Ways hackers can hack your website

So in this post instead of teaching you a way to hack a part of a site, I thought i'd be interesting how professional hackers could actually hack your sites. This is a post, to describe various hacks in the easiest and most simplistic way I can.

Here are a few

1) The Denial-of-Service Attack:
Ah yes, you've probably heard of this hack as it comes up in the papers all the time. But what exactly is a DOS attack? Simple. The denial of service attack makes a machine or a network's services to be down and aren't available to users.
During this time gap, hackers will use the site to their advantage or may target specific parts of the site for their own use.
One way of carrying out a DOS attack is to flood the network with a large number of packets filling up the network's bandwidth. This may cause the CPU to run out of resources, thus causing the network to go down and allow for an easy attack.

2) Injection attacks :
If you've been following my blog, you would already be familiar with this attack.
This happens due to flaws within SQL databases. This was my first method I learned in hacking when I didnt know the password to my id at college.
When it verified the password I injected ('or'1'='1) it'll validate to true, giving me access to the database.
There are several different types of injection, especially with command like UNION ALL SELECT to give you a large amount of info extracted from websites. This is the foundation for hacking.

3) Cross Site Scripting :
 Here the hacker programs malicious content (maybe in HEX to make it look less suspicious) within a link found on a forum, chat, or blog page. The unaware user clicks on this link and it runs on the browser. The attacker can easily steal information in this way or may steal a user's session. It could steal a user's cookies and send them to the hacker. Yikes!
For example the hacker could embed code within the HTML making users enter their user name and password to the hackers site. But the user must click on the suspicious link set out by the attacker first.

4) Remote code attacks:
These kind of attacks are due to small scripts or malware. Its usually found due to vulnerabilities within directories that haven't been used either on the server or client. Nothing really special here.

5) Click jacking:
I really find this hack beautiful. The attacker actually uses multiple layers of say a text box. So the unaware user might be thinking he's typing in his password into the textbox of that site, however he's actually typing in the textbox set by the hacker. This hack takes patience and careful constructions of frames, etc.

6) Cache hacks:
This one's also kind of interesting. We all know how DNS works. If you want google.com you'll use the DNS server and it'll give you the IP to where google.com is located. But what if a hacker took over a DNS server? He could easily change one of those cache values to a website that he owns. So when you hit google.com, you're actuallly being sent to an IP that the hacker has set. Real serious.

These are the main ones I know. I'll be sure to update them as I learn more.

Please rate and subscribe.

Python Script for getting an MD5 from a string

This is a small handy python script for producing the MD5 value for a string.

MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity.

Now some things on website are encoded in MD5.

Suppose on clicking 'inspect element' you stumble upon the following

"GET / users / passwords / " . md5('Users') "

Now I stumbled upon this when I entered a wrong parameter into a field that required a certain type of data giving me a MYSQL error. This left the page with a major amount of the directory exposed.

But you can expose this in numerous ways. But we're getting off topic.

So now you see that I've found a password directory but the string 'Users' is encoded with Md5.

Today's blog will teach you a python script that'll let you decipher this.

Simply import the hashlib and paste in the following line

print hashlib.md5("your text here").hexdigest()

It'll then print out the required md5 value for the string that you've entered.

Simply paste the URL with /users/passwords/your md5 value

Eg. /users/passwords/7e40c181f9221f9c613adf8bb8136ea8

You'll now be able to access the directory that was previously encrypted.

If you liked this post please share and scubscribe

Let's play hide and seek with tables (SQL lite)

Pretty simple and straight forward hack.

Like I explained before, if you get your hands onto an administrator account, its possible to do this hack.

Check out my other blog on changing java script cookies to get an admin access, or you can check out my other blog post on GET methods, so that you can apply an admin id (usually equal to zero) on the URL.

If you're lucky enough to get an admin account, usually they'll have an SQL(or SQL lite) query where they can add commands.

Interestingly enough, its actually possible to see all the tables stored on the database by using the sql_master keyword.

In your prompt hit "SELECT * FROM sqlite_master;"

Now in SQL lite, sqlite_master allows you to see all the tables within a database. Now this really comes in handy when you're hacked into an admin account, but have no idea on what tables exist in the database.

