Skip to main content

6 Ways to Hack or deface Websites Online

By

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

 Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

 And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

 1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack(DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

How to Protect an Email Account from being Hacked

By
If this is the case, then what is the reason for many people to lose their accounts? The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password. Are you confused? If so continue reading and you’ll come to know… Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams. 1 . WEBSITE SPOOFING =Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website...
Post a Comment
Read more

Java API call Example using GSON, org.json.json and Jackson [ Simple Get Call] and parsing result as JSON

By
import com.fasterxml.jackson.databind.JsonNode ; import com.fasterxml.jackson.databind.ObjectMapper ; import com.google.gson.* ; import org.json.JSONArray ; import org.json.JSONObject ; import java.io.* ; import java.net.HttpURLConnection ; import java.net.URL ; public class APICALL { public static void main (String[] args) throws IOException { // String url="https://mocki.io/v1/19a50724-c2e5-46a1-b457-543462cdfde2"; String url= "https://jsonplaceholder.typicode.com/users" ; String line ; StringBuilder resp= new StringBuilder() ; System. out .println(url) ; HttpURLConnection con= (HttpURLConnection) new URL(url).openConnection() ; con.setRequestMethod( "GET" ) ; con.setRequestProperty( "Accept" , "application/json" ) ; System. out .println(con.getResponseMessage()) ; System. out .println(con.getContentType()) ; InputStream inputStream=con.getInput...
Post a Comment
Read more

keyboard-shortcuts-that-work-in-all-web-browsers

By
Each major web browser shares a large number of keyboard shortcuts in common. Whether you’re using Mozilla Firefox, Google Chrome, Internet Explorer, Apple Safari, or Opera – these keyboard shortcuts will work in your browser. Each browser also has some of its own, browser-specific shortcuts, but learning the ones they have in common will serve you well as you switch between different browsers and computers. This list includes a few mouse actions, too. Tabs Ctrl+1-8 – Switch to the specified tab, counting from the left. Ctrl+9 – Switch to the last tab. Ctrl+Tab – Switch to the next tab – in other words, the tab on the right. (Ctrl+Page Up also works, but not in Internet Explorer.) Ctrl+Shift+Tab – Switch to the previous tab – in other words, the tab on the left. (Ctrl+Page Down also works, but not in Internet Explorer.) Ctrl+W, Ctrl+F4 – Close the current tab. Ctrl+Shift+T – Reopen the last closed tab. Ctrl+T – Open a new tab. Ctrl+N – Open a new browser window....
Post a Comment
Read more

5 Best Popular Posts Widgets For Blogger

By
Adding the Popular Posts Widget for Blogger Just click on your blog title, access the "Layout" menu, click "Add a Gadget" and choose "Popular Posts". A window will appear asking you to configure the widget by choosing which posts you'll feature (e.g. those that were most viewed in the past 7 days or 30 days or from the beginning of your blog). You'll also be asked to choose how many posts you'll feature in your Popular Posts section and select if you'll show the post title only or along with the image thumbnail and/or the snippet. (Remember that each widget style has different requirements, so follow the styles and instructions carefully to find out if you need the snippet and image thumbnail or not). Popular Posts Style 1 - Box within a box This is an interesting widget style since it uses your snippet and image thumbnail in a unique way. Your snippet is written in opaque text and placed in a small transparent box. This, in turn, ...
Post a Comment
Read more

Windows 10 1703 Fall Creator update/upgrage brings NEW UI ... the fluent Ui

By
Microsoft is planning to implement these subtle design changes gradually. Some are already available in new updates to existing Windows 10 apps, and more will start to appear in Windows itself as Microsoft updates the operating system with the Fall Creators Update and future updates. "It's going to be a journey," says Microsoft director Aaron Woodman, noting that these design changes will appear over time in Windows and other products. On stage at Build today, Microsoft's Joe Belfiore demonstrated a number of Fluent Design changes. "You're going to see Fluent Design show up in the Windows shell, in our apps, and across devices," explains Joe Belfiore. Microsoft is focusing on light, depth, motion, material, and scale for its Fluent Design, with subtle changes that make the design feel like it's moving during interactions in Windows. An inking demo showed how Microsoft is bringing the pen experience across the entirety of Windows, allowing...
Post a Comment
Read more

DOWNLOAD SOFTWARES, GAMES , MUCH MORE BY BYPASS PAYPAL PAYMENT

By
Bypass Paypal Payment: Now Download, Software, Games. etc for free without paying any money. We all know that we need to pay via Paypal for download various things from Internet like Games, Ebooks, Software, etc. However this method works only few websites that have very weak security. So Today you are going to learn another method that is "Bypassing Paypal Payment". STEPS Just paste the below code in your address bar the site where the option come to pay Via Paypal CODE " javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0) " If this code worked out for you, you will be redirected to the download page, Elase bad luck, try another site SOME IMPORTANT TIPS This method is working only on those sites with weak security feature. Make sure that your browser supports JavaScript. one website on which this method are works you can try these sites which have weak security sites take it from fallowing link pastesite.com/22775
Post a Comment
Read more

python program to Print Starting Series OF Indian Mobile Number for a State or operator or both

By
import requests import urllib.request import time from bs4 import BeautifulSoup as bs import re url = ' https://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India' state_to_extract = "UE" #if set to None all state is considered telecom_to_extracted = None #if set to none all operator from particular city is extracted response = requests . get(url) print (response) soup = bs(response . text, "html.parser" ) one_a_tag = soup . findAll( 'tr' )[ 35 :] lst = [] for k in one_a_tag: s = k . findAll( 'td' ) limit = len (s) i = 0 while True : if i == limit: break no = s[i] . text i += 1 if i == limit: break operator = s[i] . text i += 1 if i == limit: break state = s[i] . text i += 1 if i == limit: break res = f "{no} {operator} {state}" if state_to_extract is None : if telecom_to_extracted is None : lst . append(no) elif telecom_to_e...
2 comments
Read more

Supported OS id and their code in an installer

By
Hello frnd this is the code and thier Operating system id in windows ,to identify which program run in which windows The ID below indicates application support for Windows Vista -->           --The ID below indicates application support for Windows 7 -->           -The ID below indicates application support for Windows 8 -       supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" code provided to you by Rajlive360.tk
Post a Comment
Read more

Streamlining Java Web Application Deployment with React WAR Generator

By
In the ever-evolving world of web development, managing builds and deployments can often be cumbersome and error-prone. Today, we're excited to introduce a tool designed to simplify and streamline this process: the React WAR Generator . What is the React WAR Generator? The React WAR Generator is a Python-based tool that automates the creation of WAR (Web Application Archive) files for Java web applications. It caters specifically to frontend projects built with React or similar frameworks, making it easier to package and deploy your web applications to a Tomcat server. Key Features Profile-Based Builds : With support for multiple profiles ( dev , test , prod , default ), you can build your application according to different environments and configurations. Version File Generation : Optionally generate a version file that integrates versioning information directly into your TypeScript files, ensuring your build versions are always up-to-date. Tomcat Deployment : Simplify your deploy...
Post a Comment
Read more