Skip to main content

6 Ways to Hack or deface Websites Online

By

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

 Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

 And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

 1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack(DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

30 Terrific Twitter Facts And Figures

By
Twitter has always suffered an image problem and is not usually taken very seriously by the general public. Its name doesn’t help with some people even saying that ‘Twitter is for twits’. Despite this glamor and brand problem this has not held back its growth after its humble origins and launch in 2006. Since then Twitter has gained popularity worldwide and is estimated to have 225 million users, generating 65 million tweets a day and handling over 800,000 search queries per day. It is sometimes described as the “SMS of the Internet” and its 140 character limit keeps the messages short and simple. Its attraction as a social web media platform is maybe in its simplicity and real time messaging that enables breaking news and information to hit the web instantly without filt30 Terrific Twitter Facts and Figures:- Twitter was created in March 2006 by Jack Dorsey and launched in July of that year. Twitter’s origins lie in a “day long brainstorming session” that was held by board...
Post a Comment
Read more

How to Put Google Adsense Below Post Title in Blogger?

By
Adsense is used by majority of expert bloggers for their website monetization because it is a cookie based contextual advertising system that shows targeted ads relevant to the content and reader. As bloggers are paid on per click basis, they try various ad placements on the blog to  increase the revenue  and get maximum clicks on the ad units. Well, on some blogs, you might have seen Adsense ad units placed below the post title. Do you know why? It is because the area just below the post title gets the most exposure and is the best place to put AdSense ad units to increase  Click Through Rate (CTR). Even though ads below post title work like a charm but this doesn’t mean that it will work for you as well. If you want to find out the best AdSense ads placement for your blog, try experimenting by placing ads at various locations such as header, sidebar, footer, etc. You can try other  blog monetization methods  as well to effectively monetize y...
Post a Comment
Read more

Streamlining Java Web Application Deployment with React WAR Generator

By
In the ever-evolving world of web development, managing builds and deployments can often be cumbersome and error-prone. Today, we're excited to introduce a tool designed to simplify and streamline this process: the React WAR Generator . What is the React WAR Generator? The React WAR Generator is a Python-based tool that automates the creation of WAR (Web Application Archive) files for Java web applications. It caters specifically to frontend projects built with React or similar frameworks, making it easier to package and deploy your web applications to a Tomcat server. Key Features Profile-Based Builds : With support for multiple profiles ( dev , test , prod , default ), you can build your application according to different environments and configurations. Version File Generation : Optionally generate a version file that integrates versioning information directly into your TypeScript files, ensuring your build versions are always up-to-date. Tomcat Deployment : Simplify your deploy...
Post a Comment
Read more

Mafia 2 PC Game Download Free ISO Full DLC

By
Mafia 2 PC Game Review: Mafia 2 Plaza free download game is first person shooting game released for pc and PlayStation 3. PC Game game mafia II is the second  Sequel of Mafia Series Launched  By Daniel Vávra in 2010. Mafia 2 is an open world map game. Just like  GTA IV For PC easy to install and run  on windows 10 64 bit. Game story is based on gang war in which the mafia runs the city and do all the crimes.  Gangs Run The City however  the player plays the important role in the game to be a cop in the game.Best weapons and New Graphics In mafia II Game For PC, World Wide Multiplayer Game For PC Play it online low system Requirements. PROOF :- Mafia 2 Complete Free Download. And find out the eve dance in the game. The game has been played by most of the Pro Games.The game can be played in Core 2 Duo mafia system requirements. Download Game for pc direct single link free.  Gta v download full game and install  it on pc. Mafi...
9 comments
Read more

sms spoofing sites

By
What is SMS Spoofing? SMS Spoofing allows you to change the name or number text messages appear to come from. The Story Behind SMSspoofing.com SMSspoofing.com initially was a service that launched in August 2005 allowing users to spoof SMS text messages. However, the service only lasted a few days due to legal threats from around the world. Pressure was put on us by our bulk text messaging provider because mobile carriers around the world were complaining that they were responsible for thousands of spoofed SMS messages. The plug was pulled and we were forced to stop offering our SMS spoofing service. In a matter of days over 250,000 people had visited this site and over 25,000 users from around the world, mostly in Europe (specifically the Czech Republic, where we were prominently featured by the media), had signed up for our service. This website has pretty much been abandoned until we decided to turn this site into an information site in June 2008! Now we're back a...
Post a Comment
Read more

20 Windows Keyboard Shortcuts You Might Not Know

By
Global Windows Shortcuts Win+1, 2, 3, 4, etc. will launch each program in your taskbar. It is helpful then to keep your most used programs at the beginning of your task bar so you can open them one right after another. This also works in Windows Vista for the quick launch icons. Win+Alt+1, 2, 3, etc. will open the jump list for each program in the taskbar. You can then use your arrows to select which jump list option you want to open. Win+T will cycle through taskbar programs. This is similar to just hovering over the item with your mouse but you can launch the program with Space or Enter. Win+Home minimizes all programs except current the window. This is similar to the Aero shake and can be disabled with the same registry key. Win+B selects the system tray which isn’t always useful but can come in very handy if your mouse stops working. Win+Up/Down maximizes and restores down the current window so long as that window has the option to be maximized. It is exactly t...
Post a Comment
Read more

JAVA program to Calculate Factorial using Function Interface (involve lambdas )

By
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 import java.util.Scanner ; import java.util.function.Function ; public class fact { public static void main ( String [] args ) { Function < Integer , String > fact =( n )-> { String res = "Factorial of " + n + " is=" ; double a = 1 ; for ( int i = 1 ; i <= n ; i ++) a *= i ; return res + a ; }; Scanner in = new Scanner ( System . in ); System . out . print ( "Enter the number :" ); int num = in . nextInt (); System . out . println ( fact . apply ( num )); } }
Post a Comment
Read more

how to Send a Confirmation Email Upon Form Submission-Woofoo

By
When someone successfully submits an entry, you can automatically send them a confirmation email to let them know. You can customize the email to include any follow-up info you'd like, and you can choose to include a copy of their entry in the email as well. To set up confirmation emails in Form Settings: Log in and go to  Forms . Hover over  Edit  next to the form you want to edit. Choose  Edit form . Click the  Form Settings  tab. Under Confirmation Options, select  Send Confirmation Email to User . From the  Send To  dropdown, select an Email field from your form. We'll send the confirmation email to the email address the person filling out your form entered into this field. If the dropdown says "No Email Fields Found", add an  Email  field to your form. In the  Reply To  textbox, enter the reply-to email—if someone replies to their confirmation email, this is the email address that their reply will be s...
Post a Comment
Read more

Control Loops in c

By
Objectives: Having read this section you should have an idea about C's: 1.Conditional, or Logical, Expressions as used in program control 2.the do while loop 3.the while loop 4.the for loop Go With The Flow: Our programs are getting a bit more sophisticated, but they still lack that essential something that makes a computer so necessary. Exactly what they lack is the most difficult part to describe to a beginner. There ar e only two great ideas in computing. The first is the variable and you've already met that. The second is flow of control. When you write a list of instructions for someone to perform you usually expect them to follow the list from the top to the bottom, one at a time. This is the simple default flow of control through a program. The C programs we have written so far use this one-after-another default flow of control. This is fine and simple, but it limits the running time of any program we can write. Why? Simply because there is a limit to the nu...
Post a Comment
Read more