Once this command is entered, it'll display the names of all the tables existing on that database. Now simply hit SELECT * FROM "that table name", to view the contents of that table.

So wait, can I use this command to view other databases on the site?
Well if you're lucky enough you can.

If you know the directory of another database on the site (using the ls command which i've explained on a previous blog post), you can view it.

Simply hit "inspect element" on the SQL query, and change the path of the database that's currently in view to that path of the database you found.
Eg:
<input type="hidden" name="sql_db" value="pra.dbase">
So this means that, you're actually viewing a databse called pra.

If you found a database in a parent directory called "arp" simply replace "pra.dbase" to "../arp"
(Remember ../ means parent directory)

Once thats changed, repeat the sql_lite command to view the tables within that database.

If you liked what you read, please share and give it a +1.

Defacing a site

This is a hack that we see all over the web.
You visit a regular site that you usually visit, but you've realized that the site looks COMPLETELY different.

You soon realize the sites been hacked with the classic sign of the hackers on the bottom of the page.
But this is actually pretty simple.

First of all, if you want to deface a site, the easiest thing to do is to find a form on the site, in which they save under a file name which you specify.

Now when a site carelessly overwrites a file with the same name, we can exploit this.

Save the form title as ../index.hmtl which will be the file name which will overwrite the exsiting index.html on the site.
In the form description paste the code in html for the defacing site you want to build.

Once you hit submit, the existing index.html site will be overwritten with the new index.html form you made, and the site will crumble under the new page you've coded in the description.

I'll upload photos soon to make it more clearer.
Note: If the site renames the saved forms to a different file name if the name already exsists, this hack wont work.
If you liked this please rate and share.

Method GET

This is hack is pretty straight forward, though you'd only probably see this on novice sites.

As in the screen shot below the bands rating is 2.314 which is pretty unimpressive. Now you have the choice of giving a rating of 1-5. But even if you gave them a 5, its not really going to improve the band's rating to the top spot.

However there is a way for you to save them! See the action tag? The method is specified as a "GET". Now get methods always use information from the URL which is visible to everyone. Now to hack into this, you simply change the value within the parenthesis to the desired number like " 999999". When you hit submit, since its a GET method, it'll take the corresponding value as 99999 and hence will raise the bands status by 99999 points.

This only works for GET methods not POST methods.

If you liked this please share and rate.

Hitting PHP with SSI

We all know that PHP is a server-side scripting language. It runs on the server.
 SSI (dynamic html executed by the server, rather than the browser), allows us to manipulate php scripts with a little bit on SSI injection.

Once again for the sake of education, i'm only going to teach you how to snoop around the contents of that directory.
Suppose you have a unsecured PHP script running on a page.
Now with some SSI injection you'll be able to initiate commands done by the dynamic html executed by the server.

Simply type <!--#exec cmd="ls ../"-->
This exec command take the value of cmd which states which command to execute.
By simply providing the command of ls (listing the directory), this input will be executed listing the contents of the directory.

As I explained in the previous blog, if suppose you found a hidden php page, simply copy paste the name.php at the end of the url to view its contents.

If you liked this post, please share and rate.

Snooping with ls (Unix) Update: ls on Perl sites

Sometimes people who publish their websites, can be careless enough to leave sensitive information in a directory where a script is accessible.

This can be very dangerous. If the script box can be run on Unix commands and isn't secured, this can allow us to run various scripts in Unix to snoop around the site/directory.

Now suppose a site provides a script box and asks to enter the date.
We all know the Unix command 'cal' which allows us to print the date.
Now suppose the site asks us the enter the year in which you want to see the calendar.
And once you hit the submit button a calendar for that year appears.

Wait. So if i'm using the command cal, why can't I use other command in concatenation?

If you want to snoop in that directory simply concatenate the ls - l command with &&.
So in the script box hit && ls-l and you'll have a list of all files within that directory.

If by chance you found a secure, hidden file ending with php, simply copy paste the name.php at the end of the url to access the file.

If you want to snoop around along different directories you could always use ".."  to reach the parrent directories.
Remember
.. -parent directory
. - current directory

The possibilities are endless, you can inject any Unix command you like.

