METHODS OF HACKING WEBSITE:1. SQL I

METHODS OF HACKING THE WEBSITE:1. SQL INJECTION2. CROSS SITE SCRIPTING3. REMOTE FILE INCLUSION4. LOCAL FILE INCLUSION5. DDOS ATTACK6. EXPLOITING VULNERABILITY.1. SQL INJECTIONFirst of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.2. CROSS SITE SCRIPTINGCross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn't intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:• Search Engines• Login Forms• CommentCross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.I will explain this in detail in later hacking classes. So keep reading.3. REMOTE FILE INCLUSIONRemote file inclusion is the most often found vulnerability on the website.Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), which is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use localexploits to escalate his privileges and take over the whole system.RFI can lead to following serious things on the website:Code execution on the web serverCode execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).Denial of Service (DoS)Data Theft/Manipulation4. LOCAL FILE INCLUSION Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:www.target-site.com/index.php?p= ../../../../../../../etc/passwdI will explain it in detail with practical websites example in latter sequential classes on Website Hacking.5. DDOS ATTACKSimply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.6.EXPLOTING VULNERABILITYIts not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.I hope you all now have a overview of that what is Website Hacking. In consecutive future classes i will explain all of these techniques in details. So guys keep reading..

WEBSITE OF HACKING methods:
1. SQL INJECTION
2. Cross Site Scripting
3. REMOTE FILE Inclusion
4. LOCAL FILE Inclusion
5. DDOS ATTACK
6. Exploiting Vulnerability. 1. SQL INJECTION First of all what is SQL injection? SQL injection is a type of security exploit or loophole chứa a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits supplied Web client applications use SQL queries có. The primary form of SQL injection Consists of direct insertion of code Into user-input variables are concatenated with SQL commands có and executed. A less direct attack injects Malicious code strings được vào destined for storage in a table or as metadata. When the stored strings are subsequently concatenated dynamic SQL command vào, the Malicious code is executed. 2. Cross Site Scripting Cross site scripting (XSS) Malicious Occurs khi user inputs data Into a Website, Which Causes the application to do something it was not intended to do. XSS attacks are very Popular and some of the biggest websites added thêm được AFFECTED by the FBI, CNN, eBay, Apple, Microsft, and AOL. Some sites to XSS attacks Vulnerable commonly features are: • Search Engines • Login Forms • Comment Fields Cross-site scripting holes are web application vulnerabilities allow attackers to bypass có client-side security imposed on web content thường Mechanisms by modern browsers. By finding Into Ways of injecting Malicious scripts web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on Behalf of the user. Cross-site scripting attacks are therefore a special case of code injection. I will explain this in detail later in hacking classes. Compared keep reading .. 3. REMOTE FILE Inclusion Remote file inclusion vulnerability is the most often Do found on the website. Remote File Inclusion (RFI) Occurs khi remote files, Thường a shell (a graphical interface for browsing remote files and running code on a server Your Own), is Into a website included the hacker to execute đó cho phép server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue to use local on exploits to escalate his privileges and take over the whole system. RFI can lead to serious sau things on the website: Code execution on the web server code execution on the client-side JavaScript như mà can lead to other cross site scripting attacks như (XSS). Denial of Service (DoS) Data Theft / Manipulation 4. LOCAL FILE Inclusion Local File Inclusion (LFI) is khi có you to browse through the server abilities by means clustering of directory transversal. One of the most common is to discover LFI dùng of the / etc / passwd file. This file contains the user information of a Linux system. Vulnerable to Hackers find sites the same way I LFI Discussed for RFI's. Let's say a hacker found a site Vulnerable, www.target-site.com/index.php?p=about, by means clustering of directory transversal he would try to browse to the / etc / passwd file: www.target-site.com/index.php?p= ../../../../../../../etc/passwd I will explain it in websites with practical detail in example sequential classes on Website Hacking latter. 5. DDOS ATTACK Simply Distributed Denial of Service attack gọi. A denial-of-service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack) is an make a computer resource thử unavailable to intended users nó. Although the means to carry out, motives for, and targets of a DoS attack sewing vary, it Consists of the concerted efforts into Generally of a person or People to Prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack Consumes the bandwidth and resources chúng of any website and make it unavailable to legitimate users nó. 6.EXPLOTING Vulnerability Its not a new category of above five categories it comprises but i Mentioned it separately vì có mà vài exploits can not be covered in the above five categories. Than i will explain with examples added individually. The basic idea behind this is có find the vulnerability in the website and exploit it to get the admin or moderator privileges than can manipulate the things bạn Easily. I hope you all now have a overview of what is Website Hacking có. Print Consecutive future i will explain all classes of những TECHNIQUES in details. Compared guys keep reading ..