Sunday 7 August 2011

TEChniques for hacking websites

Everyday, you search in GoogleYahoo, and other search engines, "How to Hack Websites?", "Methods to Hack Website", "Website Hacking", etc. Website Hacking have become a popular business or rather an interesting game for many people, reasons behind this hack is normally to prove their skills and to get fame, or anything else. As we know, "To catch a thief, we must think like a thief", like here also, we can conclude that to secure a things, we must first find insecure in it, then we can proceed on securing. So, before proceeding to the topic of securing we must first know what is insecure in it.


There are many drawbacks by which websites are compromised, these is normally due to the poor management of site by the webmaster or admin.

So, the methods by which websites are hacked are:
  • Cross-Site Scripting
  • SQL Injection
  • Remote File Inclusion
  • Local File Inclusion
  • Denial of Service Attack
  • Brute-Force Attack
These are some of the common methods to hack a website, let's discuss them below.
  • Cross-Site Scripting: Cross-Site Scripting is a type of attack in which a hacker inject script into webpages. Their effect may range from a pretty nuisance to a significant security risk. By this way of injecting codes into webpages, a hacker can gain access to sensitive page content, session cookies, and a variety of other information which are maintained by the browser on behalf of the user. 
  • SQL Injection: SQL stands for Structured Query Language, SQL Injection is a another type of web application vulnerability occurring in the database layer of an application. It is mostly used for stealing sensitive data (like Username, Password, Email ID, many more). It takes advantages of improper coding in the web application that allow the attacker to inject SQL commands.
  • Remote File Inclusion: Remote File Inclusion (RFI) allows an attacker to include a remote file, usually through a script on the web server. A hacker usually upload a file (normally a shell) by tricking the web server on the webpage. 
  • Local File Inclusion: A Local File Inclusion (LFI) is a method to include local files on runtime. This is much same like RFI. This method involves the discovering of /etc/passwd/ file in the web directory.
  • Denial of Service Attack: Denial of Service Attack (DoS attack) or Distributed Denial of Service attack(DDoS attack) is an attempt to make the computer resource unavailable to its users. These are the common attack nowadays, its main purpose is to obstruct the communication of the victim's computer by forcing the targeted computer(s) to reset.
  • Brute-Force Attack: Brute-Force Attack is a method in which an attacker tries to crack every possible letters of the password until the whole password is cracked. The main drawback of this attack is that it takes too much time while cracking the password, as it tries every possible character which can be a part of the password.
There are many other ways too for taking over a site, but these are nowadays very common. 

Take a look at the above image, it clearly shows different types of web attacks

Some others methods are DNS Hijacking, Insufficient Administration, Misconfiguration, Uses of Trojans, many more.

My advice to all the webmaster or admin is to check their site against these vulnerabilities as to protect them from future attacks.

No comments: