In my knowledge these methods by which websites are hacked are:
- Google Hacking
- Cross-Site Scripting
- SQL Injection
- Remote File Inclusion
- Local File Inclusion
- Denial of Service Attack
- Brute-Force Attack
- Passwork Cracking
- Some other Tools
These are some of the common methods to hack a website, let's discuss them below.
Google Hacking
This is by far the easiest hack of all. It really is extraordinary what you can find in Google's index. And here's Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Just try this.....
Cross-Site Scripting:
Cross-Site Scripting is a type of attack in which a hacker inject script into webpages. Their effect may range from a pretty nuisance to a significant security risk. By this way of injecting codes into webpages, a hacker can gain access to sensitive page content, session cookies, and a variety of other information which are maintained by the browser on behalf of the user.
SQL Injection:
SQL stands for Structured Query Language, SQL Injection is a another type of web application vulnerability occurring in the database layer of an application. It is mostly used for stealing sensitive data (like Username, Password, Email ID, many more). It takes advantages of improper coding in the web application that allow the attacker to inject SQL commands.
Remote File Inclusion:
Remote File Inclusion (RFI) allows an attacker to include a remote file, usually through a script on the web server. A hacker usually upload a file (normally a shell) by tricking the web server on the webpage.
Local File Inclusion:
A Local File Inclusion (LFI) is a method to include local files on runtime. This is much same like RFI. This method involves the discovering of /etc/passwd/ file in the web directory.
Denial of Service Attack:
Denial of Service Attack (DoS attack) or Distributed Denial of Service attack(DDoS attack) is an attempt to make the computer resource unavailable to its users. These are the common attack nowadays, its main purpose is to obstruct the communication of the victim's computer by forcing the targeted computer(s) to reset.
Brute-Force Attack:
Brute-Force Attack is a method in which an attacker tries to crack every possible letters of the password until the whole password is cracked. The main drawback of this attack is that it takes too much time while cracking the password, as it tries every possible character which can be a part of the password.
Authorization Bypass
Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks.Find weak target login page.
View source. Copy to notepad.
Delete the authorization javascript, amend a link or two.
Save to desktop.
Open on desktop. Enter anything into login fields, press enter.
Hey Presto.
Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
Are you like this Article?
Give your feedback..
Thank you.
0 comments:
Post a Comment