HomeclosedFAQRegisterLog in

Share | 
 

 Website hacking Methods

Go down 
AuthorMessage
V1P3R
WhiteHat Support
WhiteHat Support
avatar

Posts : 76
White Hat Points : 202
White Hat Reputation : 10
Join date : 2013-07-30

PostSubject: Website hacking Methods    Thu Aug 08, 2013 7:23 am

I gonna teach you some basic of website hacking
so first We gonna learn about website defacement

1) What is Website defacement ?

A website defacement is an attack on a website that changes the visual
appearance of the site. These are typically the work of system crackers,
who break into a web server and replace the hosted website with one of
their own.


A high-profile website defacement was carried out on the website of the
company SCO Group following its assertion that Linux contained stolen
code. The title of the page was changed from "Red Hat vs SCO" to "SCO vs
World," with various satirical content following



2) Terms to be used ---->


[SQL] - Structured Query Language

[LFI] - Local File Include

[RFI] - Remote File Include

[XSS] - Cross Site Scripting

[RCE] - Remote Code Execution

[AFD] - Arbitrary File Download

[SCD] - Source Code Disclosure

[PCI] - PHP Code Injection



3) Defacement techniques ?


I).Domain Hacking

II).FTP Protocol

III).Apache Vulnerable

IV).Script, Cookie, XSS

V).Social Engineering.

VI).SQL Injection

VII).RFI.





Now :-



I) What is Domain Hacking ?



A Domain hacking is a process to transfer domain(yahoo.com) without owner permission with help of phishing, sniffing,spoofing.



A domain hack is an unconventional domain name that combines domain
levels, especially the top-level domain (TLD), to spell out the full
"name" or title of the domain, making a kind of fun.





------->Domain Hacking process :--->



a) See who.is record of Slave(XXABCXX.net) DNS record and note

down admin email (xxabcxx@gmail/ymail/hotmail/live/[whatever apply this exception if possible admin(name)@XXABCXX.net] )

b) Send spoof mail to Slave admin email for password.

c) after open domain registrar ---->(my.india s.com)

<-----------website to access

their domain control panel (click forget password)

d) After you get a password in Slave email address of Slave domain.

e) Just login on domain control panel.

f) and get ECCP code and create new account on hosting company

and choose Domain transfer (all submit all details)

g) You will get all rights on this domain for lifetime.







II) What is FTP Protocol ?



The File Transfer Protocol (FTP) provides the basic elements of file
sharing between hosts. FTP uses TCP to create a virtual connection for
control information and then creates a separate TCP connection for data
transfers. The control connection uses an image of the TELNET protocol
to exchange commands and messages between hosts.

for detail check this Detail about FTP



III) What is XSS ?



XSS is a type of computer security vulnerability typically found in web
applications which allow code injection by malicious web users into the
web pages viewed by other users.

Cross Site Scripting is a technique used to add script to a trusted site that will be executed

on other users browsers. A key element to XSS is that one user can submit data to a

website that will later be displayed for other users. It is nessesary that the bad guy NOT

mess up the HTML structure, otherwise the result will be web defacement rather then

attacking other users.



IV) What is Social Engineering ?



Social engineering is the act of manipulating people into doing actions
or exposing confidential information. It's trickery or deception to
gather information, fraud, or computer system access

where in the hacker never comes face-to-face with the Slave. Here are

I don't want to make my thread so big in size so i helped myself by

LINK



V) What is SQL injection ?



SQL injection is a type of security exploit in which the attacker

injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data.

It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database.



-------------->Preventing SQL Injection<-------------------

To protect against SQL injection, user input must not directly be
embedded in SQL statements. Instead, parameterized statements must be
used (preferred), or user input must be carefully escaped or filtered.





VI) What is RFI ?



Remote File Inclusion attacks allow malicious users to run their own PHP
code on a vulnerable website. The attacker is allowed to include his
own (malicious) code in the space provided for PHP programs on a web
page.

_________________
Mess with the Best, Die like the Rest
Back to top Go down
 
Website hacking Methods
Back to top 
Page 1 of 1
 Similar topics
-
» Online toybuying website
» Mattel's new Collector Website and online Store
» CUTEST WEBSITE EVER!
» Toonstruck 2 will be released if you want it bad enough!
» This Website is Worth??

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical White Hat Hackers :: White Hat Hackers Community :: Hacking & Security Tutorials-
Jump to: