Skip to main content

6 Ways to Hack or deface Websites Online

By

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

 Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

 And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

 1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack(DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

Download pocket tank delux with 295 weapons free total 295 weapons version 1.6

By
Download Pocket Tanks Deluxe Full Version Free With 295 Weapons Pack | Size: 30MB UPDATED 2019 /19/april Description: Pocket Tanks is a 1-2 player computer game for Windows and Mac OS X, created by Blitwise Productions, developer of Super DX-Ball and Neon Wars. Adapted from Michael Welch's earlier Amiga game Scorched Tanks, this newer version features modified physics, dozens of weapons ranging from simple explosive shells to homing missiles, and the ability to move the tank. It supports several expansion packs. At the moment, players can have up to 295 different weapons total. Pocket Tanks is often abbreviated as PTanks. Have Fun! NOTE: FILE NAME IS SCRAMBLED FOR AVOIDING HARD DETECTION & FILE TAKEN DOWN . How to Play: Best with 2 players on the same computer at school or at work. UPDATED LINK https://mirr.re/d/u1Y https://nl26.seedr.cc/ff_get/447027537/ptd16.295.exe?st=lUp-PbRp4YOwToHIOGwStQ&e=1555747979 http://www.uploadmagnet.com/7gfzhbyfe...
9 comments
Read more

DOWNLOAD CODE BLOCKS 16.01 MINGW.SETUP .EXE 86.3 MB

By
Code::Blocks for Mac is a free C, C++ and Fortran IDE that has a custom build system and optional Make support. The application has been designed to be very extensible and fully configurable. Code::Blocks is an IDE packed full of all the features you will need. It has a consistent look, feel and operation across its supported platforms. It has been built around a plugin framework, therefore Code::Blocks can be extended with plugins. Support for any kind of functionality can be added by installing/coding a plugin. Key features include: Written in C++. No interpreted languages or proprietary libs needed.. Full plugin support. Multiple compiler support: GCC (MingW / GNU GCC), MSVC++, clang, Digital Mars, Borland C++ 5.5, and Open Watcom etc. Support for parallel builds. Imports Dev-C++ projects. Debugger with full breakpoints support. Cross-platform. Code::Blocks' interface is both customizable and extensible with Syntax highlighting, a tabbed interface, Class Br...
1 comment
Read more

13 websites to register your free domain

By
Register your Free Domain Now!! 1)  .tk Dot TK is a FREE domain registry for websites on the Internet. It has exactly the same power as other domain extensions, but it’s free! Because it’s free, millions of others have been using .TK domains since 2001 – which makes .TK powerful and very recognizable.  Your website will be like www.yourdomainname.tk . It is free for 1 year. It’s a ccTLD domain whixh having the abbreviation  Tokelau. To create a .tk domain, Visit   www.dot.tk 2) co.cc Co.cc is completely free domain which is mostly used by blogspot bloggers because of it’s easy to use DNS system. Creating a co.cc for blogger is simple ( for instructions- “click here”). Your website will be like www.yourdomainname.co.cc . To create a .co.cc domain, visit www.co.cc 3)   co.nr co.nr is too like co.cc. Your website will be like  www.yourdomainname.co.nr . You can add it for blogger also.. To create a .co.cc domain, vi...
Post a Comment
Read more

How to Bypass Right Click Block on Any Website

By
In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to strengthen the website’s security by adding some of the simple security features such as  disabling right-click ,  protecting images ,  hiding or masking parts of a web page  and so on. How JavaScript Works? Before you proceed to the next part which tells you how to disable the JavaScript functionality and bypass any of the restrictions imposed by it, it would be worthwhile for you to take up a minute to understand how JavaScript works. JavaScript is a client side scripting language (in most cases), which means when loaded it runs from your own web browser. Most modern browsers including IE, Firefox, Chrome and others support JavaScript so that they can interpret the code and carry out action...
Post a Comment
Read more

Binary Search Tree in C++( dynamic memory based )

By
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 #include<bits/stdc++.h> using namespace std; struct bst { int val; bst * left, * right; }; bst * root = nullptr; void srch ( int num,bst * head) { if (head == nullptr){ cout << " \n Number is not present \a " << endl; return ; } if (head -> val == num) { cout << " \n Number is present \n\a " ; return ; } else { if (num < head -> val) srch(num,head -> left); else srch(num,head -> right); ...
6 comments
Read more

Java API call Example using GSON, org.json.json and Jackson [ Simple Get Call] and parsing result as JSON

By
import com.fasterxml.jackson.databind.JsonNode ; import com.fasterxml.jackson.databind.ObjectMapper ; import com.google.gson.* ; import org.json.JSONArray ; import org.json.JSONObject ; import java.io.* ; import java.net.HttpURLConnection ; import java.net.URL ; public class APICALL { public static void main (String[] args) throws IOException { // String url="https://mocki.io/v1/19a50724-c2e5-46a1-b457-543462cdfde2"; String url= "https://jsonplaceholder.typicode.com/users" ; String line ; StringBuilder resp= new StringBuilder() ; System. out .println(url) ; HttpURLConnection con= (HttpURLConnection) new URL(url).openConnection() ; con.setRequestMethod( "GET" ) ; con.setRequestProperty( "Accept" , "application/json" ) ; System. out .println(con.getResponseMessage()) ; System. out .println(con.getContentType()) ; InputStream inputStream=con.getInput...
Post a Comment
Read more

How to Use Google for Hacking

By
Google serves almost 80 percent of all the search queries on the Internet, proving itself as the most popular search engine. However, Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed. In this post, you will find the information on how to use Google for exploiting security vulnerabilities that exists within many websites. The following are some of the ways to use Google for hacking : 1. Using Google to Hack Security Cameras: There exists many security cameras that are used for monitoring places like parking lots, college campus, road traffic etc. With Google, it is possible to hack these cameras so that you can view the images captured by them in real time. For this, all you have to do is just use the following search query in Google. Type in the Google search box exactly as given below and hit enter: inurl:”viewerframe?m...
Post a Comment
Read more

Interesting Thing In Yahoo Logo

By
If you press "!" in the Yahoo logo on Yahoo.com Home page. You can hear group of girls saying "Yahooooo" !!! NOTE it doesnt work in yahoo india it works in yahoo US , type us.yahoo.com and try it
Post a Comment
Read more

Dragon Age: Inquisition Digital Deluxe Edition + All DLCs (torrent) Repack Size: 20.1~23.9 GB

By
Brief : Dragon Age: Inquisition  is an  action role-playing video game  developed by  Bioware Edmonton  and published by  Electronic Arts . The third major game in the  Dragon Age  franchise,  Dragon Age: Inquisition  is the sequel to  Dragon Age: Origins  and  Dragon Age II . The game was released worldwide in November 2014 for  Microsoft Windows ,  PlayStation 3 ,  PlayStation 4 ,  Xbox 360 , and  Xbox One . Repack Size: 20.1~23.9 GB 
1 comment
Read more

Windows 10 1703 Fall Creator update/upgrage brings NEW UI ... the fluent Ui

By
Microsoft is planning to implement these subtle design changes gradually. Some are already available in new updates to existing Windows 10 apps, and more will start to appear in Windows itself as Microsoft updates the operating system with the Fall Creators Update and future updates. "It's going to be a journey," says Microsoft director Aaron Woodman, noting that these design changes will appear over time in Windows and other products. On stage at Build today, Microsoft's Joe Belfiore demonstrated a number of Fluent Design changes. "You're going to see Fluent Design show up in the Windows shell, in our apps, and across devices," explains Joe Belfiore. Microsoft is focusing on light, depth, motion, material, and scale for its Fluent Design, with subtle changes that make the design feel like it's moving during interactions in Windows. An inking demo showed how Microsoft is bringing the pen experience across the entirety of Windows, allowing...
Post a Comment
Read more