|Hacks|Crack|Tips |Tricks|Cracks |Programs|Tutorials |Movies|Games|

Breaking

Friday, June 15, 2012

Some Methods To hack Sites


 Welcome to (Wild Wings Hackers - "An approach to introduce people with the truth of HACKING"),In this HACKING class I'll tell you methods which are used to deface or hack any website online. In this Class it just a brief explanation or overview of HACKING or DEFACING websites methods. 


Before starting this class you need at least basic knowledge of HTML, SQL, PHP, Basic knowledge of Javascript, Basic knowledge of servers and most important about how can you protect yourself from tracing. Please don't ignore otherwise you can be in a big trouble.

You can learn HTML, SQL, PHP, Javascript  this from most famous websitehttp://www.w3schools.com/

NOTE : This post is only for educational purpose.

METHODS OF HACKING WEBSITE:

  • SQL INJECTION 
  • CROSS SITE SCRIPTING 
  • LOCAL FILE INCLUSION  
  • REMOTE FILE INCLUSION 
  • DDOS ATTACK
1. SQL INJECTION
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. It exploits web applications that use client supplied SQL queries.The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.  This is the simple way to hack website.
2. CROSS SITE SCRIPTING
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users.  Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. Very popular and effective hack.
Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields
Cross-site scripting holes are web-application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page-content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.  
There are three types of XSS attacks:
  1. Local
  2. Non-Persistent
  3. Persistent.
Explain later in next few class.

3. REMOTE FILE INCLUSION

 Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local exploits to escalate his privileges and take over the whole system. Remote file inclusion is the most often found vulnerability on the website. It allows an attacker to include a remote file, usually through a script on the web server.

4. LOCAL FILE INCLUSION

Local File Inclusion is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injectedLocal File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file.

5. DDOS ATTACK

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.  In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.  Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Hope you like it. Suggestions are welcomed.

Be  a real Hacker - PROFESSIONAL, and change the trend of HACKING.

Thanks and regards :

Chinmoy Pratim Borah

No comments:

Post a Comment