6 Ways to Hack or deface Websites Online

Hello friends , today i will explain all the methods that are being used to hack a website or websites database. This is the first part of the hacking websites tutorial where i will explain in brief all methods for hacking or defacing websites. Today I will give you the overview and in later tutorials we will discuss them one by one with practical examples. So guys get ready for first part of Hacking websites class.... Don't worry i will also tell you how to protect your websites from these attacks and other methods like hardening of SQL and hardening of web servers and key knowledge about CHMOD rights that what thing should be give what rights...

Note : This post is only for Educational Purpose only.




ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.

METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.


2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.
Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

I will explain this in detail in later hacking classes. So keep reading..


3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :
  • Code execution on the web server
  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).
  • Denial of Service (DoS)
  • Data Theft/Manipulation


4. LOCAL FILE INCLUSION

Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd


I will explain it in detail with practical websites example in latter sequential classes on Website Hacking.


5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.

6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.

I hope you all now have a overview of that what is Website Hacking. In consecutive future classes i will explain all of these techniques in details. So guys keep reading..

IF YOU HAVE ANY QUERIES ASK IN COMMENTS...

21 comments:

  1. gud job....more detail with live examples will be much appreciated by the new comers or novice kids
    Regards
    Ajay Anand

    ReplyDelete
  2. Nice Tutorial , you can also check this site for SQL Injection and more tutorial http://hottechtips.blogspot.com

    ReplyDelete
  3. coool dude !!! i want to know more about SQL Injection B)

    ReplyDelete
  4. this is a test to bypass nofollow attribute as it would be a nice hack to be able to do :) test

    ReplyDelete
  5. hi i have to hake website data base because my naked video somebady put in website. legally i removed some website links by dmca report. but most of website dont wants to remove like a torrents.so some bady can help me to remove my vide by haking? i read your this 6 ways but i could not able to understand. anyone please help me..

    ReplyDelete
  6. guud i loke this aticle

    ReplyDelete

  7. Hello all,I am new and I would like to ask that what are the benefits of sql training, what all topics should be covered and it is kinda bothering me ... and has anyone studies from this course wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help... and Also i would like to thank for all the information you are providing on sql.

    ReplyDelete
  8. hi, is there any software for website hacking?

    ReplyDelete
  9. How can I check which vulnerablity a website has?

    ReplyDelete
  10. @mim you can use sofware such as Rootkit Hmei7 Asp Shell injector to inject shells into websites. But every site I tried doesn't work, it says not vulnerable dav..

    ReplyDelete
  11. u have stopped give classes.pls post sir

    ReplyDelete
  12. Hi Lokesh,
    Eagerly waiting for your next book of BEHC.
    Please make it ASAP.


    Regards
    True Follower

    ReplyDelete
  13. In last year's The Casual Vacancy (J.K. Rowling's first novel for adults and first novel after Harry Potter), SQL injections play a significant role, germane to the plot. She doesn't explain them in any sort of detail, but they are used.

    ReplyDelete
  14. oh my god! i didn't know that

    ReplyDelete
  15. i want you to hack a website for me and change some database for me...lpu.in if you can then i will pay you..contact me 7696126728

    ReplyDelete
  16. what of how to deface it

    ReplyDelete
  17. First of all, kali + vidalia/tor

    ReplyDelete

Please do not spam.

Copyright © 2012 Learn How to Hack - Best Online Ethical Hacking Website All Right Reserved
Designed by Hackingloops.