Scary, right?

If you liked this post please share and rate.



Update: How to use ls on Perl scripted sites

For those perl sites that use the syntax page.pl?page=value
where page is a parameter and value is the corresponding value, its possible to use ls to see the list of items within that directory.

Example
page.pl?page=faq
means it'll open the page corresponding to "faq", meaning that it'll open the frequently asked question pages.

Now with the pipe operator in Unix (|) its possible to use ls
Simply type
page.pl?page=|ls|
with the pipe operator appended we are now able to see all the files on that directory.

If you liked this post please share and rate.

Javascript cookies and changing their value

Sometimes while browsing, its possible you've stumbled upon a restricted area with the common message

"You aren't authorized to see this page".

Well chances are they use your cookies to check whether you are/aren't authorized to see the restricted page.

Well there's 2 javascripts so that we can work around it.

First in your URL type javascript:alert(document.cookie);
This will bring up a list of all the cookies that are running on the site.
Chances are you'll find a cookie similar to "authorization=no"

Now to change this we simply need one more javascript injection.
Simply type javascript.action(document.cookie="name=value");
where name is the cookie name you're trying to change and value is the value you are changing to.
So for example if my cookie was "level_authorization=no" my script would be
javascript.action(document.cookie="level_authorization=no");

The site will pop up a cookie change value box, to inform you that the change has been made.
After this you'll be able to view the content that you weren't able to before.

If you liked this article please give it a +1 and share!

Simple SQL injection

Today i'm going to explain SQl injection.

For some sites (and no, not any secure sites like Gmail or Facebook) that ask for a user name and password, they sometimes tend to verify the password through SQL.

Well here's a method to bypass, or in other words trick the SQL engine into thinking you've typed the correct password.

Simply type the user name, and for the password type

'or'1'='1

yes, that mathematical equation should work on all SQL verifiable sites.

HOW IT WORKS

Well imagine a password box.
Suppose you password was hello.
When it is read by the SQL engine its stored as 'hello'.
Do you see the 2 addition quotes?

Now lets take "our" password.
'or'1'='1

Now see what happens when the SQl engine reads it.
Its stored as ''or'1'='1'
The first 2 quotes cancel each other out, so
or'1'='1'
So by adding this statement to the end of an SQL query it checks whether the query is true through an OR statement.
Obviously '1' is equal '1', so the SQL engine thinks we've entered the correct password by simply adding an OR statement to the end of the query.

Note: This wont work for many sites, as security has been improved. However there are other sites online which can be hacked into using this technique.
This is merely meant for educational purposes only. I haven't added screenshots of the sites that can be hacked for obvious reasons.

If you liked this post please share, and give it a +1.
I'll be sure to post more soon.

Password through the dots

We all use Facebook. For most, its a part of their daily lives.
You all know that when we type a password, it comes up as small dots, preventing us from seeing the password.


Well theres actually a work around this.

Step 1: Type your password as seen in the first screen shot. As usual the dots come up

Step 2: Right click on the password text box and click 'inspect element'. (I'm on chrome, so it might be different for other browsers)

STEP 3: under the property input type, you'll see it set to 'password'. Simply set it to 'text' and voila! The dots will change into the password you typed.

How it works:

The <td> tag defines a standard cell in an HTML table. 
Inside this we have the property of "input type".
By default, its set to "password", which makes anything we type turn into dark colored circles obscuring our view.
By changing it to "text", it changes the dark colored circles into the text we typed.
See the screen shots.


Where is this hack used?
This is actually used many places.
When you're dealing with someone else whose beside you and he asks for you to enter your password be sure to always hit submit before handing back the laptop/phone to him.
A simple trick like this is enough for him to read your password. And with the email address automatically being
stored, you're practically gifting him your account details.

How to prevent this:
Always use incognito mode on your chrome browser. You can access this by cntrl+ shift+ n. This makes everything more secure and your details of everything you entered are automatically cleared on closing chrome.


Plus always remember to hit that submit button whenever you type in a password before handing the device to someone else.





If you found this interesting, please rate it up , share and subscribe. More articles will be up soon