Skip to main content

6 Ways to Hack or deface Websites Online

By

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

 Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

 And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.
METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

 1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack(DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Labels:

Comments

Post a Comment

share your thoughts ....

Popular posts from this blog

3g what it is

By
Definition of 3G: 3G is the third generation of wireless technologies. It comes with enhancements over previous wireless technologies, like high-speed transmission, advanced multimedia access and global roaming. 3G is mostly used with mobile phones and handsets as a means to connect the phone to the Internet or other IP networks in order to make voice and video calls, to download and upload data and to surf the net. How is 3G Better?: 3G has the following enhancements over 2.5G and previous networks: Several times higher data speed; Enhanced audio and video streaming; Video-conferencing support; Web and WAP browsing at higher speeds; IPTV (TV through the Internet) support. 3G Technical Specifications: The transfer rate for 3G networks is between 128 and 144 kbps (kilobits per second) for devices that are moving fast and 384 kbps for slow ones(like for pedestrians). For fixed wireless LANs, the speed goes beyond 2 Mbps. 3G is a set of technologies and stand
1 comment
Read more

Dragon Age: Inquisition Digital Deluxe Edition + All DLCs (torrent) Repack Size: 20.1~23.9 GB

By
Brief : Dragon Age: Inquisition  is an  action role-playing video game  developed by  Bioware Edmonton  and published by  Electronic Arts . The third major game in the  Dragon Age  franchise,  Dragon Age: Inquisition  is the sequel to  Dragon Age: Origins  and  Dragon Age II . The game was released worldwide in November 2014 for  Microsoft Windows ,  PlayStation 3 ,  PlayStation 4 ,  Xbox 360 , and  Xbox One . Repack Size: 20.1~23.9 GB 
1 comment
Read more

How to Put Google Adsense Below Post Title in Blogger?

By
Adsense is used by majority of expert bloggers for their website monetization because it is a cookie based contextual advertising system that shows targeted ads relevant to the content and reader. As bloggers are paid on per click basis, they try various ad placements on the blog to  increase the revenue  and get maximum clicks on the ad units. Well, on some blogs, you might have seen Adsense ad units placed below the post title. Do you know why? It is because the area just below the post title gets the most exposure and is the best place to put AdSense ad units to increase  Click Through Rate (CTR). Even though ads below post title work like a charm but this doesn’t mean that it will work for you as well. If you want to find out the best AdSense ads placement for your blog, try experimenting by placing ads at various locations such as header, sidebar, footer, etc. You can try other  blog monetization methods  as well to effectively monetize your blog. In this tutorial, I
Post a Comment
Read more

[solution] Motorola moto G5S plus | xt1804|Sanders Magisk error 1 : cannot mount /vendor

By
Error: mainly all error 1 errors. can not mount /vendors... Cause : Since your current TWRP is not treble supported ,You need a Treble supported Recovery. Solution : Simpally download this file and then flash it .  this recovery is treble supported 1. VIA TWRP boot to twrp recovery  goto install .  touch on install image and then select this downloaded file (.img)  select recovery  then flash it 2. Using fastboot fastboot flash recovery <(downloaded.img)> NOW YOU CAN FLASH MAGISK zip file via recovery LINK : TWRP_SANDERS_r22_BY_GENETIC ENGINEER
6 comments
Read more

Control Loops in c

By
Objectives: Having read this section you should have an idea about C's: 1.Conditional, or Logical, Expressions as used in program control 2.the do while loop 3.the while loop 4.the for loop Go With The Flow: Our programs are getting a bit more sophisticated, but they still lack that essential something that makes a computer so necessary. Exactly what they lack is the most difficult part to describe to a beginner. There ar e only two great ideas in computing. The first is the variable and you've already met that. The second is flow of control. When you write a list of instructions for someone to perform you usually expect them to follow the list from the top to the bottom, one at a time. This is the simple default flow of control through a program. The C programs we have written so far use this one-after-another default flow of control. This is fine and simple, but it limits the running time of any program we can write. Why? Simply because there is a limit to the nu
Post a Comment
Read more

Internet Download Manager (IDM}

By
Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. Simple graphic user interface makes IDM user friendly and easy to use.Internet Download Manager has a smart download logic accelerator that features intelligent dynamic file segmentation and safe multipart downloading technology to accelerate your downloads. Unlike other download managers and accelerators Internet Download Manager segments downloaded files dynamically during download process and reuses available connections without additional connect and login stages to achieve best acceleration performance. Internet Download Manager supports proxy servers, ftp and http protocols, firewalls, redirects, cookies, authorization, MP3 audio and MPEG video content processing. IDM integra
Post a Comment
Read more

How to Show JavaScript or HTML Code on Blogger Blog Posts

By
How to Display Code on Blogger Posts In order to display codes on blogger blog you should convert them to escaped characters and show them under the HTML tag   pre  as shown below. code in escaped characters Now let us check how to convert a script in to escaped form.  How to Convert HTML/Java Script code in to Escaped Characters You can simply parse a script in to escaped format by following the changes given below. <  must be changed with   < >  should be changed with  > “  should be changed with  " In case if the script is too big to convert manually, you can use any tools which convert a Java script or HTML script in to escaped version. The following links will help you to convert normal HTML and JavaScript codes in to Escaped Characters automatically.  http://www.accessify.com/tools-and-wizards/developer-tools/quick-escape/default.php http://codeformatter.blogspot.in/2009/06/about-code-formatter.html Showing JavaScript and HTML codes in plain text
Post a Comment
Read more

How to Create Your Own Customized Run Commands

By
The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer. Creating the Customized Run Command: Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing ie in the Run dialog box. Here is how you can do that. Right-click on your Desktop and select New -> Shortcut. You will see a “Create Shortcut” Dialog box as shown below Click on “Browse”, navigate to: Program Files -> Internet Explorer from y
Post a Comment
Read more

8 Tools to Track Registry and File Changes by installing a software

By
1.  Regshot unicode Regshot is a long running utility that can quickly take a before and after snapshot of the system registry. Also in the more recent unicode version it’s gained the ability to monitor for file changes using CRC32 and MD5 file checksums although this function is turned off by default and you have to go to File -> Options -> Common Options -> and tick “Check files in the specified folders” to enable it. Only the Windows folder is entered into the list of watched folders so you have to enter any others yourself through the Folders tab. This version also added the Connect to remote registry option. Regshot is very much a “hands on” utility and is more for experienced or advanced users to quickly check for system changes between two different points in time. Simply create the 1st shot, install the software or run the program you want to watch, and then press 2nd shot. After comparing the differences in the 1st and 2nd shots, it will open an HTML log in y
1 comment
Read more