NOTE: Hacking is a
illegal activity so don't try on anyone. this tutorial is Only for educational
purpose. If you want to use this tutorial for miscellaneous purpose please stop
reading.
Top
Way To Hack a Website
Information
Gathering
(1st Read This Properly)
When
you are going to hunt a website down then you must know what really you are
going to deal with, if you know your enemy which you are going to face then you
can prepare yourself for that. So this is why Information Gathering is the
first phase of Penetration testing. But now arise the question what information
are we going to collect and where are we going to get that information from.
"Where and how", Well i will tell you both of these things step by
step of Information Gathering. But in this tutorial we will understand that
what we are targeting to achieve via Information Gathering and how that
information is going to help us in our Penetration testing. Read More...
SQL Injection
Structured
Query Language is Known as SQL. In order to communicate with the Database ,we
are using SQL query. We are querying the database so it is called as Query
language. SQL is a tool for organizing, managing, and retrieving data stored by
a computer database. The name “SQL” is an abbreviation for Structured Query
Language. For historical reasons, SQL is usually pronounced “sequel,” but the
alternate pronunciation “S.Q.L.” is also used. As the name implies, SQL is a
computer language that you use to interact with a database. In fact, SQL works
with one specific type of database, called a relational database.
(CMS)
Content Management System Web Hacking(Wordpree,Drupal.Joomla,Magento,Opencart
etc.)
A Web
Content Management System (WCMS) is a program that helps in maintaining,
controlling, changing and reassembling the content on a web page.
XSS (Cross
Side Scripting )
Cross
Site Scripting also known as XSS , is one of the most common web appliction
vulnerability that allows an attacker to run his own client side
scripts(especially Javascript) into web pages viewed by other users. In a
typical XSS attack, a hacker inject his malicious javascript code in the
legitimate website . When a user visit the specially-crafted link , it will
execute the malicious javascript. A successfully exploited XSS vulnerability
will allow attackers to do phishing attacks, steal accounts and even worms. ...
LFI (Local
File Inclusion)
Local File Inclusion (LFI) is similar to a Remote File Inclusion
vulnerability except instead of including remote files, only local files i.e.
LFI stands for Local File Inclusion. LFI is a type of web-application security
vulnerability. LFI is only one of many web-application security
vulnerabilities. Web-applications is applications you can view and interact
with in your web browser.
RFI
Remote File Inclusion is a method used to gain full access to a
website. The exploit relies on the PHP include() function. RFI can manifest
itself in other environments and was in fact introduced initially as
"SHTML injection". RFI works by exploiting applications that
dynamically reference external scripts indicated by user input without proper
sanitation. As a consequence, the application can be instructed to include a
script hosted on a remote server and thus execute code controlled by an
attacker. This can lead to something as minimal as outputting the contents of
the file, but depending on the severity, to list a few it can lead to:
HTML
Website Hacking And Copy Any Website
HTTRACK is allow to Copy any website and browse offline save a all html page in your computer hard disk you can visit they site without internet.
HTTRACK is allow to Copy any website and browse offline save a all html page in your computer hard disk you can visit they site without internet.
Click
Jacking
Click jacking is the process of hijacking a user's click in a web
browser and redirect it to do an entirely different action than desired by the
user naturally. The way this is done is by creating a visual illusion i-e
victim is fooled in another way, where the user is not able to see the real
item he is clicking, instead he is made to believe that he clicking something
entirely different.
Shell
Hacking
Shell hacking is a very importent part if you upload our shell any website that mean you'r now fully control other way shell same like a c panel .
Shell hacking is a very importent part if you upload our shell any website that mean you'r now fully control other way shell same like a c panel .
Remote
Code Execution
RFI stands for Remote File Inclusion that allows the attacker to
upload a custom coded/malicious file on a website or server using a script. RFI
is a common vulnerability and trust me all website hacking is not exactly about
SQL injection. Using RFI you can literally deface the websites, get access to
the server and do almost anything.
Sniffing
Social Engineering
Trojans/backdoors
Stealer's
Botnets
Middle Attacks
Legal Disclaimer : This tutorial is completely for educational purpose only. For any misuse of this tutorial by any means the author will not be held responsible.
If you have any queries Please comment my posts.
0 Comments