So in this post instead of teaching you a way to hack a part of a site, I thought i'd be interesting how professional hackers could actually hack your sites. This is a post, to describe various hacks in the easiest and most simplistic way I can.
Here are a few
1) The Denial-of-Service Attack:
Ah yes, you've probably heard of this hack as it comes up in the papers all the time. But what exactly is a DOS attack? Simple. The denial of service attack makes a machine or a network's services to be down and aren't available to users.
During this time gap, hackers will use the site to their advantage or may target specific parts of the site for their own use.
One way of carrying out a DOS attack is to flood the network with a large number of packets filling up the network's bandwidth. This may cause the CPU to run out of resources, thus causing the network to go down and allow for an easy attack.
2) Injection attacks :
If you've been following my blog, you would already be familiar with this attack.
This happens due to flaws within SQL databases. This was my first method I learned in hacking when I didnt know the password to my id at college.
When it verified the password I injected ('or'1'='1) it'll validate to true, giving me access to the database.
There are several different types of injection, especially with command like UNION ALL SELECT to give you a large amount of info extracted from websites. This is the foundation for hacking.
3) Cross Site Scripting :
Here the hacker programs malicious content (maybe in HEX to make it look less suspicious) within a link found on a forum, chat, or blog page. The unaware user clicks on this link and it runs on the browser. The attacker can easily steal information in this way or may steal a user's session. It could steal a user's cookies and send them to the hacker. Yikes!
For example the hacker could embed code within the HTML making users enter their user name and password to the hackers site. But the user must click on the suspicious link set out by the attacker first.
4) Remote code attacks:
These kind of attacks are due to small scripts or malware. Its usually found due to vulnerabilities within directories that haven't been used either on the server or client. Nothing really special here.
5) Click jacking:
I really find this hack beautiful. The attacker actually uses multiple layers of say a text box. So the unaware user might be thinking he's typing in his password into the textbox of that site, however he's actually typing in the textbox set by the hacker. This hack takes patience and careful constructions of frames, etc.
6) Cache hacks:
This one's also kind of interesting. We all know how DNS works. If you want google.com you'll use the DNS server and it'll give you the IP to where google.com is located. But what if a hacker took over a DNS server? He could easily change one of those cache values to a website that he owns. So when you hit google.com, you're actuallly being sent to an IP that the hacker has set. Real serious.
These are the main ones I know. I'll be sure to update them as I learn more.
Please rate and subscribe.
Here are a few
1) The Denial-of-Service Attack:
Ah yes, you've probably heard of this hack as it comes up in the papers all the time. But what exactly is a DOS attack? Simple. The denial of service attack makes a machine or a network's services to be down and aren't available to users.
During this time gap, hackers will use the site to their advantage or may target specific parts of the site for their own use.
One way of carrying out a DOS attack is to flood the network with a large number of packets filling up the network's bandwidth. This may cause the CPU to run out of resources, thus causing the network to go down and allow for an easy attack.
2) Injection attacks :
If you've been following my blog, you would already be familiar with this attack.
This happens due to flaws within SQL databases. This was my first method I learned in hacking when I didnt know the password to my id at college.
When it verified the password I injected ('or'1'='1) it'll validate to true, giving me access to the database.
There are several different types of injection, especially with command like UNION ALL SELECT to give you a large amount of info extracted from websites. This is the foundation for hacking.
3) Cross Site Scripting :
Here the hacker programs malicious content (maybe in HEX to make it look less suspicious) within a link found on a forum, chat, or blog page. The unaware user clicks on this link and it runs on the browser. The attacker can easily steal information in this way or may steal a user's session. It could steal a user's cookies and send them to the hacker. Yikes!
For example the hacker could embed code within the HTML making users enter their user name and password to the hackers site. But the user must click on the suspicious link set out by the attacker first.
4) Remote code attacks:
These kind of attacks are due to small scripts or malware. Its usually found due to vulnerabilities within directories that haven't been used either on the server or client. Nothing really special here.
5) Click jacking:
I really find this hack beautiful. The attacker actually uses multiple layers of say a text box. So the unaware user might be thinking he's typing in his password into the textbox of that site, however he's actually typing in the textbox set by the hacker. This hack takes patience and careful constructions of frames, etc.
6) Cache hacks:
This one's also kind of interesting. We all know how DNS works. If you want google.com you'll use the DNS server and it'll give you the IP to where google.com is located. But what if a hacker took over a DNS server? He could easily change one of those cache values to a website that he owns. So when you hit google.com, you're actuallly being sent to an IP that the hacker has set. Real serious.
These are the main ones I know. I'll be sure to update them as I learn more.
Please rate and subscribe.
No comments:
Post a Comment