Everyday, you search in Google, Yahoo, and other search engines,
"How to Hack Websites?", "Methods to Hack Website", "Website Hacking",
etc. Website Hacking have become a popular business or rather an
interesting game for many people, reasons behind this hack is normally
to prove their skills and to get fame, or anything else. As we know, "To catch a thief, we must think like a thief", like
here also, we can conclude that to secure a things, we must first
find insecure in it, then we can proceed on securing. So, before
proceeding to the topic of securing we must first know what is insecure
in it.
There are many drawbacks by which websites are compromised,
these is normally due to the poor management of site by the webmaster or
admin.
So, the methods by which websites are hacked are:
- Cross-Site Scripting
- SQL Injection
- Remote File Inclusion
- Local File Inclusion
- Denial of Service Attack
- Brute-Force Attack
These are some of the common methods to hack a website, let's discuss them below.
- Cross-site Scripting:
Cross-Site Scripting is a type of attack in which a hacker inject
script into webpages. Their effect may range from a pretty nuisance to a
significant security risk. By this way of injecting codes into
webpages, a hacker can gain access to sensitive page content, session
cookies, and a variety of other information which are maintained by the
browser on behalf of the user. - SQL Injection:
SQL stands for Structured Query Language, SQL Injection is a another
type of web application vulnerability occurring in the database layer of
an application. It is mostly used for stealing sensitive data (like
Username, Password, Email ID, many more). It takes advantages of
improper coding in the web application that allow the attacker to inject
SQL commands. - Remote File Inclusion:
Remote File Inclusion (RFI) allows an attacker to include a remote
file, usually through a script on the web server. A hacker usually
upload a file (normally a shell) by tricking the web server on the
webpage. - Local File Inclusion:
A Local File Inclusion (LFI) is a method to include local files on
runtime. This is much same like RFI. This method involves the
discovering of /etc/passwd/ file in the web directory. - Denial of Service Attack:
Denial of Service Attack (DoS attack) or Distributed Denial of Service
attack(DDoS attack) is an attempt to make the computer resource
unavailable to its users. These are the common attack nowadays, its main
purpose is to obstruct the communication of the victim's computer by
forcing the targeted computer(s) to reset. - Brute-Force Attack:
Brute-Force Attack is a method in which an attacker tries to crack
every possible letters of the password until the whole password is
cracked. The main drawback of this attack is that it takes too much time
while cracking the password, as it tries every possible character which
can be a part of the password.
There are many other ways too for taking over a site, but these are nowadays very common.
Some others methods are DNS Hijacking, Insufficient Administration, Misconfiguration, Uses of Trojans, many more.
My
advice to all the webmaster or admin is to check their site against
these vulnerabilities as to protect them from future attacks.
I hope u really enjoy it !!
No comments:
Post a Comment