States / United Kingdom / New Zealand Biglobe ,  Japan Daum ,  Korea Goo ,  Japan Guruji.com ,  India Leit.is ,  Iceland Maktoob ,  Arab World Miner.hu ,  Hungary Najdi.si ,  Slovenia Naver ,  Korea Onkosh ,  Arab World Rambler ,  Russia Rediff ,  India SAPO ,...
Post a Comment
Read more

Downloading Windows 8 for Free [Full version]

By
Tweet Downloading Windows 8 for Free [Full version] Windows 8 is a new version of Windows that focuses on variety of hardware platform and form factors such as slim-type computers and new generation of touch devices. The new version free for download was made available for developers and testers of the new OS. Here’s the download links for the Enterprise version of Windows. How to get and download the latest operating system Thankfully, Microsoft released the new version free for download designed for technological professionals, engineers and IT personnel's for testing and debugging purposes. Download Links of the ISO file (x86 and x64) Windows 8 32-Bit version Windows 8 64-Bit version If you can’t download the file, make sure that you are login to your respected  Hotmail account .
1 comment
Read more

Google Sheet/Google form Script to send automated Email to users

By
Well many of us want to send especially bloggers sometimes want to send automated replies to user 's ..but as usual, not everyone is a code geek or lovers ... so this is a small guide to How to use Google form with Google sheet to make an automated reply link....so follow the steps accordingly. STEP 1: GOTO google Forms ... and create a form ... in my case I just take users email id and how do they get to my site. 1. GOTO   https://docs.google.com/forms?usp=mkt_forms 2. login with your account. now choose blank form. 3. in Form title write your forms name, for example, let say my form. 4. in Form description write the description let say  A simple form ... 5. now go to setting and in general tab, check collect email address. and  click on save 6. (optional) you can also ask some basic question 7. now goto responses tab now click on create new spreadsheet button. (that green icon ..) in select response, destination cho...
1 comment
Read more

Binary Search Tree in Java implementation (reference based, dynamic memory)

By
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 import java.util.Scanner ; class BST { static BST . Node root = null ; public void insert ( int num ) { if ( root == null ) { root = new BST . Node ( num ); } else { // root node is not empty BST . Node temp = root ; while ( temp != null ) { if ( num <= temp . getVal ()) { if ( temp . getLeft () != null ) temp = temp . getLeft (); ...
4 comments
Read more

just more way to disable autorun.inf

By
Auto run.Inf this is a instruction file associated with the Auto run function. It is a simple text configuration file that instructs the OS (operating system) which executable to start which icon to use which additional menu commands to make available etc Auto run.inf must be located in the root directory of a volume.That is CD,DVD,of Floppy Disk or Pen drive. It is mainly used by the manufacturer on what actions to taken when their CD-ROM when it is inserted. In OS, when autorun.inf is enabled (Normally by default it is enabled ) then by inserting the Cd or DVD the content of the medium is automatically executed. This is to avoid the user intervention and help the low level knowledge of computer literacy people. But Virus programmer taken this as advantage and make virus instruction in autorun.inf text file. TYPICAL AUTORUN.INF A typical autorun.inf file looks like below. [autorun] open=setup.exe icon=setup.exe,0 label=GameProgram SIMPLE METHOD NOT TO GET INFECTED BY AUTORUN.INF:...
Post a Comment
Read more

python program get union of two list (program to get A union B ) list method .

By
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 #!/usr/bin/env python3 # -*- coding: utf-8 -*- """ Created on Fri Mar 16 17:08:52 2018 @author: beast """ def version1 (): a = [ 'a' , 'b' , 'c' , 'd' , 'e' ] # list 1 b = [ 'a' , 'b' , 'c' , 'd' , 'e' , 'f' , 'g' , 'h' ] # list 2 c = [k for k in (a) if (k in (a) and k not in (b))] # include unique item from list 1 : items are (list1-list2)(set thoery) d = [l for l in (b) if l in (a ) and l in (b) or (l not in (a) and l in (b))] #include all the comman from list 1 and unique from list 2 lst = c + d # append above two comprehensed list to get union of list1 U list2 lst . sort() # not neccessay but makes list easy to understand (sorting in ascending order ) ...
Post a Comment
Read more

5 Quick Beginner-Friendly CSS Customizations That Make Your Blog Stand Out

By
Changing Background Color To change the background of your website, you first have to get familiar with the styling of the theme. Is the background color simply under body, or is it built into its own frame? Some themes are not as intuitive as others, so if the one you are currently using is intelligible, you might want to change to a different theme before you start editing. (The one I'm using in the example is the free  Catchbox Theme  and a very common starting theme is twentyeleven.) With most non full-width themes, the background color is simply under body. And overruling it is quite simple. 1 2 3 body {    background-color : #477C67 ; } You can use the  W3Schools HTML color picker  to get your colors, or install a Chrome extension, aFirefox plugin, or a WordPress plugin to speed things along when you're editing on the go. I chose a deep teal background color:  #477C67 : If this code snippet does not change the ba...
Post a Comment
Read more