I gonna teach you some basic of website hacking
so first We gonna learn about website defacement
1) What is Website defacement ?
A website defacement is an attack on a website that changes the visual
appearance of the site. These are typically the work of system crackers,
who break into a web server and replace the hosted website with one of
their own.
A high-profile website defacement was carried out on the website of the
company SCO Group following its assertion that Linux contained stolen
code. The title of the page was changed from "Red Hat vs SCO" to "SCO vs
World," with various satirical content following
2) Terms to be used ---->
[SQL] - Structured Query Language
[LFI] - Local File Include
[RFI] - Remote File Include
[XSS] - Cross Site Scripting
[RCE] - Remote Code Execution
[AFD] - Arbitrary File Download
[SCD] - Source Code Disclosure
[PCI] - PHP Code Injection
3) Defacement techniques ?
I).Domain Hacking
II).FTP Protocol
III).Apache Vulnerable
IV).Script, Cookie, XSS
V).Social Engineering.
VI).SQL Injection
VII).RFI.
Now :-
I) What is Domain Hacking ?
A Domain hacking is a process to transfer domain(yahoo.com) without owner permission with help of phishing, sniffing,spoofing.
A domain hack is an unconventional domain name that combines domain
levels, especially the top-level domain (TLD), to spell out the full
"name" or title of the domain, making a kind of fun.
------->Domain Hacking process :--->
a) See who.is record of Slave(XXABCXX.net) DNS record and note
down admin email (xxabcxx@gmail/ymail/hotmail/live/[whatever apply this exception if possible admin(name)@XXABCXX.net] )
b) Send spoof mail to Slave admin email for password.
c) after open domain registrar ---->(my.india s.com)
<-----------website to access
their domain control panel (click forget password)
d) After you get a password in Slave email address of Slave domain.
e) Just login on domain control panel.
f) and get ECCP code and create new account on hosting company
and choose Domain transfer (all submit all details)
g) You will get all rights on this domain for lifetime.
II) What is FTP Protocol ?
The File Transfer Protocol (FTP) provides the basic elements of file
sharing between hosts. FTP uses TCP to create a virtual connection for
control information and then creates a separate TCP connection for data
transfers. The control connection uses an image of the TELNET protocol
to exchange commands and messages between hosts.
for detail check this Detail about FTP
III) What is XSS ?
XSS is a type of computer security vulnerability typically found in web
applications which allow code injection by malicious web users into the
web pages viewed by other users.
Cross Site Scripting is a technique used to add script to a trusted site that will be executed
on other users browsers. A key element to XSS is that one user can submit data to a
website that will later be displayed for other users. It is nessesary that the bad guy NOT
mess up the HTML structure, otherwise the result will be web defacement rather then
attacking other users.
IV) What is Social Engineering ?
Social engineering is the act of manipulating people into doing actions
or exposing confidential information. It's trickery or deception to
gather information, fraud, or computer system access
where in the hacker never comes face-to-face with the Slave. Here are
I don't want to make my thread so big in size so i helped myself by
LINK
V) What is SQL injection ?
SQL injection is a type of security exploit in which the attacker
injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data.
It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database.
-------------->Preventing SQL Injection<-------------------
To protect against SQL injection, user input must not directly be
embedded in SQL statements. Instead, parameterized statements must be
used (preferred), or user input must be carefully escaped or filtered.
VI) What is RFI ?
Remote File Inclusion attacks allow malicious users to run their own PHP
code on a vulnerable website. The attacker is allowed to include his
own (malicious) code in the space provided for PHP programs on a web
page.
Post a Comment