Hacking a website not only means taking the whole control of website but can be either changing the website datas or make the website down by making denial of serviceattack.Here in this article we will see some possible ways of attacking a website.A website can be attacked in any one of the following ways.
Password Cracking
Simple SQL Injection Hack
Brute force attack for servers
Denial of service
PASSWORD CRACKING
The first and foremost thing that every hacker must need to hack a website is the hostingIP address of the website.You can directly find the IP address of any website from yourcommand prompt itself.
1. For that open command prompt (window + r) and type cmd and hit enter.
2. Type the following command followed by the URL of the website
nslookup URL addressFor example
nslookup www.realhackings.comand hit enter.you can see a window as shown below with the ip address of the website
Now you have got the IP address of the website.next step is to scan the IP we have got just now to see which protocols the Website at this IP is using
For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.
In the above image FTP is shown,That means this website is using FTP to access to its servers.just double click on the FTP to see a window as shown below
Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to dobrute force attack
BRUTE FORCE ATTACK
In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters
Denial of service ( Ddos attack ):
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking
SQL INJECTION
SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applicationswork.
NOTE: This is only for the website owners to test their websites for different vulnerabilities and to enable maximum security.
Simple SQL Injection Hack
Brute force attack for servers
Denial of service
PASSWORD CRACKING
The first and foremost thing that every hacker must need to hack a website is the hostingIP address of the website.You can directly find the IP address of any website from yourcommand prompt itself.
1. For that open command prompt (window + r) and type cmd and hit enter.
2. Type the following command followed by the URL of the website
nslookup URL addressFor example
nslookup www.realhackings.comand hit enter.you can see a window as shown below with the ip address of the website
For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.
Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to dobrute force attack
BRUTE FORCE ATTACK
In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters
Denial of service ( Ddos attack ):
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking
SQL INJECTION
SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applicationswork.
NOTE: This is only for the website owners to test their websites for different vulnerabilities and to enable maximum security.
0 comments:
Post a Comment