HACKING CLASS
Welcome to (HACKING begins - "An approach to introduce people
with the truth of HACKING"),In this HACKING class I'll tell you methods which are used to deface or hack any website online. In this Class it just a brief explanation or overview of HACKING or DEFACING websites methods.
Before starting this class you need at least basic knowledge of HTML, SQL, PHP, Basic knowledge of Javascript, Basic knowledge of servers and most important about how can you protect yourself from tracing. Please don't ignore otherwise you can be in a big trouble.
You can learn HTML, SQL, PHP, Javascript this from most famous website http://www.w3schools.com/
NOTE : This post is only for educational purpose.
METHODS OF HACKING WEBSITE:
- SQL INJECTION
- CROSS SITE SCRIPTING
- LOCAL FILE INCLUSION
- REMOTE FILE INCLUSION
- DDOS ATTACK
1. SQL INJECTION
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It exploits web applications that use client supplied SQL queries.The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. This is the simple way to hack website.
2. CROSS SITE SCRIPTING
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. Cross site scripting (XSS) occurs when a
user inputs malicious data into a website, which causes the application
to do something it wasn’t intended to do. Very popular and effective hack.
Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields
• Search Engines
• Login Forms
• Comment Fields
Cross-site scripting holes are web-application vulnerabilities which
allow attackers to bypass client-side security mechanisms normally
imposed on web content by modern browsers. By finding ways of injecting
malicious scripts into web pages, an attacker can gain elevated access
privileges to sensitive page-content, session cookies, and a variety of
other information maintained by the browser on behalf of the user.
Cross-site scripting attacks are therefore a special case of code injection.
There are three types of XSS attacks:
- Local
- Non-Persistent
- Persistent.
3. REMOTE FILE INCLUSION
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. Remote file inclusion is the most often found vulnerability on the website. It allows an attacker to include a remote file, usually through a script on the web server.
4. LOCAL FILE INCLUSION
Local File Inclusion is the process of
including files on a server through the web browser. This vulnerability
occurs when a page include is not properly sanitized, and allows
directory traversal characters to be injected. Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file.
5. DDOS ATTACK
A distributed denial of service attack (DDoS) occurs when multiple
systems flood the bandwidth or resources of a targeted system, usually
one or more web servers. These systems are compromised by attackers
using a variety of methods. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users. Although the means to carry out, motives for, and targets of a DoS
attack may vary, it generally consists of the concerted efforts of
person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
Hope you like it. Suggestions are welcomed.
thanks bro! :)
ReplyDeletehow to check vulnerabilities of that website.
ReplyDeletewhich tools are used to check vulnerability....
@ madhu : Try Acunetix
ReplyDeletecan you hack a site for me?
ReplyDeletelol nmap,nikto...
ReplyDeletecan you hack thegioisex.vn
ReplyDeletei want to become aa hacker..i practice now hacking my own database..and i enjoy brainstorming..
ReplyDeletethnks sir,.